From owner-freebsd-stable@FreeBSD.ORG  Wed Dec  4 20:21:29 2013
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 5C02BD56
 for <freebsd-stable@freebsd.org>; Wed,  4 Dec 2013 20:21:29 +0000 (UTC)
Received: from isis.morrow.me.uk (isis.morrow.me.uk [204.109.63.142])
 by mx1.freebsd.org (Postfix) with ESMTP id 324091EBC
 for <freebsd-stable@freebsd.org>; Wed,  4 Dec 2013 20:21:28 +0000 (UTC)
Received: from anubis.morrow.me.uk
 (host86-140-233-167.range86-140.btcentralplus.com [86.140.233.167])
 (Authenticated sender: mauzo)
 by isis.morrow.me.uk (Postfix) with ESMTPSA id ABD38450BF
 for <freebsd-stable@freebsd.org>; Wed,  4 Dec 2013 20:13:21 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.8.3 isis.morrow.me.uk ABD38450BF
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=morrow.me.uk;
 s=dkim201101; t=1386188001;
 bh=/czcfTV5rN9k4q3YE3/FWtYayYAk11GbnnVmzTTQ3kg=;
 h=Date:From:To:Subject:References:In-Reply-To;
 b=TgjluPKY3nKQN2RxlRDMmSvccJxVfLs1ra1eVmAuPyw5NgSqFOFTvPX3Q9r9BQZDp
 U8yRK7t9vrRK1AgBzkQKLlncZOe4Zh7cCfT6GxTTGdS3MSKDC3mp93tN3Q0q+y1yLZ
 /UzW/Zkagz1wEvfyfdgMXIP38ATKmiXu7brWx6TQ=
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.98 at isis.morrow.me.uk
Received: by anubis.morrow.me.uk (Postfix, from userid 5001)
 id 0D7F6F5BB; Wed,  4 Dec 2013 20:13:17 +0000 (GMT)
Date: Wed, 4 Dec 2013 20:13:17 +0000
From: Ben Morrow <ben@morrow.me.uk>
To: freebsd-stable@freebsd.org
Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken
Message-ID: <20131204201312.GA39227@anubis.morrow.me.uk>
References: <CAAoTqfu904a=W8zZ_170bjVUUeqxe-Jajo_W=g+U2vk+wTdaeg@mail.gmail.com>
 <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com>
 <CAAoTqftxt74DEWjxeYtpaiavqiuj8_gawY4+GpHirWM-FPaKQQ@mail.gmail.com>
 <A7DF3606-B33E-4117-A1DB-FE759E0A0E5F@fisglobal.com>
 <CAAoTqfvaPb4go_d7aeU0sepmPAGey1WuAtxVYsour11DVTguBQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <BB420342-E706-4A47-B6C8-C0F6989494E8@fisglobal.com>
X-Newsgroups: gmane.os.freebsd.stable
User-Agent: Mutt/1.5.22 (2013-10-16)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2013 20:21:29 -0000

Quoth Devin Teske <dteske@freebsd.org>:
> 
> The procedure I use is to take the existing ISO and...
> 
> 1. use mdconfig to access it
> 2. use mount_cd9660 to mount it
> 3. use rsync to copy the contents to a local dir

It's more secure to use tar for these three steps. Filesystems generally
aren't hardened against malicious input.

Ben