[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] Verify commands executed by grub

From: Vladimir 'phcoder' Serbinenko
Subject: Re: [PATCH 1/2] Verify commands executed by grub
Date: Mon, 24 Jul 2017 11:19:29 +0000

On Sat, Jul 22, 2017, 00:13 Matthew Garrett <address@hidden> wrote:
On Fri, Jul 21, 2017 at 7:39 AM, Vladimir 'phcoder' Serbinenko
<address@hidden> wrote:
> This omits all separators. So it considers e.g. ab and a b to be the same.
> Can we have a better array serialization? I.a. following 3 need to be
> distinguished:
> ab
> a b
> "a b"

It inserts a space after each argv, so I think ab and a b are already
distinguishable in the output? "a b" isn't, however, and that's
certainly a problem. I can see a few approaches to this:

1) Delimit with \0. That makes parsing the result more annoying, but
avoids any ambiguity.
I like this possibility. I'll change string hashing to a byte array hashing in verifiers API
2) Add quotes back in for any arguments that contain spaces
3) Do the verification before any parsing. Downside is that we don't
get any variable expansion, which doesn't really matter for the TPM
case but might not work for other use cases?

reply via email to

[Prev in Thread] Current Thread [Next in Thread]