Date: Thu, 5 Dec 2013 04:38:51 +0000 From: "Teske, Devin" <Devin.Teske@fisglobal.com> To: Ben Morrow <ben@morrow.me.uk> Cc: Devin Teske <dteske@freebsd.org>, freebsd-stable stable <freebsd-stable@freebsd.org>, "Teske, Devin" <Devin.Teske@fisglobal.com> Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken Message-ID: <41DA6C6E-1D37-424A-B3EB-6A5CD8ECB022@fisglobal.com> In-Reply-To: <20131204230155.GA40375@anubis.morrow.me.uk> References: <CAAoTqfu904a=W8zZ_170bjVUUeqxe-Jajo_W=g%2BU2vk%2BwTdaeg@mail.gmail.com> <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com> <CAAoTqftxt74DEWjxeYtpaiavqiuj8_gawY4%2BGpHirWM-FPaKQQ@mail.gmail.com> <A7DF3606-B33E-4117-A1DB-FE759E0A0E5F@fisglobal.com> <CAAoTqfvaPb4go_d7aeU0sepmPAGey1WuAtxVYsour11DVTguBQ@mail.gmail.com> <20131204201312.GA39227@anubis.morrow.me.uk> <20131204230155.GA40375@anubis.morrow.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 4, 2013, at 3:01 PM, Ben Morrow wrote: > Quoth Darren Pilgrim <list_freebsd@bluerosetech.com>: >> On 12/4/2013 12:13 PM, Ben Morrow wrote: >>> Quoth Devin Teske <dteske@freebsd.org>: >>>>=20 >>>> The procedure I use is to take the existing ISO and... >>>>=20 >>>> 1. use mdconfig to access it >>>> 2. use mount_cd9660 to mount it >>>> 3. use rsync to copy the contents to a local dir >>>=20 >>> It's more secure to use tar for these three steps. Filesystems generally >>> aren't hardened against malicious input. >>=20 >> I'm curious about this statement. What extra security would tar get=20 >> you? Tar would be faster, but I can't think of how it would be more=20 >> secure since it's all going to end up on the same filesystem either way. >=20 > Tar can extract files from an ISO Doesn't work in 9.2-R; which is why I still go to mdconfig+rsync. >From 9.2-R... $ tar xf ../FreeBSD-10.0-BETA2-i386-20131031-r257419-disc1.iso=20 etc/termcap.small: Can't create 'etc/termcap.small' etc/unbound: Can't create 'etc/unbound' sbin/nos-tun: Can't create 'sbin/nos-tun' usr/bin/make: Can't create 'usr/bin/make' usr/bin/newgrp: Can't create 'usr/bin/newgrp' usr/bin/pic: Can't create 'usr/bin/pic' ... ad nauseum ... Analyzing the situation, for every file that has a symlink *to* it, the file is not unpacked. So for the case of all the library files, where there is a *.so symlink to a *.so.N... the *.so.N is not created, but the *.so symlink is. So the unpacked data ends up being unusable. Tried on 10.0 and worked fine. So problem is 9.2-R libarchive. ---=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41DA6C6E-1D37-424A-B3EB-6A5CD8ECB022>