From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1VYJN1-0001HM-Rc
	for mharc-grub-devel@gnu.org; Mon, 21 Oct 2013 13:34:23 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:55404)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYJMr-00011O-93
	for grub-devel@gnu.org; Mon, 21 Oct 2013 13:34:21 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYJMg-0007qq-EJ
	for grub-devel@gnu.org; Mon, 21 Oct 2013 13:34:13 -0400
Received: from mail-wi0-x236.google.com ([2a00:1450:400c:c05::236]:45274)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYJMg-0007qQ-5P
	for grub-devel@gnu.org; Mon, 21 Oct 2013 13:34:02 -0400
Received: by mail-wi0-f182.google.com with SMTP id ez12so4400887wid.3
	for <grub-devel@gnu.org>; Mon, 21 Oct 2013 10:34:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type;
	bh=iAkuhY/4r15BXshV29GKPjS1UJkgIQ6IqR7cLTNl0uE=;
	b=OMjEkcev+FcyBL8LMeWHqsD2ZJIMNTnZrXHHYkyDlVCDkUQEQ3w60cjoWRsPuMMAkM
	diZyM4Y7Jo9+ckQkFFQjajqgr2qnrQcNxA6uyqLS3F4q3MH1NRy8U3GEQVSdbSjTHKLz
	fBGZX21gMgzxz2ZkM4hnLS11z6AbWRYfjbeF77rGp1sAxl+S1k88cC6yBaxmzbrmRkou
	nad+TITcIieacua3opPqTvqaQMjk+asSx+HkL12BREIBxr6ugPZHJsMk9zzlhK9boj1F
	SDreDMAZOkELzIUgylqNvJc+LBEBeOPTuikyPm4lyolToE/GAQteQcU11RNj+kYNYVHP
	UuSw==
X-Received: by 10.180.198.44 with SMTP id iz12mr10834042wic.32.1382376841337; 
	Mon, 21 Oct 2013 10:34:01 -0700 (PDT)
Received: from [192.168.1.16] (31-249.1-85.cust.bluewin.ch. [85.1.249.31])
	by mx.google.com with ESMTPSA id
	bs15sm57808908wib.10.2013.10.21.10.34.00 for <grub-devel@gnu.org>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Mon, 21 Oct 2013 10:34:00 -0700 (PDT)
Message-ID: <52656587.6040201@gmail.com>
Date: Mon, 21 Oct 2013 19:33:59 +0200
From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?=
	<phcoder@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20131005 Icedove/17.0.9
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: RFC: should the 'trust' and 'verify_detached' commands respect
	'check_signatures=enforce'?
References: <CADtfRCUUA_h4+VmoBiSj+qX2FD-XrQMqFcW8nSboo0ZoRNGyZA@mail.gmail.com>
	<52605A25.5040300@gmail.com>
	<20131018064404.4f7983fc@opensuse.site>
In-Reply-To: <20131018064404.4f7983fc@opensuse.site>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2IJKKCSGNBFQTXSBVNJDV"
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:400c:c05::236
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 17:34:21 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2IJKKCSGNBFQTXSBVNJDV
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 18.10.2013 04:44, Andrey Borzenkov wrote:
> =D0=92 Thu, 17 Oct 2013 23:44:05 +0200
> Vladimir '=CF=86-coder/phcoder' Serbinenko <phcoder@gmail.com> =D0=BF=D0=
=B8=D1=88=D0=B5=D1=82:
>=20
>> On 17.10.2013 20:28, Jonathan McCune wrote:
>>> Presently the 'trust' and 'verify_detached' commands disable all filt=
ers
>>> (e.g., verify.c:grub_cmd_trust() calls grub_file_filter_disable_all()=
)
>>> when opening a file containing a public key (note the distinction fro=
m
>>> verify_detached implicitly using an already-loaded key).
>>
>> This is the intended behaviour. Usecase to manually add keys when
>> needed. Your proposal is for other usecases which would probably requi=
re
>> special arguments or separate functions.
>>
>=20
> This has the same MITM problem we already discussed and that was fixed
> if pubkey filter is used - you cannot actually know that key you trust
> is the same as key you verified. So I think that at least by default
> "trust" should not disable pubkey filter.
>=20
> verify_detached probably should, but may be only for file that is
> verified itself, bit for pubkey.
>=20
I didn't oppose to a command or options having the described
functionality. Thinking about it, I have to agree that default behaviour
should be paranoid with options to relax it. Would you or Jonathan
prepare a patch to change the behaviour with an option to restore
current behaviour?


------enig2IJKKCSGNBFQTXSBVNJDV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iF4EAREKAAYFAlJlZYcACgkQNak7dOguQgkIxQEArmfVr3uydzNYJcqvVGzU0o2O
2EuV4exHjPwDFzPb5WcBAKEk1BGwzA7g/1y+LJlm27mxn9NoJPYJd0mrdeXRqrh8
=l5Yu
-----END PGP SIGNATURE-----

------enig2IJKKCSGNBFQTXSBVNJDV--