Date: Wed, 28 Sep 2016 21:22:51 +0000 (UTC) From: Ed Maste <emaste@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r306417 - head/usr.sbin/portsnap/portsnap Message-ID: <201609282122.u8SLMprw047702@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: emaste Date: Wed Sep 28 21:22:51 2016 New Revision: 306417 URL: https://svnweb.freebsd.org/changeset/base/306417 Log: portsnap: only move expected snapshot contents from snap/ to files/ Previously it was possible to smuggle in addional files that would be used by later portsnap runs. Now we only move those files expected to be in the snapshot into files/ and require that there are no unexpected files. This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic attacks against FreeBSD update components" anonymous gist. Reported by: anonymous gist Reviewed by: allanjude, delphij MFC after: ASAP Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D8052 Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh Modified: head/usr.sbin/portsnap/portsnap/portsnap.sh ============================================================================== --- head/usr.sbin/portsnap/portsnap/portsnap.sh Wed Sep 28 20:54:47 2016 (r306416) +++ head/usr.sbin/portsnap/portsnap/portsnap.sh Wed Sep 28 21:22:51 2016 (r306417) @@ -691,6 +691,13 @@ fetch_snapshot() { fetch_index_sanity || return 1 # Verify the snapshot contents cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1 + cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected + find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap + if ! cmp -s files.expected files.snap; then + echo "unexpected files in snapshot." + return 1 + fi + rm files.expected files.snap echo "done." # Move files into their proper locations
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201609282122.u8SLMprw047702>