From owner-freebsd-stable@FreeBSD.ORG Thu Dec 5 04:38:54 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 62E3D3AE; Thu, 5 Dec 2013 04:38:54 +0000 (UTC) Received: from mx1.fisglobal.com (mx1.fisglobal.com [199.200.24.190]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 26C111AEA; Thu, 5 Dec 2013 04:38:53 +0000 (UTC) Received: from smtp.fisglobal.com ([10.132.206.15]) by ltcfislmsgpa06.fnfis.com (8.14.5/8.14.5) with ESMTP id rB54crth026571 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Wed, 4 Dec 2013 22:38:53 -0600 Received: from LTCFISWMSGMB21.FNFIS.com ([169.254.1.7]) by LTCFISWMSGHT04.FNFIS.com ([10.132.206.15]) with mapi id 14.03.0158.001; Wed, 4 Dec 2013 22:38:52 -0600 From: "Teske, Devin" To: Ben Morrow Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken Thread-Topic: 10.0-BETA4 bsdinstall zfs encryption broken Thread-Index: AQHO8QaC77Xoj3vXVkiDX6Q4LidGfg== Date: Thu, 5 Dec 2013 04:38:51 +0000 Message-ID: <41DA6C6E-1D37-424A-B3EB-6A5CD8ECB022@fisglobal.com> References: <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com> <20131204201312.GA39227@anubis.morrow.me.uk> <20131204230155.GA40375@anubis.morrow.me.uk> In-Reply-To: <20131204230155.GA40375@anubis.morrow.me.uk> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.132.253.120] Content-Type: text/plain; charset="us-ascii" Content-ID: <6831DE20D963004F85692AE62EB000B8@fisglobal.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.72, 1.0.14, 0.0.0000 definitions=2013-12-05_01:2013-12-05,2013-12-05,1970-01-01 signatures=0 Cc: Devin Teske , freebsd-stable stable , "Teske, Devin" X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list Reply-To: Devin Teske List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Dec 2013 04:38:54 -0000 On Dec 4, 2013, at 3:01 PM, Ben Morrow wrote: > Quoth Darren Pilgrim : >> On 12/4/2013 12:13 PM, Ben Morrow wrote: >>> Quoth Devin Teske : >>>>=20 >>>> The procedure I use is to take the existing ISO and... >>>>=20 >>>> 1. use mdconfig to access it >>>> 2. use mount_cd9660 to mount it >>>> 3. use rsync to copy the contents to a local dir >>>=20 >>> It's more secure to use tar for these three steps. Filesystems generally >>> aren't hardened against malicious input. >>=20 >> I'm curious about this statement. What extra security would tar get=20 >> you? Tar would be faster, but I can't think of how it would be more=20 >> secure since it's all going to end up on the same filesystem either way. >=20 > Tar can extract files from an ISO Doesn't work in 9.2-R; which is why I still go to mdconfig+rsync. >From 9.2-R... $ tar xf ../FreeBSD-10.0-BETA2-i386-20131031-r257419-disc1.iso=20 etc/termcap.small: Can't create 'etc/termcap.small' etc/unbound: Can't create 'etc/unbound' sbin/nos-tun: Can't create 'sbin/nos-tun' usr/bin/make: Can't create 'usr/bin/make' usr/bin/newgrp: Can't create 'usr/bin/newgrp' usr/bin/pic: Can't create 'usr/bin/pic' ... ad nauseum ... Analyzing the situation, for every file that has a symlink *to* it, the file is not unpacked. So for the case of all the library files, where there is a *.so symlink to a *.so.N... the *.so.N is not created, but the *.so symlink is. So the unpacked data ends up being unusable. Tried on 10.0 and worked fine. So problem is 9.2-R libarchive. ---=20 Devin _____________ The information contained in this message is proprietary and/or confidentia= l. If you are not the intended recipient, please: (i) delete the message an= d all copies; (ii) do not disclose, distribute or use the message in any ma= nner; and (iii) notify the sender immediately. In addition, please be aware= that any message addressed to our domain is subject to archiving and revie= w by persons other than the intended recipient. Thank you.