Attention is currently required from: Edward O'Callaghan, Stefan Reinauer.

Edward O'Callaghan uploaded patch set #2 to this change.

View Change

layout.c: Mitigate untrusted FMAP's within fw images address root

A ill informed security engineer running a elevated privileged
version of flashrom that parses a embedded FMAP within the image
could find themseleves addressing absolute system paths. We
can mitigate this by ensuring paths in the FMAP are always
relative paths. However, this does not address the deeper issue
of parsing untrusted data with a privileged process which is
user error. Do not run flashrom as root unless you require
the internal programmer in which case the internal image is
implicitly trusted.

Change-Id: I820ea2dfc25925895b9fb7926d2a337e4f0e3fd2
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
---
M layout.c
1 file changed, 3 insertions(+), 0 deletions(-)

git pull ssh://review.coreboot.org:29418/flashrom refs/changes/94/75194/2

To view, visit change 75194. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-Project: flashrom
Gerrit-Branch: master
Gerrit-Change-Id: I820ea2dfc25925895b9fb7926d2a337e4f0e3fd2
Gerrit-Change-Number: 75194
Gerrit-PatchSet: 2
Gerrit-Owner: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-Reviewer: Angel Pons <th3fanbus@gmail.com>
Gerrit-Reviewer: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Reviewer: build bot (Jenkins) <no-reply@coreboot.org>
Gerrit-CC: Nico Huber <nico.h@gmx.de>
Gerrit-Attention: Stefan Reinauer <stefan.reinauer@coreboot.org>
Gerrit-Attention: Edward O'Callaghan <quasisec@chromium.org>
Gerrit-MessageType: newpatchset