Date: Wed, 04 Dec 2013 13:09:35 -0800 From: Darren Pilgrim <list_freebsd@bluerosetech.com> To: Ben Morrow <ben@morrow.me.uk>, freebsd-stable@freebsd.org Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken Message-ID: <529F9A0F.3080608@bluerosetech.com> In-Reply-To: <20131204201312.GA39227@anubis.morrow.me.uk> References: <CAAoTqfu904a=W8zZ_170bjVUUeqxe-Jajo_W=g%2BU2vk%2BwTdaeg@mail.gmail.com> <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com> <CAAoTqftxt74DEWjxeYtpaiavqiuj8_gawY4%2BGpHirWM-FPaKQQ@mail.gmail.com> <A7DF3606-B33E-4117-A1DB-FE759E0A0E5F@fisglobal.com> <CAAoTqfvaPb4go_d7aeU0sepmPAGey1WuAtxVYsour11DVTguBQ@mail.gmail.com> <20131204201312.GA39227@anubis.morrow.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 12/4/2013 12:13 PM, Ben Morrow wrote: > Quoth Devin Teske <dteske@freebsd.org>: >> >> The procedure I use is to take the existing ISO and... >> >> 1. use mdconfig to access it >> 2. use mount_cd9660 to mount it >> 3. use rsync to copy the contents to a local dir > > It's more secure to use tar for these three steps. Filesystems generally > aren't hardened against malicious input. I'm curious about this statement. What extra security would tar get you? Tar would be faster, but I can't think of how it would be more secure since it's all going to end up on the same filesystem either way.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?529F9A0F.3080608>