commands/hexdump: Disable memory reading in lockdown mode

author B Horn <b@horn.uk>

Fri, 19 Apr 2024 21:31:45 +0000 (22:31 +0100)

committer Daniel Kiper <daniel.kiper@oracle.com>

Thu, 13 Feb 2025 14:45:56 +0000 (15:45 +0100)
author B Horn <b@horn.uk>
Fri, 19 Apr 2024 21:31:45 +0000 (22:31 +0100)
committer Daniel Kiper <daniel.kiper@oracle.com>
Thu, 13 Feb 2025 14:45:56 +0000 (15:45 +0100)
diff --git a/grub-core/commands/hexdump.c b/grub-core/commands/hexdump.c

index eaa12465bb381c5de0475175289e3e6c0e0bea7e..d6f61d98a1ce4670214e6d1868b9c700811a68c6 100644 (file)
--- a/grub-core/commands/hexdump.c
+++ b/grub-core/commands/hexdump.c
@@ -24,6 +24,7 @@
  #include <grub/lib/hexdump.h>
  #include <grub/extcmd.h>
  #include <grub/i18n.h>
+#include <grub/lockdown.h>
  
  GRUB_MOD_LICENSE ("GPLv3+");
  
@@ -51,7 +52,11 @@ grub_cmd_hexdump (grub_extcmd_context_t ctxt, int argc, char **args)
    length = (state[1].set) ? grub_strtoul (state[1].arg, 0, 0) : 256;
  
    if (!grub_strcmp (args[0], "(mem)"))
-    hexdump (skip, (char *) (grub_addr_t) skip, length);
+    {
+      if (grub_is_lockdown() == GRUB_LOCKDOWN_ENABLED)
+        return grub_error (GRUB_ERR_ACCESS_DENIED, N_("memory reading is disabled in lockdown mode"));
+      hexdump (skip, (char *) (grub_addr_t) skip, length);
+    }
    else if ((args[0][0] == '(') && (args[0][namelen - 1] == ')'))
      {
        grub_disk_t disk;
author	B Horn <b@horn.uk>
	Fri, 19 Apr 2024 21:31:45 +0000 (22:31 +0100)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Thu, 13 Feb 2025 14:45:56 +0000 (15:45 +0100)