From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VI21j-0001qq-US for mharc-grub-devel@gnu.org; Fri, 06 Sep 2013 15:49:07 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46103) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VI21Y-0001nL-IZ for grub-devel@gnu.org; Fri, 06 Sep 2013 15:49:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VI21Q-0008A8-4h for grub-devel@gnu.org; Fri, 06 Sep 2013 15:48:56 -0400 Received: from mail-lb0-x22f.google.com ([2a00:1450:4010:c04::22f]:36013) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VI21P-00089u-Os for grub-devel@gnu.org; Fri, 06 Sep 2013 15:48:48 -0400 Received: by mail-lb0-f175.google.com with SMTP id y6so3221163lbh.20 for ; Fri, 06 Sep 2013 12:48:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=date:from:to:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; bh=mvnqCHBG5JIO6GPccUKvvpyTkWDW3A6hK9Bfop5xsGc=; b=vXATrxXKRRsJBYsYcUsasdUEmk1iKDjNUTRm7EkM54xaAi82/F4wcBcMk4nnRfCK6N EXfwBIZlfeUcekPFleuNN8jJTuWfiifyLkzjAG/vuEZMPNYGqvmemAeIX9zb5KJOPTID D349z4NrH+teQUWow/qoIqE2mm4wrKzilxvHc+RRW4bnzy/j2I5kUBPPyxjZW7lNpHxq vrDdu/OUPBXMAMmcti/h5rr7ss+CfrJUYFpRcONiqCWx16LMdcOzh1mBKlMZRd7M9u5p u8lk6dZdIA0lwi2jNHp9hZlA5nEFla9IV4B9brPjfI3YAmSFNcPWmMn78KoYd/OkO8xc 1NaQ== X-Received: by 10.112.155.39 with SMTP id vt7mr4086885lbb.29.1378496926575; Fri, 06 Sep 2013 12:48:46 -0700 (PDT) Received: from opensuse.site (ppp79-139-160-84.pppoe.spdop.ru. [79.139.160.84]) by mx.google.com with ESMTPSA id b6sm2109736lae.0.1969.12.31.16.00.00 (version=SSLv3 cipher=RC4-SHA bits=128/128); Fri, 06 Sep 2013 12:48:46 -0700 (PDT) Date: Fri, 6 Sep 2013 23:48:45 +0400 From: Andrey Borzenkov To: grub-devel@gnu.org Subject: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce Message-ID: <20130906234845.4eb45795@opensuse.site> In-Reply-To: <1378484333-13577-3-git-send-email-jonmccune@google.com> References: <1378484333-13577-1-git-send-email-jonmccune@google.com> <1378484333-13577-3-git-send-email-jonmccune@google.com> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.18; x86_64-suse-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 8bit X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4010:c04::22f X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Sep 2013 19:49:05 -0000 В Fri, 6 Sep 2013 09:18:50 -0700 Jon McCune пишет: > This works by adding an open_envblk_file_untrusted() method that bypasses > signature checking, but only if the invocation of load_env includes a > whitelist of one or more environment variables that are to be read from the > file. What is the use case? load_env is called exactly once at the beginning of configfile processing. At this point file still has valid signature assuming grub-editenv (or some other tool) computed one. When do you need to load environment more than once?