From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from list by lists.gnu.org with archive (Exim 4.71)
	id 1VYNFf-0004Ji-0W
	for mharc-grub-devel@gnu.org; Mon, 21 Oct 2013 17:43:03 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53604)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYNFY-0004JF-2b
	for grub-devel@gnu.org; Mon, 21 Oct 2013 17:43:01 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYNFR-0002L0-7t
	for grub-devel@gnu.org; Mon, 21 Oct 2013 17:42:56 -0400
Received: from mail-ee0-x235.google.com ([2a00:1450:4013:c00::235]:35005)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <phcoder@gmail.com>) id 1VYNFQ-0002Kq-TH
	for grub-devel@gnu.org; Mon, 21 Oct 2013 17:42:49 -0400
Received: by mail-ee0-f53.google.com with SMTP id t10so3996361eei.12
	for <grub-devel@gnu.org>; Mon, 21 Oct 2013 14:42:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type;
	bh=a7l+pAXbvxQ73ne3zvSLq8eDwvukKrBgGZ8pnOcoV1U=;
	b=vV8Mrqtwt2RDcCjq5+onT3/11YsxSBEBgTcD0Rc8TLiyIX7WTe35GECd9tvyhwwn9y
	IzNni0PcpeGEUMDB2Z1v8Adgyjpcev3ALN08WUEGxJ5tDYgAo0a2ww26VFyzNd0VL091
	8hEEl8xMVWRXVwCWqSwWYnVPE0044LEkCRCuuijj5Nd5UQuvILgDI0IdswI8zEl1XTWg
	GeumbDX4uN4N6wuDkpxkkyuXRqHYWuzfoaRqa6gcDCyrFuWGZrliH2HYMclUK+yg26EV
	opt4j7fYaSzAjPt4P+ONJbtTaRLCn9aO6i/IbCEgpCpn8Sq6duf6PTZXp/FnyHp0jg5t
	8NNA==
X-Received: by 10.14.183.130 with SMTP id q2mr4607376eem.64.1382391768010;
	Mon, 21 Oct 2013 14:42:48 -0700 (PDT)
Received: from [192.168.1.16] (31-249.1-85.cust.bluewin.ch. [85.1.249.31])
	by mx.google.com with ESMTPSA id
	bn13sm48484689eeb.11.2013.10.21.14.42.46 for <grub-devel@gnu.org>
	(version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128);
	Mon, 21 Oct 2013 14:42:47 -0700 (PDT)
Message-ID: <52659FD6.9040107@gmail.com>
Date: Mon, 21 Oct 2013 23:42:46 +0200
From: =?UTF-8?B?VmxhZGltaXIgJ8+GLWNvZGVyL3BoY29kZXInIFNlcmJpbmVua28=?=
	<phcoder@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20131005 Icedove/17.0.9
MIME-Version: 1.0
To: grub-devel@gnu.org
Subject: Re: RFC: should the 'trust' and 'verify_detached' commands respect
	'check_signatures=enforce'?
References: <CADtfRCUUA_h4+VmoBiSj+qX2FD-XrQMqFcW8nSboo0ZoRNGyZA@mail.gmail.com>
	<52605A25.5040300@gmail.com>
	<20131018064404.4f7983fc@opensuse.site>
	<52656587.6040201@gmail.com>
	<CADtfRCX2ptTNphUA8_eAkKqj=eLXXjwXFydGaDum=Lv-MZ8Mpg@mail.gmail.com>
In-Reply-To: <CADtfRCX2ptTNphUA8_eAkKqj=eLXXjwXFydGaDum=Lv-MZ8Mpg@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2XGDQEWQQVAAJFRLNHXGA"
X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address
	(bad octet value).
X-Received-From: 2a00:1450:4013:c00::235
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.14
Precedence: list
Reply-To: The development of GNU GRUB <grub-devel@gnu.org>
List-Id: The development of GNU GRUB <grub-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2013 21:43:01 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2XGDQEWQQVAAJFRLNHXGA
Content-Type: multipart/mixed;
 boundary="------------020608050802000805010708"

This is a multi-part message in MIME format.
--------------020608050802000805010708
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 21.10.2013 19:44, Jonathan McCune wrote:
> On Mon, Oct 21, 2013 at 10:33 AM, Vladimir '=CF=86-coder/phcoder' Serbi=
nenko
> <phcoder@gmail.com <mailto:phcoder@gmail.com>> wrote:
>=20
>     On 18.10.2013 04:44, Andrey Borzenkov wrote:
>     > =D0=92 Thu, 17 Oct 2013 23:44:05 +0200
>     > Vladimir '=CF=86-coder/phcoder' Serbinenko <phcoder@gmail.com
>     <mailto:phcoder@gmail.com>> =D0=BF=D0=B8=D1=88=D0=B5=D1=82:
>     >
>     >> On 17.10.2013 20:28, Jonathan McCune wrote:
>     >>> Presently the 'trust' and 'verify_detached' commands disable al=
l
>     filters
>     >>> (e.g., verify.c:grub_cmd_trust() calls
>     grub_file_filter_disable_all())
>     >>> when opening a file containing a public key (note the
>     distinction from
>     >>> verify_detached implicitly using an already-loaded key).
>     >>
>     >> This is the intended behaviour. Usecase to manually add keys whe=
n
>     >> needed. Your proposal is for other usecases which would probably=

>     require
>     >> special arguments or separate functions.
>     >>
>     >
>     > This has the same MITM problem we already discussed and that was =
fixed
>     > if pubkey filter is used - you cannot actually know that key you =
trust
>     > is the same as key you verified. So I think that at least by defa=
ult
>     > "trust" should not disable pubkey filter.
>     >
>     > verify_detached probably should, but may be only for file that is=

>     > verified itself, bit for pubkey.
>     >
>     I didn't oppose to a command or options having the described
>     functionality. Thinking about it, I have to agree that default beha=
viour
>     should be paranoid with options to relax it. Would you or Jonathan
>     prepare a patch to change the behaviour with an option to restore
>     current behaviour?
>=20
>=20
> How about addressing this by adding a --skip-sig option to both trust
> and verify_detached, that disables signature checking for the loaded
> public key?  This would be similar in structure to the --skip-sig optio=
n
> to load_env, and the consistent use of --skip-sig would hopefully make
> things easier on the author of a .cfg file.  It's mildly confusing to
> say verify_detached --skip-sig since the whole point of that command is=

> to check a signature, but the documentation can make it clear.
>=20
> I can prepare a patch but it could be a week or more before I have time=

> to do so.
>=20
Patch attached. Completely untested. Anyone to test it?
> Thanks,
> -Jon
>=20
>=20
>=20
> =20
>=20
>=20
> _______________________________________________
> Grub-devel mailing list
> Grub-devel@gnu.org
> https://lists.gnu.org/mailman/listinfo/grub-devel
>=20


--------------020608050802000805010708
Content-Type: application/x-patch;
 name="pkcheck.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="pkcheck.diff"

PT09IG1vZGlmaWVkIGZpbGUgJ2dydWItY29yZS9jb21tYW5kcy92ZXJpZnkuYycKLS0tIGdy
dWItY29yZS9jb21tYW5kcy92ZXJpZnkuYwkyMDEzLTA0LTA1IDA4OjUyOjEzICswMDAwCisr
KyBncnViLWNvcmUvY29tbWFuZHMvdmVyaWZ5LmMJMjAxMy0xMC0yMSAyMTo0MTo0MSArMDAw
MApAQCAtMjksOSArMjksMjIgQEAKICNpbmNsdWRlIDxncnViL3B1YmtleS5oPgogI2luY2x1
ZGUgPGdydWIvZW52Lmg+CiAjaW5jbHVkZSA8Z3J1Yi9rZXJuZWwuaD4KKyNpbmNsdWRlIDxn
cnViL2V4dGNtZC5oPgogCiBHUlVCX01PRF9MSUNFTlNFICgiR1BMdjMrIik7CiAKK2VudW0K
KyAgeworICAgIE9QVElPTl9TS0lQX1NJRyA9IDAKKyAgfTsKKworc3RhdGljIGNvbnN0IHN0
cnVjdCBncnViX2FyZ19vcHRpb24gb3B0aW9uc1tdID0KKyAgeworICAgIHsic2tpcC1zaWci
LCAncycsIDAsCisgICAgIE5fKCJTa2lwIHNpZ25hdHVyZS1jaGVja2luZyBvZiB0aGUgc2ln
bmF0dXJlIGZpbGUuIiksIDAsIEFSR19UWVBFX05PTkV9LAorICAgIHswLCAwLCAwLCAwLCAw
LCAwfQorICB9OworCiBzdGF0aWMgZ3J1Yl9lcnJfdAogcmVhZF9wYWNrZXRfaGVhZGVyIChn
cnViX2ZpbGVfdCBzaWcsIGdydWJfdWludDhfdCAqb3V0X3R5cGUsIGdydWJfc2l6ZV90ICps
ZW4pCiB7CkBAIC01NDQsOCArNTU3LDggQEAKIH0KIAogc3RhdGljIGdydWJfZXJyX3QKLWdy
dWJfY21kX3RydXN0IChncnViX2NvbW1hbmRfdCBjbWQgIF9fYXR0cmlidXRlX18gKCh1bnVz
ZWQpKSwKLQkJCSAgIGludCBhcmdjLCBjaGFyICoqYXJncykKK2dydWJfY21kX3RydXN0IChn
cnViX2V4dGNtZF9jb250ZXh0X3QgY3R4dCwKKwkJaW50IGFyZ2MsIGNoYXIgKiphcmdzKQog
ewogICBncnViX2ZpbGVfdCBwa2Y7CiAgIHN0cnVjdCBncnViX3B1YmxpY19rZXkgKnBrID0g
TlVMTDsKQEAgLTU1Myw3ICs1NjYsOCBAQAogICBpZiAoYXJnYyA8IDEpCiAgICAgcmV0dXJu
IGdydWJfZXJyb3IgKEdSVUJfRVJSX0JBRF9BUkdVTUVOVCwgTl8oIm9uZSBhcmd1bWVudCBl
eHBlY3RlZCIpKTsKIAotICBncnViX2ZpbGVfZmlsdGVyX2Rpc2FibGVfYWxsICgpOworICBp
ZiAoY3R4dC0+c3RhdGVbT1BUSU9OX1NLSVBfU0lHXS5zZXQpCisgICAgZ3J1Yl9maWxlX2Zp
bHRlcl9kaXNhYmxlX3B1YmtleSAoKTsKICAgcGtmID0gZ3J1Yl9maWxlX29wZW4gKGFyZ3Nb
MF0pOwogICBpZiAoIXBrZikKICAgICByZXR1cm4gZ3J1Yl9lcnJubzsKQEAgLTYyNSw3ICs2
MzksNyBAQAogfQogCiBzdGF0aWMgZ3J1Yl9lcnJfdAotZ3J1Yl9jbWRfdmVyaWZ5X3NpZ25h
dHVyZSAoZ3J1Yl9jb21tYW5kX3QgY21kICBfX2F0dHJpYnV0ZV9fICgodW51c2VkKSksCitn
cnViX2NtZF92ZXJpZnlfc2lnbmF0dXJlIChncnViX2V4dGNtZF9jb250ZXh0X3QgY3R4dCwK
IAkJCSAgIGludCBhcmdjLCBjaGFyICoqYXJncykKIHsKICAgZ3J1Yl9maWxlX3QgZiwgc2ln
OwpAQCAtNjQyLDcgKzY1Niw4IEBACiAgIGlmIChhcmdjID4gMikKICAgICB7CiAgICAgICBn
cnViX2ZpbGVfdCBwa2Y7Ci0gICAgICBncnViX2ZpbGVfZmlsdGVyX2Rpc2FibGVfYWxsICgp
OworICAgICAgaWYgKGN0eHQtPnN0YXRlW09QVElPTl9TS0lQX1NJR10uc2V0KQorCWdydWJf
ZmlsZV9maWx0ZXJfZGlzYWJsZV9wdWJrZXkgKCk7CiAgICAgICBwa2YgPSBncnViX2ZpbGVf
b3BlbiAoYXJnc1syXSk7CiAgICAgICBpZiAoIXBrZikKIAlyZXR1cm4gZ3J1Yl9lcnJubzsK
QEAgLTc5MCw3ICs4MDUsOCBAQAogc3RydWN0IGdjcnlfcGtfc3BlYyAqZ3J1Yl9jcnlwdG9f
cGtfZWNkc2E7CiBzdHJ1Y3QgZ2NyeV9wa19zcGVjICpncnViX2NyeXB0b19wa19yc2E7CiAK
LXN0YXRpYyBncnViX2NvbW1hbmRfdCBjbWQsIGNtZF90cnVzdCwgY21kX2Rpc3RydXN0LCBj
bWRfbGlzdDsKK3N0YXRpYyBncnViX2V4dGNtZF90IGNtZCwgY21kX3RydXN0Oworc3RhdGlj
IGdydWJfY29tbWFuZF90IGNtZF9kaXN0cnVzdCwgY21kX2xpc3Q7CiAKIEdSVUJfTU9EX0lO
SVQodmVyaWZ5KQogewpAQCAtODM1LDEyICs4NTEsMTQgQEAKICAgaWYgKCF2YWwpCiAgICAg
Z3J1Yl9lbnZfc2V0ICgiY2hlY2tfc2lnbmF0dXJlcyIsIGdydWJfcGtfdHJ1c3RlZCA/ICJl
bmZvcmNlIiA6ICJubyIpOwogCi0gIGNtZCA9IGdydWJfcmVnaXN0ZXJfY29tbWFuZCAoInZl
cmlmeV9kZXRhY2hlZCIsIGdydWJfY21kX3ZlcmlmeV9zaWduYXR1cmUsCi0JCQkgICAgICAg
Tl8oIkZJTEUgU0lHTkFUVVJFX0ZJTEUgW1BVQktFWV9GSUxFXSIpLAotCQkJICAgICAgIE5f
KCJWZXJpZnkgZGV0YWNoZWQgc2lnbmF0dXJlLiIpKTsKLSAgY21kX3RydXN0ID0gZ3J1Yl9y
ZWdpc3Rlcl9jb21tYW5kICgidHJ1c3QiLCBncnViX2NtZF90cnVzdCwKLQkJCQkgICAgIE5f
KCJQVUJLRVlfRklMRSIpLAotCQkJCSAgICAgTl8oIkFkZCBQS0ZJTEUgdG8gdHJ1c3RlZCBr
ZXlzLiIpKTsKKyAgY21kID0gZ3J1Yl9yZWdpc3Rlcl9leHRjbWQgKCJ2ZXJpZnlfZGV0YWNo
ZWQiLCBncnViX2NtZF92ZXJpZnlfc2lnbmF0dXJlLCAwLAorCQkJICAgICAgTl8oIlstc3wt
LXNraXAtc2lnXSBGSUxFIFNJR05BVFVSRV9GSUxFIFtQVUJLRVlfRklMRV0iKSwKKwkJCSAg
ICAgIE5fKCJWZXJpZnkgZGV0YWNoZWQgc2lnbmF0dXJlLiIpLAorCQkJICAgICAgb3B0aW9u
cyk7CisgIGNtZF90cnVzdCA9IGdydWJfcmVnaXN0ZXJfZXh0Y21kICgidHJ1c3QiLCBncnVi
X2NtZF90cnVzdCwgMCwKKwkJCQkgICAgIE5fKCJbLXN8LS1za2lwLXNpZ10gUFVCS0VZX0ZJ
TEUiKSwKKwkJCQkgICAgIE5fKCJBZGQgUEtGSUxFIHRvIHRydXN0ZWQga2V5cy4iKSwKKwkJ
CQkgICAgIG9wdGlvbnMpOwogICBjbWRfbGlzdCA9IGdydWJfcmVnaXN0ZXJfY29tbWFuZCAo
Imxpc3RfdHJ1c3RlZCIsIGdydWJfY21kX2xpc3QsCiAJCQkJICAgIDAsCiAJCQkJICAgIE5f
KCJMaXN0IHRydXN0ZWQga2V5cy4iKSk7CkBAIC04NTIsOCArODcwLDggQEAKIEdSVUJfTU9E
X0ZJTkkodmVyaWZ5KQogewogICBncnViX2ZpbGVfZmlsdGVyX3VucmVnaXN0ZXIgKEdSVUJf
RklMRV9GSUxURVJfUFVCS0VZKTsKLSAgZ3J1Yl91bnJlZ2lzdGVyX2NvbW1hbmQgKGNtZCk7
Ci0gIGdydWJfdW5yZWdpc3Rlcl9jb21tYW5kIChjbWRfdHJ1c3QpOworICBncnViX3VucmVn
aXN0ZXJfZXh0Y21kIChjbWQpOworICBncnViX3VucmVnaXN0ZXJfZXh0Y21kIChjbWRfdHJ1
c3QpOwogICBncnViX3VucmVnaXN0ZXJfY29tbWFuZCAoY21kX2xpc3QpOwogICBncnViX3Vu
cmVnaXN0ZXJfY29tbWFuZCAoY21kX2Rpc3RydXN0KTsKIH0KCg==
--------------020608050802000805010708--

------enig2XGDQEWQQVAAJFRLNHXGA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iF4EAREKAAYFAlJln9YACgkQNak7dOguQgmOWgEAix+VNriJGVfevPyODvS4HsB+
dIbfqP/ft0nNS7RveVoBAJ3RKxxsJAN4xuoOdEFb3hEPsQyt765p0ElMgZb4c1E5
=5hMM
-----END PGP SIGNATURE-----

------enig2XGDQEWQQVAAJFRLNHXGA--