Attention is currently required from: Stefan Reinauer, Edward O'Callaghan.
4 comments:
Commit Message:
Patch Set #1, Line 14: parsing untrusted data with a privilaged process
But what is considered privileged? For a regular user running flashrom,
relative paths can already do a lot of damage.
unless you require
the internal programmer in which case the internal image is
implicitly trusted.
Unless you have something like vboot (or similar) which treats A/B
partitions as untrusted.
Feel free to add a Found-by: line.
File layout.c:
Patch Set #1, Line 199: filename[0] == '\\'
If this is meant to secure DOS/Windows paths, you'd also have to check for "[a-zA-Z]:",
I suppose.
To view, visit change 75194. To unsubscribe, or for help writing mail filters, visit settings.