Page MenuHomeFreeBSD
Differential D56287

Add boot_setenv
ClosedPublic
Actions

Authored by sjg on Apr 7 2026, 12:01 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, May 12, 10:40 AM
Unknown Object (File)
Sat, May 9, 9:25 PM
Unknown Object (File)
Sat, May 9, 9:19 PM
Unknown Object (File)
Sat, May 9, 6:15 PM
Unknown Object (File)
Sat, May 9, 6:09 PM
Unknown Object (File)
Thu, Apr 30, 2:21 PM
Unknown Object (File)
Wed, Apr 29, 8:22 PM
Unknown Object (File)
Wed, Apr 29, 8:15 PM
View All 25 Files
Subscribers
bcran
dab
olce

Details

Reviewers
stevek
imp
kevans
khng
manu
Commits
rGa371b008d13f: Add boot_setenv
Summary

Move is_restricted_var() to libsa/environment.c so it can be leveraged
by boot_setenv called from subr_boot with not truted input.

Also, allow for local tuning via ENV_IS_RESTRICTED_ALLOWED_LIST and
ENV_IS_RESTRICTED_LIST

Sponsored by: Hewlett Packard Enterprise Development LP.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

sjg created this revision.Apr 7 2026, 12:01 AM
Herald added a reviewer: manu. · View Herald TranscriptApr 7 2026, 12:01 AM
Herald added subscribers: olce, dab, bcran. · View Herald Transcript
sjg requested review of this revision.Apr 7 2026, 12:01 AM
Harbormaster completed remote builds in B72007: Diff 175014.Apr 7 2026, 12:01 AM
kevans added a comment.Apr 7 2026, 12:06 AM

I think the concept is fine, my main nit is: do we want to call this secure_setenv for symmetry with the secure_getenv name we use in libc, for use in security-sensitive getenv() calls?

sjg added a comment.Apr 7 2026, 1:31 AM
In D56287#1287801, @kevans wrote:

I think the concept is fine, my main nit is: do we want to call this secure_setenv for symmetry with the secure_getenv name we use in libc, for use in security-sensitive getenv() calls?

Good question, I chose boot_setenv to as that seemed to fit with what subr_boot.c looked like, but I'm not wedded to any name

imp accepted this revision.Apr 7 2026, 1:54 AM

I like this, and also @kevans 's suggestion.

This revision is now accepted and ready to land.Apr 7 2026, 1:54 AM
sjg added a comment.Apr 7 2026, 3:15 AM
In D56287#1287811, @imp wrote:

I like this, and also @kevans 's suggestion.

So rename it to secure_setenv ?

sjg added a comment.Apr 7 2026, 3:20 AM
In D56287#1287814, @sjg wrote:
In D56287#1287811, @imp wrote:

I like this, and also @kevans 's suggestion.

So rename it to secure_setenv ?

Actually I'm not sure that's a good idea, boot_setenv makes no promise about any care it might take, and if check_restricted is false it just calls setenv.
secure_setenv might be appropriate if it for example forced check_restricted true, but that could easily be a POLA violation.

kevans accepted this revision.Apr 7 2026, 6:11 AM

That's fair

Closed by commit rGa371b008d13f: Add boot_setenv (authored by sjg). · Explain WhyApr 7 2026, 4:30 PM
This revision was automatically updated to reflect the committed changes.
sjg added a commit: rGa371b008d13f: Add boot_setenv.

Revision Contents
Changeset List

PathSize
stand/
common/
60 lines
efi/
loader/
5 lines
libsa/
76 lines
3 lines
sys/
kern/
2 lines

Diff 175056

View Options

stand/common/commands.c

Loading...
View Options

stand/efi/loader/main.c

Loading...
View Options

stand/libsa/environment.c

Loading...
View Options

stand/libsa/stand.h

Loading...
View Options

sys/kern/subr_boot.c

Loading...