* R: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ?
@ 2017-07-18 10:38 ingegneriaforense
2017-07-18 11:28 ` Colin Watson
0 siblings, 1 reply; 3+ messages in thread
From: ingegneriaforense @ 2017-07-18 10:38 UTC (permalink / raw)
To: cjwatson; +Cc: grub-devel
[-- Attachment #1: Type: text/plain, Size: 3001 bytes --]
Dear Colin,
I've read with interest your reply and i gave a look at the grub code.
You wrote an important assertion: "GRUB intentionally has no filesystem writing support".
So, the writing operations that grub can do, only be sent to a pre-allocated memory regions of the disk different in any case from that allocated by the OS for the filesystem, where the user data are stored.
This means that grub never can corrupt the user data.
Please, can you confirm if this my conclusion is right ? Because is this the crucial question i need to solve.
Thanks in advance.
Best Regards.
Vincenzo.
Forensic Consultant
Tribunale di Lecce
Studio: Strada di Garibaldi - Contrada Paradisi
73010 Lequile (LE)
cell: 339.7968555
skype: vincenzo.di_salvo
----Messaggio originale----
Da: cjwatson@ubuntu.com
Data: 17-lug-2017 19.48
A: <grub-devel@gnu.org>
Ogg: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ?
On Mon, Jul 17, 2017 at 07:21:49PM +0200, ingegneriaforense@alice.it wrote:
> CAN GRUB IMPLICITLY WRITE TO A DRIVE ATTACHED TO A COMPUTER ?
>
> Implicitly means: without an explicit command from a user.
Please stop SHOUTING; it's generally considered rather rude.
GRUB intentionally has no general filesystem writing support. As far as
I'm aware there are exactly four ways for it to send any write commands
to disks:
1) The "save_env" command (grub-core/commands/loadenv.c) which writes
key/value pairs to a small preallocated region of disk. This is
used to communicate small amounts of information to the OS, such as
whether the last request to boot a particular menu entry on only the
next boot has been completed.
2) The "gptsync" command (grub-core/commands/gptsync.c), which does
some MBR/GPT partition table mangling needed on some Apple models.
3) The similar "mactelbless" and "macppcbless" commands
(grub-core/commands/macbless.c), which configure a file/directory on
some Apple filesystems to be the 'blessed' boot image for that
filesystem.
4) The "parttool" command (grub-core/commands/parttool.c,
grub-core/parttool/), which can be used to make various
modifications to MBR partition table entries.
GRUB is scriptable, so it isn't possible to give a general answer to
your question for all systems that might have custom configurations, but
the default configuration files only use the "save_env" and "parttool"
commands, the latter only in the case where a chainloadable operating
system was detected on a disk using the MBR partition table format. In
either case, it isn't going to write to a random USB device that's
attached to a machine, although save_env might write to the device it
believes holds /boot/grub/grubenv.
The low-level disk handling code is in grub-core/disk/.
--
Colin Watson [cjwatson@ubuntu.com]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[-- Attachment #2: Type: text/html, Size: 3669 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: R: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ?
2017-07-18 10:38 R: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ? ingegneriaforense
@ 2017-07-18 11:28 ` Colin Watson
0 siblings, 0 replies; 3+ messages in thread
From: Colin Watson @ 2017-07-18 11:28 UTC (permalink / raw)
To: ingegneriaforense; +Cc: grub-devel
On Tue, Jul 18, 2017 at 12:38:33PM +0200, ingegneriaforense@alice.it wrote:
> I've read with interest your reply and i gave a look at the grub code.
>
> You wrote an important assertion: "GRUB intentionally has no filesystem writing support".
>
> So, the writing operations that grub can do, only be sent to a pre-allocated memory regions of the disk different in any case from that allocated by the OS for the filesystem, where the user data are stored.
>
> This means that grub never can corrupt the user data.
>
> Please, can you confirm if this my conclusion is right ? Because is this the crucial question i need to solve.
I would never want to rule out the possibility of strange bugs, but that
is certainly the design.
--
Colin Watson [cjwatson@ubuntu.com]
^ permalink raw reply [flat|nested] 3+ messages in thread
* R: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ?
@ 2017-07-17 18:25 ingegneriaforense
0 siblings, 0 replies; 3+ messages in thread
From: ingegneriaforense @ 2017-07-17 18:25 UTC (permalink / raw)
To: grub-devel; +Cc: cjwatson
[-- Attachment #1: Type: text/plain, Size: 2617 bytes --]
Dear Colin,
I apologize with you. I've used uppercase letter to only put in evidence my question. I had no intention to shouting.
Thank very much.
Your reply is what i was looking for.
Best Regards.
Vincenzo.
Forensic Consultant
Tribunale di Lecce
Studio: Strada di Garibaldi - Contrada Paradisi
73010 Lequile (LE)
cell: 339.7968555
skype: vincenzo.di_salvo
----Messaggio originale----
Da: cjwatson@ubuntu.com
Data: 17-lug-2017 19.48
A: <grub-devel@gnu.org>
Ogg: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ?
On Mon, Jul 17, 2017 at 07:21:49PM +0200, ingegneriaforense@alice.it wrote:
> CAN GRUB IMPLICITLY WRITE TO A DRIVE ATTACHED TO A COMPUTER ?
>
> Implicitly means: without an explicit command from a user.
Please stop SHOUTING; it's generally considered rather rude.
GRUB intentionally has no general filesystem writing support. As far as
I'm aware there are exactly four ways for it to send any write commands
to disks:
1) The "save_env" command (grub-core/commands/loadenv.c) which writes
key/value pairs to a small preallocated region of disk. This is
used to communicate small amounts of information to the OS, such as
whether the last request to boot a particular menu entry on only the
next boot has been completed.
2) The "gptsync" command (grub-core/commands/gptsync.c), which does
some MBR/GPT partition table mangling needed on some Apple models.
3) The similar "mactelbless" and "macppcbless" commands
(grub-core/commands/macbless.c), which configure a file/directory on
some Apple filesystems to be the 'blessed' boot image for that
filesystem.
4) The "parttool" command (grub-core/commands/parttool.c,
grub-core/parttool/), which can be used to make various
modifications to MBR partition table entries.
GRUB is scriptable, so it isn't possible to give a general answer to
your question for all systems that might have custom configurations, but
the default configuration files only use the "save_env" and "parttool"
commands, the latter only in the case where a chainloadable operating
system was detected on a disk using the MBR partition table format. In
either case, it isn't going to write to a random USB device that's
attached to a machine, although save_env might write to the device it
believes holds /boot/grub/grubenv.
The low-level disk handling code is in grub-core/disk/.
--
Colin Watson [cjwatson@ubuntu.com]
_______________________________________________
Grub-devel mailing list
Grub-devel@gnu.org
https://lists.gnu.org/mailman/listinfo/grub-devel
[-- Attachment #2: Type: text/html, Size: 3250 bytes --]
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-07-18 11:28 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-07-18 10:38 R: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ? ingegneriaforense
2017-07-18 11:28 ` Colin Watson
-- strict thread matches above, loose matches on Subject: below --
2017-07-17 18:25 ingegneriaforense
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.