mirror of
https://git.proxmox.com/git/fwupd
synced 2025-07-27 07:52:24 +00:00
47efacfe5d
We used the firmware builder functionality to either build or modify firmware images on the end-user system, e.g. copying the MAC address from the old system image to the new system image. Unfortunately running fwupd on the command line (e.g. ./src/fwupd) leaves the tty connected and thus bubblewrap doesn't protect us from installing malicious signed firmware. The firmware would have to have been uploaded to the LVFS by a trusted vendor and signed before being installed, which further decreases the severity of this problem. As there was only one vendor who asked for this functionality (who have yet to upload a single firmware to the LVFS...) just rip out this functionality to reduce our attack surface and completely fix the bug, and any like it. Many thanks to Aaron Janse <aaron@ajanse.me> for discovering and disclosing this issue to us. |
||
|---|---|---|
| .. | ||
| fwupdagent | ||
| fwupdmgr | ||
| fwupdtool | ||
| meson.build | ||