min
/
lanzaboote
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a disclaimer about the current security status

This commit is contained in:
Julian Stecklina 2022-11-23 14:11:24 +01:00
parent fe3d4015ba
commit 8559bf664e
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
rust/lanzaboote/src/linux_loader.rs
View File

@ -1,5 +1,9 @@
//! This module implements the protocols to hand an initrd to the //! This module implements the protocols to hand an initrd to the
//! Linux kernel. //! Linux kernel.
//!
//! XXX The initrd signature validation is vulnerable to TOCTOU,
//! because we read the initrd multiple times. The code needs to be
//! restructured to solve this.
use core::{ffi::c_void, ops::Range, pin::Pin, ptr::slice_from_raw_parts_mut}; use core::{ffi::c_void, ops::Range, pin::Pin, ptr::slice_from_raw_parts_mut};