Re: [PATCH linux-next] kunit: tool: use absolute path for wget
From: David Gow
Date: Thu Sep 22 2022 - 06:51:16 EST
On Thu, Sep 22, 2022 at 6:20 PM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
>
> On Thu, Sep 22, 2022 at 06:09:28PM +0800, David Gow wrote:
> > On Thu, Sep 22, 2022 at 4:36 PM <cgel.zte@xxxxxxxxx> wrote:
> > >
> > > From: Xu Panda <xu.panda@xxxxxxxxxx>
> > >
> > > Not using absolute path when invoking wget can lead to serious
> > > security issues.
> > >
> > > Reported-by: Zeal Robot <zealci@xxxxxxxxxx>
> > > Signed-off-by: Xu Panda <xu.panda@xxxxxxxxxx>
> > > ---
> >
> > This seems mostly okay to me -- we'd be abandoning people who have
> > wget in an unusual location, but I don't think there are many people
> > who want to run KUnit under RISC-V, have wget in a non-standard
> > location, and can't acquire the bios file themselves.
> >
> > So this is:
> > Reviewed-by: David Gow <davidgow@xxxxxxxxxx>
>
> Please no, at this point in time, submissions from this gmail "alias"
> are going to have to be rejected from the kernel.
>
Good to know, thanks.
This isn't queued anyway, as I think that getting rid of the code to
download the BIOS (and instead relying on the user's distro to provide
it) is probably a better solution.
Cheers,
-- David