Date: Sat, 3 Apr 2010 04:53:51 -0700 From: Garrett Cooper <yanefbsd@gmail.com> To: Joerg Sonnenberger <joerg@britannica.bec.de> Cc: svn-src-all@freebsd.org Subject: Re: svn commit: r206043 - in head/usr.sbin/pkg_install: add delete lib version Message-ID: <x2o7d6fde3d1004030453xed4aa357lb8738c944524acd0@mail.gmail.com> In-Reply-To: <20100403114055.GC23007@britannica.bec.de> References: <201004011427.o31ERTaT056824@svn.freebsd.org> <k2m7d6fde3d1004011702ha697cd7bg96cf6bd8f58babb4@mail.gmail.com> <20100402001231.GA16732@britannica.bec.de> <t2n7d6fde3d1004030432mc5588c92ic8de3c260d0677@mail.gmail.com> <20100403114055.GC23007@britannica.bec.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Apr 3, 2010 at 4:40 AM, Joerg Sonnenberger
<joerg@britannica.bec.de> wrote:
> On Sat, Apr 03, 2010 at 04:32:15AM -0700, Garrett Cooper wrote:
>> =A0 =A0I'm sorry but I'm a little bit confused by this statement: do you
>> mean that you're replacing PATH_MAX sized buffers to FILENAME_MAX
>> sized buffers? If so this may cause an issue because several of the
>> variables used in constructing the file paths in pkg_install aren't
>> necessarily correct in overflow cases. We need to avoid introducing
>> potential functional flaws with filename truncation like this.
>
> No, I am replacing fixed size buffers with variable size buffers. The
> extraction code should generally be able to support arbitrary deep path
> names, for the rest the kernel can complain.
Depending on how this is implemented, this could either be a minor
functional issue, or a really bad security issue then waiting to
happen because people can craft paths such that things aren't properly
are either incorrect in the best case scenario, or could provide a
back door to circumvent some points in how packages are installed,
etc. Furthermore dynamic heap allocation and deallocation turns into a
pain with pkg_install (for instance in its current incarnation on
FreeBSD) because there are a number of exit points in the system that
need to be covered in order to do things correctly and properly.
sysinstall and pkg_install [in FreeBSD] are enough of a mess
without introducing new potential functional and security flaws, and
unnecessary complexity. I'd rather not do down this road especially
when we know the limitations of the operating systems' filesystems via
well-defined and well-known constants, and when these buffers are
small enough and spread far enough in-between that it shouldn't
necessarily be a scalability issue.
Thanks,
-Garrett
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?x2o7d6fde3d1004030453xed4aa357lb8738c944524acd0>