Date: Thu, 29 Sep 2016 04:28:53 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@FreeBSD.org> Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: Re: svn commit: r306417 - head/usr.sbin/portsnap/portsnap Message-ID: <20160929082853.GA45358@mutt-hardenedbsd> In-Reply-To: <201609282122.u8SLMprw047702@repo.freebsd.org> References: <201609282122.u8SLMprw047702@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--8t9RHnE3ZwKMSgU+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Sep 28, 2016 at 09:22:51PM +0000, Ed Maste wrote: > Author: emaste > Date: Wed Sep 28 21:22:51 2016 > New Revision: 306417 > URL: https://svnweb.freebsd.org/changeset/base/306417 >=20 > Log: > portsnap: only move expected snapshot contents from snap/ to files/ > =20 > Previously it was possible to smuggle in addional files that would > be used by later portsnap runs. Now we only move those files expected > to be in the snapshot into files/ and require that there are no > unexpected files. > =20 > This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic > attacks against FreeBSD update components" anonymous gist. > =20 > Reported by: anonymous gist > Reviewed by: allanjude, delphij > MFC after: ASAP > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D8052 Hey Ed, Any plans to release a security announcement? Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --8t9RHnE3ZwKMSgU+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJX7NDCAAoJEGqEZY9SRW7u1DkQAI98F0TAngluIreMRL8V/r5k TdstrIvPVRs8zDa+8QTaHFS/TRrnFvaqhPNKV1vr4yyAcbZax+dDJzrDehLiA5nd j3HnS4vjHcUeAIHwMKfPb12IroJA2jvEWDLfBgXONm80dn8WFzt4tTnvLtTiAncH ZXdlNkzo5PO9VAcLDVKdCE0ijOxm5fkPuVjq22NFwqjn7ojtNzuzuIsthANmkug9 GAqaFUBV3RE2u1WdRjU+T2ywY/vgTMU6xdf0eGnTApFtXcjwZVT+k8jwBHmGKGfk XFIwEWH2yBR5mzQSsdBtwFUQjiZ/cQhIWABOclVUvrDUUu6hMpjmdhS8wcGXlc5C yPbd/Q6aViNE5rt0fCY6Lyi9LdeWnESQPeXq89WPuc/PuNdmTGg63jI0htJqHzZ9 dI6/mOdMrDewx0/YmnkrE+ruxCenEcr+ofHDuYRZahYr7N803k5/nsnLIr1B7hVn Mz91A4mQmcSzGqTYjKANROISkjXXWCABDtHeTNox2T71XfqoF7yJcyGvWOO1sUCH 9Goj/g+kjTTxjBNIUagbh9zKddk5OqE5CDwqS/EjpD5OBsDWRvl/mesCx9C2FwqZ bpetdzpPpuLAIiSnfuWq6OhCbH31ffjZfcF/De/LCmYYR3cF7+vBysDAZDrs3Kv8 RMbmmUDUD9JhPl5YWyH8 =nU1M -----END PGP SIGNATURE----- --8t9RHnE3ZwKMSgU+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160929082853.GA45358>