Dear Denx, I've been working on an embedded system which starts over TFTP with an NFS rootfs.
During the development I noticed that it's possible to inject bootparams in to the dhcp messages. If a system boots from NFS and I provide the following path to the nfs share the extra bootparams will be executed aswell. option root-path "/media/share/nfs/,tcp ro" The ro parameter is put in to the kernel parameter as well and executed. I'm using this hack currently on our own system into our advantage to override the rw with ro in the kernel command line without the need of recompiling uboot. I'm going to plug this hole because it's a security risk for our product. I've looked in the current uboot version and this is still a possibility. My suggestion is to verify the options passed trough, these are separated by "," and ignore anything with a space inside the rootpath. If you agree this is an issue and have a suggestion for a solution. I will supply the patch we are currently using for our own product. Kind regards, Christian Litjes _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
