From owner-svn-src-stable@freebsd.org Wed Oct 5 00:33:08 2016 Return-Path: Delivered-To: svn-src-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29789AF6475; Wed, 5 Oct 2016 00:33:08 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id ECB08C25; Wed, 5 Oct 2016 00:33:07 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u950X79o037167; Wed, 5 Oct 2016 00:33:07 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u950X7H7037166; Wed, 5 Oct 2016 00:33:07 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201610050033.u950X7H7037166@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Wed, 5 Oct 2016 00:33:07 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r306697 - stable/10/usr.sbin/portsnap/portsnap X-SVN-Group: stable-10 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for all the -stable branches of the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 05 Oct 2016 00:33:08 -0000 Author: emaste Date: Wed Oct 5 00:33:06 2016 New Revision: 306697 URL: https://svnweb.freebsd.org/changeset/base/306697 Log: MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/ Previously it was possible to smuggle in addional files that would be used by later portsnap runs. Now we only move those files expected to be in the snapshot into files/ and require that there are no unexpected files. This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic attacks against FreeBSD update components" anonymous gist. Modified: stable/10/usr.sbin/portsnap/portsnap/portsnap.sh Directory Properties: stable/10/ (props changed) Modified: stable/10/usr.sbin/portsnap/portsnap/portsnap.sh ============================================================================== --- stable/10/usr.sbin/portsnap/portsnap/portsnap.sh Tue Oct 4 23:12:35 2016 (r306696) +++ stable/10/usr.sbin/portsnap/portsnap/portsnap.sh Wed Oct 5 00:33:06 2016 (r306697) @@ -686,6 +686,13 @@ fetch_snapshot() { fetch_index_sanity || return 1 # Verify the snapshot contents cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1 + cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected + find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap + if ! cmp -s files.expected files.snap; then + echo "unexpected files in snapshot." + return 1 + fi + rm files.expected files.snap echo "done." # Move files into their proper locations