From owner-freebsd-current@freebsd.org Sat May 14 19:51:35 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0C0E0B3B51D for ; Sat, 14 May 2016 19:51:35 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from mail.auburn.protected-networks.net (mail.auburn.protected-networks.net [IPv6:2001:470:1f07:4e1::3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.auburn.protected-networks.net", Issuer "Protected Networks Root CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C21531EA4; Sat, 14 May 2016 19:51:34 +0000 (UTC) (envelope-from imb@protected-networks.net) Received: from [192.168.1.10] (toshi.auburn.protected-networks.net [192.168.1.10]) (Authenticated sender: imb@mail.auburn.protected-networks.net) by mail.auburn.protected-networks.net (Postfix) with ESMTPA id 11095E; Sat, 14 May 2016 15:51:33 -0400 (EDT) Subject: Re: libarchive update SVN r299529 breaks "ezjail update" To: Tim Kientzle , Martin Matuska References: <2c059cf5-2c8a-3b89-16c3-eedf02a01ec5@protected-networks.net> <20160512173440.Horde.5l1s9ijXRgAeMNgmT0MmCPa@mail.vx.sk> <20160512175418.Horde.JvYoOSRwfU_l2TIXv697u2B@mail.vx.sk> <13C1C575-4AEA-463F-A6BE-92843DAD7B53@kientzle.com> Cc: FreeBSD current From: michael butler Message-ID: <7838d5e7-5d81-37f5-53dd-efdd0e855ea6@protected-networks.net> Date: Sat, 14 May 2016 15:51:32 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.1.0 MIME-Version: 1.0 In-Reply-To: <13C1C575-4AEA-463F-A6BE-92843DAD7B53@kientzle.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 14 May 2016 19:51:35 -0000 From the looks of this, I think it's likely better to have the default be "secure" and ezjail-admin use the "--insecure" flag as an explicit override. That's the only place I've noticed the need for it although I've not done an extensive search for any other instances in which it might be required, imb On 5/14/2016 3:46 PM, Tim Kientzle wrote: > A little history about this issue: > > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304 > > >> On May 14, 2016, at 12:17 PM, Tim Kientzle wrote: >> >> Many people consider the traditional behavior to be a security risk, which is why this was changed. >> >> FreeBSD is welcome to make --insecure the default on FreeBSD, but I'm reluctant to do that in the upstream libarchive project. >> >> Tim >> >> >>> On May 12, 2016, at 8:54 AM, Martin Matuska wrote: >>> >>> Looks like we have to remove line #174 from cpio/cpio.c: >>> cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS; >>> >>> This breaks traditional cpio behavior. >>> >>> Quoting Martin Matuska : >>> >>>> Hi Michael, I have looked at the source and this is an intended change in 3.2.0. >>>> >>>> An absolute path security check was added, cpio refuses to extract or copy over absolute paths. To do this anyway the "--insecure" flag must be used. >>>> >>>> Here is the commit: >>>> https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526 >>>> >>>> Quoting Michael Butler : >>>> >>>>> It seems that today's libarchive update breaks cpio's behaviour: >>>>> >>>>> sudo ezjail-admin update -i -s /usr/src >>>>> >>>>> [ .. ] >>>>> >>>>> cd /usr/src/etc/..; install -o root -g wheel -m 444 COPYRIGHT >>>>> /usr/local/jails/fulljail/ >>>>> install -o root -g wheel -m 444 >>>>> /usr/src/etc/../sys/i386/conf/GENERIC.hints >>>>> /usr/local/jails/fulljail/boot/device.hints >>>>> /usr/local/jails/basejail/bincpio: bin: Path is absolute: Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/catcpio: bin/cat: Path is absolute: >>>>> Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/chflagscpio: bin/chflags: Path is >>>>> absolute: Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/chiocpio: bin/chio: Path is absolute: >>>>> Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/chmodcpio: bin/chmod: Path is absolute: >>>>> Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/cpcpio: bin/cp: Path is absolute: Unknown >>>>> error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/datecpio: bin/date: Path is absolute: >>>>> Unknown error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/ddcpio: bin/dd: Path is absolute: Unknown >>>>> error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/dfcpio: bin/df: Path is absolute: Unknown >>>>> error: -1 >>>>> >>>>> /usr/local/jails/basejail/bin/domainnamecpio: bin/domainname: Path is >>>>> absolute: Unknown error: -1 >>>>> [ .. etc. .. ] >>>> >>>> >>>> >>>> Martin Matuska >>>> FreeBSD committer >>>> http://blog.vx.sk >>> >>> >>> >>> Martin Matuska >>> FreeBSD committer >>> http://blog.vx.sk >> >