[Bug 1787630] Re: [FFe] Include HTTP support in pre-build GRUB module

Alex Murray alex.murray at canonical.com
Wed Feb 27 00:42:50 UTC 2019 

http.c generally looks okay - errors are usually checked and handled,
care is taken to ensure buffers are not overrun etc, sizes are handled
well etc. From what I can see it appears to also appropriately check
input to ensure it doesn't blindly trust it as well.

Also the upstream history of this file looks pretty stable too
http://git.savannah.gnu.org/gitweb/?p=grub.git;a=history;f=grub-
core/net/http.c

So nothing in particular stands out as a red-flag security wise that I
can see.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1787630

Title:
  [FFe] Include HTTP support in pre-build GRUB module

Status in grub2 package in Ubuntu:
  New

Bug description:
  {Description]
  Grub supports booting files over the network via both FTP/HTTP. However, the Ubuntu package is not built with the grub HTTP modules. Enabling this would allow grub to obtain files over HTTP (such as initrd/kernel).

  [Rationale]
  Enabling HTTP support for Grub would allow MAAS to use such functionality to boot files over the network with HTTP. This allows for improvement performance (vs using ftp) and for better security.

  MAAS would use this to download kernel and initrd over HTTP instead of
  FTP at first for performance improvements.

  [Original bug report]

  GRUB has builtin support for HTTP via http.mod. This module is not
  being included in the prebuild grubnetx64.efi. All that should be
  required is adding the http module. I also suggest building
  grubnetx64.efi using GRUB modules to include lvm and RAID support this
  will allow grubnetx64.efi to local boot in all situations.

  --- build-efi-images	2018-08-17 10:50:35.124311043 -0700
  +++ build-efi-images.new	2018-08-17 10:50:59.270661126 -0700
  @@ -148,8 +148,9 @@
    raid5rec
    raid6rec
    "
  -NET_MODULES="$CD_MODULES
  +NET_MODULES="$GRUB_MODULES
    tftp
  +	http
    "

   "$grub_mkimage" -O "$platform" -o "$outdir/gcd$efi_name.efi" \

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1787630/+subscriptions

More information about the foundations-bugs mailing list