subject:"Re\: \[PATCH 7\/7\] verifiers\: Verify after decompression"

Re: [PATCH 7/7] verifiers: Verify after decompression

2024-03-28 Thread Ross Lagerwall via Grub-devel

On Fri, Mar 15, 2024 at 7:26 AM Vladimir 'phcoder' Serbinenko wrote: > > Verifying after decompression is a bad security practice. It relies on > decompression having no security holes. Given how complex decompression is, > this is almost guaranteed to be false. > Point taken... I'll drop this

Re: [PATCH 7/7] verifiers: Verify after decompression

2024-03-15 Thread Vladimir 'phcoder' Serbinenko

Verifying after decompression is a bad security practice. It relies on decompression having no security holes. Given how complex decompression is, this is almost guaranteed to be false. Le mer. 13 mars 2024, 18:08, Ross Lagerwall via Grub-devel < grub-devel@gnu.org> a écrit : > It is convenient a

Re: [PATCH 7/7] verifiers: Verify after decompression

2024-03-14 Thread Michael Chang via Grub-devel

On Wed, Mar 13, 2024 at 03:07:48PM +, Ross Lagerwall via Grub-devel wrote: > It is convenient and common to have binaries stored in gzip archives > (e.g. xen.gz). Verification should be run after decompression rather > than before so reorder the file filter list as appropriate. The proposed ch

Re: [PATCH 7/7] verifiers: Verify after decompression

Re: [PATCH 7/7] verifiers: Verify after decompression

Re: [PATCH 7/7] verifiers: Verify after decompression

3 matches

Site Navigation

Mail list logo

Footer information