Edward O'Callaghan has uploaded this change for review. ( https://review.coreboot.org/c/flashrom/+/75194 )
Change subject: layout.c: Mitigate untrusted FMAP's within fw images address root ......................................................................
layout.c: Mitigate untrusted FMAP's within fw images address root
A ill informed security engineer running a elivated privilaged version of flashrom that parses a embedded FMAP within the image could find themseleves addressing absolute system paths. We can mitigate this by ensuring paths in the FMAP are always relative paths however this does not address the deeper issue of parsing untrusted data with a privilaged process which is user error. Do not run flashrom as root unless you require the internal programmer in which case the internal image is implicitly trusted.
Change-Id: I820ea2dfc25925895b9fb7926d2a337e4f0e3fd2 Signed-off-by: Edward O'Callaghan quasisec@google.com --- M layout.c 1 file changed, 23 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/94/75194/1
diff --git a/layout.c b/layout.c index cddd908..80e370c 100644 --- a/layout.c +++ b/layout.c @@ -196,6 +196,9 @@
static char *sanitise_filename(char *filename) { + if (filename[0] == '/' || filename[0] == '\') + filename[0] = '_'; + for (unsigned i = 0; filename[i]; i++) { if (isspace((unsigned char)filename[i])) filename[i] = '_';