Date: Wed, 4 Dec 2013 23:01:59 +0000 From: Ben Morrow <ben@morrow.me.uk> To: freebsd-stable@freebsd.org Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken Message-ID: <20131204230155.GA40375@anubis.morrow.me.uk> In-Reply-To: <529F9A0F.3080608@bluerosetech.com> References: <CAAoTqfu904a=W8zZ_170bjVUUeqxe-Jajo_W=g%2BU2vk%2BwTdaeg@mail.gmail.com> <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com> <CAAoTqftxt74DEWjxeYtpaiavqiuj8_gawY4%2BGpHirWM-FPaKQQ@mail.gmail.com> <A7DF3606-B33E-4117-A1DB-FE759E0A0E5F@fisglobal.com> <CAAoTqfvaPb4go_d7aeU0sepmPAGey1WuAtxVYsour11DVTguBQ@mail.gmail.com> <20131204201312.GA39227@anubis.morrow.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Quoth Darren Pilgrim <list_freebsd@bluerosetech.com>: > On 12/4/2013 12:13 PM, Ben Morrow wrote: > > Quoth Devin Teske <dteske@freebsd.org>: > >> > >> The procedure I use is to take the existing ISO and... > >> > >> 1. use mdconfig to access it > >> 2. use mount_cd9660 to mount it > >> 3. use rsync to copy the contents to a local dir > > > > It's more secure to use tar for these three steps. Filesystems generally > > aren't hardened against malicious input. > > I'm curious about this statement. What extra security would tar get > you? Tar would be faster, but I can't think of how it would be more > secure since it's all going to end up on the same filesystem either way. Tar can extract files from an ISO without using mdconfig or the kernel's cd9660 filesystem. It's possible that a maliciously corrupted ISO image could cause a buffer overflow or similar inside the cd9660 filesystem code; at that point you've got a kernel-mode security breach. Tar's implementation of ISO9660 (in libarchive) runs in usermode with the current user's privileges, so the potential consequences of a bug are much less serious. Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131204230155.GA40375>