Attention is currently required from: Angel Pons, Stefan Reinauer.
Edward O'Callaghan has posted comments on this change. ( https://review.coreboot.org/c/flashrom/+/75194?usp=email )
Change subject: layout.c: Mitigate untrusted FMAP's within fw images address root ......................................................................
Patch Set 2:
(5 comments)
Commit Message:
https://review.coreboot.org/c/flashrom/+/75194/comment/66f2b0c0_59c88885 : PS1, Line 9: elivated
elevated
Done
https://review.coreboot.org/c/flashrom/+/75194/comment/12222f6b_8add70d4 : PS1, Line 9: privilaged
privileged
Done
https://review.coreboot.org/c/flashrom/+/75194/comment/9ccd9ec3_a959602e : PS1, Line 13: relative paths however this
Add some punctuation: […]
Thanks! Done.
https://review.coreboot.org/c/flashrom/+/75194/comment/e3d65221_3b5a8933 : PS1, Line 14: privilaged
privileged
Done
File layout.c:
https://review.coreboot.org/c/flashrom/+/75194/comment/3c547ad8_7d1f1584 : PS1, Line 199: filename[0] == '\'
If this is meant to secure DOS/Windows paths, you'd also have to check for "[a-zA-Z]:", […]
I would imagine this whole effort is pointless. If you are running flashrom with root privileges reading untrusted binaries via untrusted programmers you already failed. The proper fix is to drop privileges from flashrom upon invocation.