svn commit: r350312 - stable/12/stand/common

[Simon J. Gerraty]

Author: sjg
Date: Thu Jul 25 00:07:10 2019
New Revision: 350312
URL: https://svnweb.freebsd.org/changeset/base/350312

Log:
  loader: ignore some variable settings if input unverified
  
  libsecureboot can tell us if the most recent file opened was
  verfied or not.
  If it's state is VE_UNVERIFIED_OK, skip if variable
  matches one of the restricted prefixes.
  
  MFC of r350099
  
  Reviewed by:	stevek
  Sponsored by:	Juniper Networks
  Differential Revision:	https://reviews.freebsd.org//D20909

Modified:
  stable/12/stand/common/commands.c

Modified: stable/12/stand/common/commands.c
==============================================================================
--- stable/12/stand/common/commands.c	Wed Jul 24 23:08:49 2019	(r350311)
+++ stable/12/stand/common/commands.c	Thu Jul 25 00:07:10 2019	(r350312)
@@ -304,6 +304,36 @@ command_set(int argc, char *argv[])
 		command_errmsg = "wrong number of arguments";
 		return (CMD_ERROR);
 	} else {
+#ifdef LOADER_VERIEXEC
+		/*
+		 * Impose restrictions if input is not verified
+		 */
+		const char *restricted[] = {
+			"boot",
+			"init",
+			"loader.ve.",
+			"rootfs",
+			"secur",
+			"vfs.",
+			NULL,
+		};
+		const char **cp;
+		int ves;
+
+		ves = ve_status_get(-1);
+		if (ves == VE_UNVERIFIED_OK) {
+#ifdef LOADER_VERIEXEC_TESTING
+			printf("Checking: %s\n", argv[1]);
+#endif
+			for (cp = restricted; *cp; cp++) {
+				if (strncmp(argv[1], *cp, strlen(*cp)) == 0) {
+					printf("Ignoring restricted variable: %s\n",
+					    argv[1]);
+					return (CMD_OK);
+				}
+			}
+		}
+#endif
 		if ((err = putenv(argv[1])) != 0) {
 			command_errmsg = strerror(err);
 			return (CMD_ERROR);