[PATCH linux-next] kunit: tool: use absolute path for wget
Greg KH
gregkh at linuxfoundation.org
Thu Sep 22 04:15:02 PDT 2022
On Thu, Sep 22, 2022 at 06:50:59PM +0800, David Gow wrote:
> On Thu, Sep 22, 2022 at 6:20 PM Greg KH <gregkh at linuxfoundation.org> wrote:
> >
> > On Thu, Sep 22, 2022 at 06:09:28PM +0800, David Gow wrote:
> > > On Thu, Sep 22, 2022 at 4:36 PM <cgel.zte at gmail.com> wrote:
> > > >
> > > > From: Xu Panda <xu.panda at zte.com.cn>
> > > >
> > > > Not using absolute path when invoking wget can lead to serious
> > > > security issues.
> > > >
> > > > Reported-by: Zeal Robot <zealci at zte.com.cn>
> > > > Signed-off-by: Xu Panda <xu.panda at zte.com.cn>
> > > > ---
> > >
> > > This seems mostly okay to me -- we'd be abandoning people who have
> > > wget in an unusual location, but I don't think there are many people
> > > who want to run KUnit under RISC-V, have wget in a non-standard
> > > location, and can't acquire the bios file themselves.
> > >
> > > So this is:
> > > Reviewed-by: David Gow <davidgow at google.com>
> >
> > Please no, at this point in time, submissions from this gmail "alias"
> > are going to have to be rejected from the kernel.
> >
>
> Good to know, thanks.
>
> This isn't queued anyway, as I think that getting rid of the code to
> download the BIOS (and instead relying on the user's distro to provide
> it) is probably a better solution.s
That's a much better solution, we have authenticated firmware download
paths for BIOS images on Linux now integrated into distros. Let's use
that infrastructure that is set up for that for this type of thing.
thanks,
greg k-h
More information about the linux-riscv
mailing list