-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 03/22/2013 08:23 PM, Wolfgang Denk wrote:
Dear Nishanth Menon,
In message 1363992223-1628-1-git-send-email-nm@ti.com you wrote:
For production systems it is better to use script images since they are protected by checksums and carry valuable information like name and timestamp. Also, you can't validate the content passed to env import.
But for development, it is easier to use the env import command and plain text files instead of script-images.
Be careful here. There are some subtle, but important differences.
With a script image, you are basically running standard commands, which includes certain tests and limitations. With "env import", you are just importing a set of environment settings, without further tests for permissions, etc.
For example, think if data like your MAC address or board serial number are important to you, or if you are willing to have any user overwrite these with arbitrary data.
Right. What I really want to see happen, and hope to find some time to play with, is moving this almost identical in 3+ boards BOOTCOMMAND into something that can be included and is commented enough to make such risks clear. For all of these development platforms that ship with example filesystems with no-password remote ssh root login, it's just another secure-me spot, but indeed, there is a risk of leakage into production systems if such things aren't clear. This came from the beagle boards where it's really useful for a developer-focused board (edit a plain text file, and have things just update and work? yay).
- -- Tom