From: Sascha Hauer <s.hauer@pengutronix.de>
To: BAREBOX <barebox@lists.infradead.org>
Cc: Ahmad Fatoum <a.fatoum@pengutronix.de>
Subject: [PATCH v2 10/24] commands: go: add security config option
Date: Wed, 17 Sep 2025 15:53:30 +0200 [thread overview]
Message-ID: <20250917-security-policies-v2-10-f30769a3ff51@pengutronix.de> (raw)
In-Reply-To: <20250917-security-policies-v2-0-f30769a3ff51@pengutronix.de>
From: Ahmad Fatoum <a.fatoum@pengutronix.de>
The go command doesn't do any signature verification and allows
executing arbitrary code. Add a security option, so a policy can disable
this command at runtime.
Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
---
Sconfig | 1 +
commands/Sconfig | 12 ++++++++++++
commands/go.c | 4 ++++
3 files changed, 17 insertions(+)
diff --git a/Sconfig b/Sconfig
index 6cfd8c8677a655c1b238dadc22aa6d40b161596d..1c5b9d70d09f8df47edc48f6ac295501f66df97e 100644
--- a/Sconfig
+++ b/Sconfig
@@ -5,3 +5,4 @@ mainmenu "Barebox Security Configuration"
source "scripts/Sconfig.include"
source "security/Sconfig"
+source "commands/Sconfig"
diff --git a/commands/Sconfig b/commands/Sconfig
new file mode 100644
index 0000000000000000000000000000000000000000..7e6d937e162ce154b3993d03a9103181ea61af5d
--- /dev/null
+++ b/commands/Sconfig
@@ -0,0 +1,12 @@
+# SPDX-License-Identifier: GPL-2.0-only
+
+menu "Command Policy"
+
+config CMD_GO
+ bool "Allow go command"
+ depends on $(kconfig-enabled,CMD_GO)
+ help
+ The go command jumps to an arbitrary address after shutting
+ down barebox and does not do any signature verification.
+
+endmenu
diff --git a/commands/go.c b/commands/go.c
index 3449a2181ad076e30ea96f016245806a59d657c4..640911d90db28c0dc60b713267dcab14627c793c 100644
--- a/commands/go.c
+++ b/commands/go.c
@@ -11,6 +11,7 @@
#include <getopt.h>
#include <linux/ctype.h>
#include <errno.h>
+#include <security/config.h>
#define INT_ARGS_MAX 4
@@ -24,6 +25,9 @@ static int do_go(int argc, char *argv[])
ulong arg[INT_ARGS_MAX] = {};
bool pass_argv = true;
+ if (!IS_ALLOWED(SCONFIG_CMD_GO))
+ return -EPERM;
+
while ((opt = getopt(argc, argv, "+si")) > 0) {
switch (opt) {
case 's':
--
2.47.3
next prev parent reply other threads:[~2025-09-17 14:19 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-17 13:53 [PATCH v2 00/24] Add security policy support Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 01/24] kconfig: allow setting CONFIG_ from the outside Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 02/24] scripts: include scripts/include for all host tools Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 03/24] kbuild: implement loopable loop_cmd Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 04/24] Add security policy support Sascha Hauer
2025-09-22 16:14 ` Ahmad Fatoum
2025-09-23 8:11 ` Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 05/24] kbuild: allow security config use without source tree modification Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 06/24] defaultenv: update PS1 according to security policy Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 07/24] security: policy: support externally provided configs Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 08/24] commands: implement sconfig command Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 09/24] docs: security-policies: add documentation Sascha Hauer
2025-09-17 13:53 ` Sascha Hauer [this message]
2025-09-17 13:53 ` [PATCH v2 11/24] console: ratp: add security config option Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 12/24] bootm: support calling bootm_optional_signed_images at any time Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 13/24] bootm: make unsigned image support runtime configurable Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 14/24] ARM: configs: add virt32_secure_defconfig Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 15/24] boards: qemu-virt: add security policies Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 16/24] boards: qemu-virt: allow setting policy from command line Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 17/24] test: py: add basic security policy test Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 18/24] usbserial: add inline wrappers Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 19/24] security: usbgadget: add usbgadget security policy Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 20/24] security: fastboot: add security policy for fastboot oem Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 21/24] security: shell: add policy for executing the shell Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 22/24] security: add security policy for loading barebox environment Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 23/24] security: add filesystem security policies Sascha Hauer
2025-09-22 16:16 ` Ahmad Fatoum
2025-09-23 8:08 ` Sascha Hauer
2025-09-17 13:53 ` [PATCH v2 24/24] security: console: add security policy for console input Sascha Hauer
2025-09-22 16:18 ` [PATCH v2 00/24] Add security policy support Ahmad Fatoum
2025-09-23 8:08 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250917-security-policies-v2-10-f30769a3ff51@pengutronix.de \
--to=s.hauer@pengutronix.de \
--cc=a.fatoum@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox