[ipxe-devel] [ipxe/ipxe] [image] Embedded images are implicitly trusted (#100)
Michael Brown
notifications at github.com
Wed Dec 18 21:23:16 UTC 2019
This change concerns me slightly since it marks all embedded images as trusted, which is a potential relaxation of security. I can't immediately think of a situation in which a user would want to explicitly imgverify an embedded image, but that doesn't mean that such a situation does not exist.
I would prefer a change with lower impact, such as setting only the selected (i.e. first) image as trusted. The most obvious place to do this is after the existing call to image_select() has succeeded.
Please use the image_trust() wrapper function to set the flag, since this will guarantee future compatibility with anything else that image_trust() may be updated to do (e.g. generating logging messages).
Lastly, please reword the commit shortlog as e.g. "[image] Implicitly trust first embedded image" (i.e. using the active voice), to match the existing style.
Thanks,
Michael
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/ipxe/ipxe/pull/100#issuecomment-567219086
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ipxe.org/pipermail/ipxe-devel/attachments/20191218/89fba1d1/attachment.htm>
More information about the ipxe-devel
mailing list