just a thought, that someone load a script from tftp (scr) which will be executed locally and imho can also contain mw-commands (like my one adding 0-characters). this can be modified from remote...
i will not say that this have to be done, just a thought :) for loading from filesystem/fat with modified address there is also the need for local access right? or do you mean that this can be modified (local uenv.txt) from operation system and applied by next reboot? regards Frank Gesendet: Freitag, 21. Dezember 2018 um 13:56 Uhr Von: "Simon Goldschmidt" <simon.k.r.goldschm...@gmail.com> Well, the idea of the CVE was that you can overwrite U-Boot in RAM without actually having access. You "only" need to control the file system or tftp server. When doing 'mw', you actually need to have access to the U-Boot shell. That's a different level. I'm not sure we need to limit access there... _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
