From nobody Mon Jun 2 05:49:56 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b9jbm3z7Sz5xX6m; Mon, 02 Jun 2025 05:49:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b9jbm3NYKz3F7C; Mon, 02 Jun 2025 05:49:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748843396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ng66EkmYEsDvDQXNTA4PPLN1hElRB+UGTYjbUZksn8s=; b=R6SUafn1DLUNxe492F0YEy/jUl+28qqt44VlUHNVnqtwMFsl+n/gDyIk+zYAs9Z0sc6o0H qudj+2qhvVOu83A7bONevGjgjpwDKW0Mcivn9DwYbc4UuJwMEOECNfFwZC+gKn3Oy8k9YX n7nha6Dxpa15oB9DgO2uKrEDYiRoNXabBlhi3nmjmBrkg+/5JXWMZt7XcVhpx9Cjb7EK03 ceqGsYGQhXSXCulAYZNp2JdweduSgo7pRwxT5j971AQ3BWtkhv75H6uk4USVPcW/O5DIUr q4oeZyrc8TQxzJ1yU6n3j1sXesXAbLmUwHs7X1YoJGUaHJSIyBZApn/ZZ91WLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1748843396; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Ng66EkmYEsDvDQXNTA4PPLN1hElRB+UGTYjbUZksn8s=; b=JeoGPUdKVYCL5hecb3qAtguFljaRwKuVGyedqzDHw43ovpHKBXOD87gzQwl5kJJDYgdXEj RvwrAZttUB9Acha8f6Glo+/r1/ke78YNAYCRPZk7LWEIbguXyO1rB+zbW7wRp/94iz6SEV fhKoj2BMrLynRLLaqDDtJ9e5IwdfzAmXFmaKaDRzldMYZz3RL0rkIa8VJcP631k0Npg2Td ajLBA4VzkmZgFISBzbToRNfqjykFTjH/JLL3E5T+ytubvYZq0KRZ6+tVPBAGcUSOsyXNYs yzE1T1Q1Qox3buPcptncsqQyQ7PTKNJLeq38dgtRxx2ysTPL3Irte0/J7LnPdg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748843396; a=rsa-sha256; cv=none; b=qgv9gKvX4AgAjUJUxrgQ7n/cCOFq9woupMiLFP0hUa6OMez8hEcAEJ7K48tx3QEDZBppQl g0PsvU3a+ObkE0YxZF5w+qRAvC3nGWe9ynHDoUQVpI25dN/W6AXdbvAsLV1peYfD6tU4bF HJYlLumr6kg14b0UGoWgjee9KSM2RDIKrnBnETS1kEs+bjOHtSAtELCwfbx23jbSqfdvMU iGshQFWMufgh9tVHMTfpshJibn/3sV+yixGiS5Z0pYYikQQGckwLKwJiL46hUjDV/+Tw5E qG9jFzz9Sl3K47wYKxR/qS+7gb98O4xK2G/rJl76Wf+NdMrRtAzKObEf8kyncQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b9jbm2vq8zwVP; Mon, 02 Jun 2025 05:49:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5525nuRT055001; Mon, 2 Jun 2025 05:49:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5525nuDu054998; Mon, 2 Jun 2025 05:49:56 GMT (envelope-from git) Date: Mon, 2 Jun 2025 05:49:56 GMT Message-Id: <202506020549.5525nuDu054998@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Simon J. Gerraty" Subject: git: 61d77e6c0095 - main - loader: allow for exceptions to restricted settings. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: sjg X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 61d77e6c009544d1489078c16a5d22b27d25c91b Auto-Submitted: auto-generated The branch main has been updated by sjg: URL: https://cgit.FreeBSD.org/src/commit/?id=61d77e6c009544d1489078c16a5d22b27d25c91b commit 61d77e6c009544d1489078c16a5d22b27d25c91b Author: Simon J. Gerraty AuthorDate: 2025-06-02 05:48:43 +0000 Commit: Simon J. Gerraty CommitDate: 2025-06-02 05:48:43 +0000 loader: allow for exceptions to restricted settings. We restrict what an unverified loader.conf etc can set, and the same restrictions are applied to interactive input. We need to allow for exceptions (eg boot_verbose). It is best if any allowed settings match up to '='. If we do not allow it to be set, do not allow it to be unset Reviewed by: stevek Sponsored by: Juniper Networks, Inc. --- stand/common/commands.c | 95 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 73 insertions(+), 22 deletions(-) diff --git a/stand/common/commands.c b/stand/common/commands.c index 95d12ad95973..19452047a0ca 100644 --- a/stand/common/commands.c +++ b/stand/common/commands.c @@ -291,6 +291,63 @@ command_show(int argc, char *argv[]) return (CMD_OK); } +#ifdef LOADER_VERIEXEC +static int +is_restricted_var(const char *var) +{ + /* + * We impose restrictions if input is not verified + * allowing for exceptions. + * These entries should include the '=' + */ + const char *allowed[] = { + "boot_function=", + "boot_phase=", + "boot_recover_cli=", + "boot_recover_volume=", + "boot_safe=", + "boot_set=", + "boot_single=", + "boot_verbose=", + NULL, + }; + const char *restricted[] = { + "boot", + "init", + "loader.ve.", + "rootfs", + "secur", + "vfs.", + NULL, + }; + const char **cp; + int ok = -1; + +#ifdef LOADER_VERIEXEC_TESTING + printf("Checking: %s\n", var); +#endif + for (cp = restricted; *cp; cp++) { + if (strncmp(var, *cp, strlen(*cp)) == 0) { + ok = 0; + break; + } + } + if (!ok) { + /* + * Check for exceptions. + * These should match up to '='. + */ + for (cp = allowed; *cp; cp++) { + if (strncmp(var, *cp, strlen(*cp)) == 0) { + ok = 1; + break; + } + } + } + return (ok == 0); +} +#endif + COMMAND_SET(set, "set", "set a variable", command_set); static int @@ -303,32 +360,14 @@ command_set(int argc, char *argv[]) return (CMD_ERROR); } else { #ifdef LOADER_VERIEXEC - /* - * Impose restrictions if input is not verified - */ - const char *restricted[] = { - "boot", - "init", - "loader.ve.", - "rootfs", - "secur", - "vfs.", - NULL, - }; - const char **cp; int ves; ves = ve_status_get(-1); if (ves == VE_UNVERIFIED_OK) { -#ifdef LOADER_VERIEXEC_TESTING - printf("Checking: %s\n", argv[1]); -#endif - for (cp = restricted; *cp; cp++) { - if (strncmp(argv[1], *cp, strlen(*cp)) == 0) { - printf("Ignoring restricted variable: %s\n", - argv[1]); - return (CMD_OK); - } + if (is_restricted_var(argv[1])) { + printf("Ignoring restricted variable: %s\n", + argv[1]); + return (CMD_OK); } } #endif @@ -351,6 +390,18 @@ command_unset(int argc, char *argv[]) command_errmsg = "wrong number of arguments"; return (CMD_ERROR); } else { +#ifdef LOADER_VERIEXEC + int ves; + + ves = ve_status_get(-1); + if (ves == VE_UNVERIFIED_OK) { + if (is_restricted_var(argv[1])) { + printf("Ignoring restricted variable: %s\n", + argv[1]); + return (CMD_OK); + } + } +#endif if ((err = unsetenv(argv[1])) != 0) { command_errmsg = strerror(err); return (CMD_ERROR);