On 18.10.2013 04:44, Andrey Borzenkov wrote: > В Thu, 17 Oct 2013 23:44:05 +0200 > Vladimir 'φ-coder/phcoder' Serbinenko <phco...@gmail.com> пишет: > >> On 17.10.2013 20:28, Jonathan McCune wrote: >>> Presently the 'trust' and 'verify_detached' commands disable all filters >>> (e.g., verify.c:grub_cmd_trust() calls grub_file_filter_disable_all()) >>> when opening a file containing a public key (note the distinction from >>> verify_detached implicitly using an already-loaded key). >> >> This is the intended behaviour. Usecase to manually add keys when >> needed. Your proposal is for other usecases which would probably require >> special arguments or separate functions. >> > > This has the same MITM problem we already discussed and that was fixed > if pubkey filter is used - you cannot actually know that key you trust > is the same as key you verified. So I think that at least by default > "trust" should not disable pubkey filter. > > verify_detached probably should, but may be only for file that is > verified itself, bit for pubkey. > I didn't oppose to a command or options having the described functionality. Thinking about it, I have to agree that default behaviour should be paranoid with options to relax it. Would you or Jonathan prepare a patch to change the behaviour with an option to restore current behaviour?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
