| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 5 Oct 2022 16:42:52 -0400
From: Brendan Higgins <brendanhiggins@...gle.com>
To: David Gow <davidgow@...gle.com>
Cc: Brendan Higgins <brendan.higgins@...ux.dev>,
Daniel Latypov <dlatypov@...gle.com>,
Shuah Khan <skhan@...uxfoundation.org>,
Xu Panda <xu.panda@....com.cn>,
Greg KH <gregkh@...uxfoundation.org>,
kunit-dev@...glegroups.com, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org, Zeal Robot <zealci@....com.cn>
Subject: Re: [PATCH] kunit: tool: Don't download risc-v opensbi firmware with wget
On Fri, Sep 23, 2022 at 1:01 AM 'David Gow' via KUnit Development
<kunit-dev@...glegroups.com> wrote:
>
> When running a RISC-V test kernel under QEMU, we need an OpenSBI BIOS
> file. In the original QEMU support patchset, kunit_tool would optionally
> download this file from GitHub if it didn't exist, using wget.
>
> These days, it can usually be found in the distro's qemu-system-riscv
> package, and is located in /usr/share/qemu on all the distros I tried
> (Debian, Arch, OpenSUSE). Use this file, and thereby don't do any
> downloading in kunit_tool.
>
> In addition, we used to shell out to whatever 'wget' was in the path,
> which could have potentially been used to trick the developer into
> running another binary. By not using wget at all, we nicely sidestep
> this issue.
>
> Cc: Xu Panda <xu.panda@....com.cn>
> Fixes: 87c9c1631788 ("kunit: tool: add support for QEMU")
> Reported-by: Zeal Robot <zealci@....com.cn>
> Signed-off-by: David Gow <davidgow@...gle.com>
Reviewed-by: Brendan Higgins <brendanhiggins@...gle.com>
Powered by blists - more mailing lists