From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1VMYWK-00055I-GT for mharc-grub-devel@gnu.org; Thu, 19 Sep 2013 03:19:24 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:48360) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VMYWB-00054G-0B for grub-devel@gnu.org; Thu, 19 Sep 2013 03:19:23 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1VMYW2-00059M-5L for grub-devel@gnu.org; Thu, 19 Sep 2013 03:19:14 -0400 Received: from mail-ee0-x22a.google.com ([2a00:1450:4013:c00::22a]:45149) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1VMYW1-000598-Uh for grub-devel@gnu.org; Thu, 19 Sep 2013 03:19:06 -0400 Received: by mail-ee0-f42.google.com with SMTP id b45so4019716eek.1 for ; Thu, 19 Sep 2013 00:19:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=9idFLkCpqINZfc7FQkDRY+I/VOMCcZQUMmRsYaKiZvw=; b=K7VK9dvzpd1qugtX6CEswpMObeH1UDYw9HzuGSAUK7QEpnloAwKcGcPwdQIR1t4DhR qVnZ9MN+aCGFlLh3nau1ceccoLYGLMEyFX2tBQ8ZzQ2v0uHY17X+Zzb5gZOAZk7mYE/N lqAcZLSVHPLuLllG+pprb9Cgu3DVXSUNXBQLgo4g97P8aQJrx6HUoozuh5WLTsVpOY0p KcDWr/OFo29FIIC4b6yk2W2sdEjyZrZ4wMhb2IUR2SJXeC43+r0GOm6PbH/hNRp2NDin 1mJA44Bz282kYM3bWsIOGu2vlJDTV6gHfcavQR+mW0h6wyzVmaKGSyvWS1ehus662R5n nmww== X-Received: by 10.14.193.198 with SMTP id k46mr180457een.128.1379575145192; Thu, 19 Sep 2013 00:19:05 -0700 (PDT) Received: from [192.168.42.249] (25-227.197-178.cust.bluewin.ch. [178.197.227.25]) by mx.google.com with ESMTPSA id bn13sm8909772eeb.11.1969.12.31.16.00.00 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 19 Sep 2013 00:19:04 -0700 (PDT) Message-ID: <523AA55F.4030604@gmail.com> Date: Thu, 19 Sep 2013 09:18:55 +0200 From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130821 Icedove/17.0.8 MIME-Version: 1.0 To: The development of GNU GRUB Subject: Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce References: <1378484333-13577-1-git-send-email-jonmccune@google.com> <1378484333-13577-3-git-send-email-jonmccune@google.com> <20130906234845.4eb45795@opensuse.site> <20130907133350.0a9f7c5d@opensuse.site> In-Reply-To: <20130907133350.0a9f7c5d@opensuse.site> X-Enigmail-Version: 1.5.1 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="----enig2MTHXIAEVMWADPAAOTFPB" X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2a00:1450:4013:c00::22a X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: The development of GNU GRUB List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 Sep 2013 07:19:23 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) ------enig2MTHXIAEVMWADPAAOTFPB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07.09.2013 11:33, Andrey Borzenkov wrote: > So just use another environment block for untrusted variables, that's > all. I do not see why any change in sources is required. Trouble is that right now we unconditionally load all variables from block, whether trusted or not. So by modifying untrusted but loaded block you can override core variables i.a. check_signatures. That's why some ability to filter is required. ------enig2MTHXIAEVMWADPAAOTFPB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iF4EAREKAAYFAlI6pV8ACgkQNak7dOguQgmYzAD/c/GcHJg7ftH9NTojQZ85OOGR fIRuzRpCWqgwzLDY5hkA+gIaM+5z9yULpR8IuIP+RCSuRKxQX2q6mqE/buCdAZM8 =Ij4C -----END PGP SIGNATURE----- ------enig2MTHXIAEVMWADPAAOTFPB--