[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH v4 3/4] save_env should work, even if check_signatures=enforce
|
From: |
Jon McCune |
|
Subject: |
[PATCH v4 3/4] save_env should work, even if check_signatures=enforce |
|
Date: |
Tue, 24 Sep 2013 19:00:31 -0700 |
This is accomplished by changing the call used to read the environment
block file to avoid being subject to signature checks. The contents that
are read from the file are discarded, as the only purpose of reading the
file is to construct the blocklist to which the new environment block
will be written. Thus, the actual contents of the file do not pose a
security risk.
Signed-off-by: Jon McCune <address@hidden>
---
grub-core/commands/loadenv.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/grub-core/commands/loadenv.c b/grub-core/commands/loadenv.c
index 16aafbf..05157df 100644
--- a/grub-core/commands/loadenv.c
+++ b/grub-core/commands/loadenv.c
@@ -372,7 +372,7 @@ grub_cmd_save_env (grub_extcmd_context_t ctxt, int argc,
char **args)
if (!argc)
return grub_error (GRUB_ERR_BAD_ARGUMENT, "no variable is specified");
- file = open_envblk_file ((state[0].set) ? state[0].arg : 0);
+ file = open_envblk_file_untrusted ((state[0].set) ? state[0].arg : 0);
if (!file)
return grub_errno;
--
1.8.4