Am 21.12.2018 um 14:09 schrieb Frank Wunderlich:
just a thought, that someone load a script from tftp (scr) which will be
executed locally and imho can also contain mw-commands (like my one adding
0-characters). this can be modified from remote...
Well, from a security point of view, you can't just load a script and
execut it.
The problem with 'load' and 'tftp' is that these are used in secure boot
environments to load the next stage (signed FIT image). This next stage
must be authenticated before being used, so you can't just instert wrong
'mw' statements into a signed image (as an attacker, I mean).
The CVE reported that you can attack a target without having a valid
signature just by loading a file that is too big. To me, that's a big
difference to the 'mw' case.
i will not say that this have to be done, just a thought :)
for loading from filesystem/fat with modified address there is also the need
for local access right? or do you mean that this can be modified (local
uenv.txt) from operation system and applied by next reboot?
No, you just need a big file. E.g. if you have 1GB of RAM, you "just"
need to update the file loaded from disk to be 1GB big and you'll
overwrite U-Boot for sure (on the next reboot, that is).
Regards,
Simon
regards Frank
Gesendet: Freitag, 21. Dezember 2018 um 13:56 Uhr
Von: "Simon Goldschmidt" <simon.k.r.goldschm...@gmail.com>
Well, the idea of the CVE was that you can overwrite U-Boot in RAM without actually
having access. You "only" need to control the file system or tftp server.
When doing 'mw', you actually need to have access to the U-Boot shell. That's a different level. I'm not sure we need to limit access there...
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
