Edward O'Callaghan has uploaded this change for review.
layout.c: Mitigate untrusted FMAP's within fw images address root
A ill informed security engineer running a elivated privilaged
version of flashrom that parses a embedded FMAP within the image
could find themseleves addressing absolute system paths. We
can mitigate this by ensuring paths in the FMAP are always
relative paths however this does not address the deeper issue
of parsing untrusted data with a privilaged process which is
user error. Do not run flashrom as root unless you require
the internal programmer in which case the internal image is
implicitly trusted.
Change-Id: I820ea2dfc25925895b9fb7926d2a337e4f0e3fd2
Signed-off-by: Edward O'Callaghan <quasisec@google.com>
---
M layout.c
1 file changed, 23 insertions(+), 0 deletions(-)
git pull ssh://review.coreboot.org:29418/flashrom refs/changes/94/75194/1
diff --git a/layout.c b/layout.c
index cddd908..80e370c 100644
--- a/layout.c
+++ b/layout.c
@@ -196,6 +196,9 @@
static char *sanitise_filename(char *filename)
{
+ if (filename[0] == '/' || filename[0] == '\\')
+ filename[0] = '_';
+
for (unsigned i = 0; filename[i]; i++) {
if (isspace((unsigned char)filename[i]))
filename[i] = '_';
To view, visit change 75194. To unsubscribe, or for help writing mail filters, visit settings.