K 10 svn:author V 3 cem K 8 svn:date V 27 2020-02-12T15:32:31.035139Z K 7 svn:log V 891 sysutils/grub2-bhyve: Neutralize privileged guest commands GRUB was designed to run in a trusted environment, where anyone with access to grub2.cfg could also modify grub itself. In grub2-bhyve, we have modified it to run in host context, but interpret the commands of guest grub2.cfg. This means we have to worry about malicious guests. This patch addresses two escalation vectors: font-loading, and the direct 'read', 'write', 'in', and 'out' commands (which read/write arbitrary addresses). Both reported by Reno Robert. Disable font-loading by neutering the command. It is believed to be non- essential and there is at least one buffer overflow in the font loading code. Disable reading and writing host memory and IO ports. It is believed to be non-essential. admbugs: 948 Reported by: Reno Robert Approved by: bapt MFH: 2010Q1 (bapt) Security: yes END