|
From: | Andrey Borzenkov |
Subject: | Re: [PATCH v2 2/5] load_env support for whitelisting which variables are read from an env file, even if check_signatures=enforce |
Date: | Fri, 6 Sep 2013 23:48:45 +0400 |
В Fri, 6 Sep 2013 09:18:50 -0700 Jon McCune <address@hidden> пишет: > This works by adding an open_envblk_file_untrusted() method that bypasses > signature checking, but only if the invocation of load_env includes a > whitelist of one or more environment variables that are to be read from the > file. What is the use case? load_env is called exactly once at the beginning of configfile processing. At this point file still has valid signature assuming grub-editenv (or some other tool) computed one. When do you need to load environment more than once?
[Prev in Thread] | Current Thread | [Next in Thread] |