Attention is currently required from: Edward O'Callaghan, Stefan Reinauer.
Hello Angel Pons, Stefan Reinauer, build bot (Jenkins),
I'd like you to reexamine a change. Please visit
https://review.coreboot.org/c/flashrom/+/75194?usp=email
to look at the new patch set (#2).
Change subject: layout.c: Mitigate untrusted FMAP's within fw images address root ......................................................................
layout.c: Mitigate untrusted FMAP's within fw images address root
A ill informed security engineer running a elevated privileged version of flashrom that parses a embedded FMAP within the image could find themseleves addressing absolute system paths. We can mitigate this by ensuring paths in the FMAP are always relative paths. However, this does not address the deeper issue of parsing untrusted data with a privileged process which is user error. Do not run flashrom as root unless you require the internal programmer in which case the internal image is implicitly trusted.
Change-Id: I820ea2dfc25925895b9fb7926d2a337e4f0e3fd2 Signed-off-by: Edward O'Callaghan quasisec@google.com --- M layout.c 1 file changed, 3 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/94/75194/2