From owner-freebsd-current@freebsd.org  Sat May 14 20:08:18 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id D3C88B3BAF9
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Sat, 14 May 2016 20:08:18 +0000 (UTC) (envelope-from ian@freebsd.org)
Received: from outbound1b.ore.mailhop.org (outbound1b.ore.mailhop.org
 [54.200.247.200])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id AB1A51F4D
 for <freebsd-current@freebsd.org>; Sat, 14 May 2016 20:08:18 +0000 (UTC)
 (envelope-from ian@freebsd.org)
X-MHO-User: a15c4fcf-1a0f-11e6-9de8-1b78d5a2543b
X-Report-Abuse-To: https://support.duocircle.com/support/solutions/articles/5000540958-duocircle-standard-smtp-abuse-information
X-Originating-IP: 73.34.117.227
X-Mail-Handler: DuoCircle Outbound SMTP
Received: from ilsoft.org (unknown [73.34.117.227])
 by outbound1.ore.mailhop.org (Halon Mail Gateway) with ESMTPSA;
 Sat, 14 May 2016 20:08:31 +0000 (UTC)
Received: from rev (rev [172.22.42.240])
 by ilsoft.org (8.15.2/8.14.9) with ESMTP id u4EK899L042764;
 Sat, 14 May 2016 14:08:09 -0600 (MDT) (envelope-from ian@freebsd.org)
Message-ID: <1463256489.1180.139.camel@freebsd.org>
Subject: Re: libarchive update SVN r299529 breaks "ezjail update"
From: Ian Lepore <ian@freebsd.org>
To: michael butler <imb@protected-networks.net>, Tim Kientzle
 <tim@kientzle.com>, Martin Matuska <mm@freebsd.org>
Cc: FreeBSD current <freebsd-current@freebsd.org>
Date: Sat, 14 May 2016 14:08:09 -0600
In-Reply-To: <7838d5e7-5d81-37f5-53dd-efdd0e855ea6@protected-networks.net>
References: <2c059cf5-2c8a-3b89-16c3-eedf02a01ec5@protected-networks.net>
 <20160512173440.Horde.5l1s9ijXRgAeMNgmT0MmCPa@mail.vx.sk>
 <20160512175418.Horde.JvYoOSRwfU_l2TIXv697u2B@mail.vx.sk>
 <E9B21A7F-AD3A-4182-AACC-3B92BBEF1216@kientzle.com>
 <13C1C575-4AEA-463F-A6BE-92843DAD7B53@kientzle.com>
 <7838d5e7-5d81-37f5-53dd-efdd0e855ea6@protected-networks.net>
Content-Type: text/plain; charset="us-ascii"
X-Mailer: Evolution 3.16.5 FreeBSD GNOME Team Port 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 14 May 2016 20:08:18 -0000

On Sat, 2016-05-14 at 15:51 -0400, michael butler wrote:
>  From the looks of this, I think it's likely better to have the
> default 
> be "secure" and ezjail-admin use the "--insecure" flag as an explicit
> override. That's the only place I've noticed the need for it although
> I've not done an extensive search for any other instances in which it
> might be required,
> 
> 	imb
> 

The real damage will happen to out-of-tree users.  I think this will
impact our software updater for $work for example, and it has to work
with both old and new versions of libarchive, and now the new version
will require a flag that the old version will reject as unknown.

Ick.

-- Ian

> On 5/14/2016 3:46 PM, Tim Kientzle wrote:
> > A little history about this issue:
> > 
> > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2304
> > 
> > 
> > > On May 14, 2016, at 12:17 PM, Tim Kientzle <tim@kientzle.com>
> > > wrote:
> > > 
> > > Many people consider the traditional behavior to be a security
> > > risk, which is why this was changed.
> > > 
> > > FreeBSD is welcome to make --insecure the default on FreeBSD, but
> > > I'm reluctant to do that in the upstream libarchive project.
> > > 
> > > Tim
> > > 
> > > 
> > > > On May 12, 2016, at 8:54 AM, Martin Matuska <mm@freebsd.org>
> > > > wrote:
> > > > 
> > > > Looks like we have to remove line #174 from cpio/cpio.c:
> > > > cpio->extract_flags |= ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS;
> > > > 
> > > > This breaks traditional cpio behavior.
> > > > 
> > > > Quoting Martin Matuska <mm@freebsd.org>:
> > > > 
> > > > > Hi Michael, I have looked at the source and this is an
> > > > > intended change in 3.2.0.
> > > > > 
> > > > > An absolute path security check was added, cpio refuses to
> > > > > extract or copy over absolute paths. To do this anyway the "-
> > > > > -insecure" flag must be used.
> > > > > 
> > > > > Here is the commit:
> > > > > https://github.com/libarchive/libarchive/commit/59357157706d4
> > > > > 7c365b2227739e17daba3607526
> > > > > 
> > > > > Quoting Michael Butler <imb@protected-networks.net>:
> > > > > 
> > > > > > It seems that today's libarchive update breaks cpio's
> > > > > > behaviour:
> > > > > > 
> > > > > > sudo ezjail-admin update -i -s /usr/src
> > > > > > 
> > > > > > [ .. ]
> > > > > > 
> > > > > > cd /usr/src/etc/..; install -o root -g wheel -m 444 
> > > > > >  COPYRIGHT
> > > > > > /usr/local/jails/fulljail/
> > > > > > install -o root -g wheel -m 444
> > > > > > /usr/src/etc/../sys/i386/conf/GENERIC.hints
> > > > > > /usr/local/jails/fulljail/boot/device.hints
> > > > > > /usr/local/jails/basejail/bincpio: bin: Path is absolute:
> > > > > > Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/catcpio: bin/cat: Path is
> > > > > > absolute:
> > > > > > Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/chflagscpio: bin/chflags:
> > > > > > Path is
> > > > > > absolute: Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/chiocpio: bin/chio: Path is
> > > > > > absolute:
> > > > > > Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/chmodcpio: bin/chmod: Path is
> > > > > > absolute:
> > > > > > Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/cpcpio: bin/cp: Path is
> > > > > > absolute: Unknown
> > > > > > error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/datecpio: bin/date: Path is
> > > > > > absolute:
> > > > > > Unknown error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/ddcpio: bin/dd: Path is
> > > > > > absolute: Unknown
> > > > > > error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/dfcpio: bin/df: Path is
> > > > > > absolute: Unknown
> > > > > > error: -1
> > > > > > 
> > > > > > /usr/local/jails/basejail/bin/domainnamecpio:
> > > > > > bin/domainname: Path is
> > > > > > absolute: Unknown error: -1
> > > > > > [ .. etc. .. ]
> > > > > 
> > > > > 
> > > > > 
> > > > > Martin Matuska
> > > > > FreeBSD committer
> > > > > http://blog.vx.sk
> > > > 
> > > > 
> > > > 
> > > > Martin Matuska
> > > > FreeBSD committer
> > > > http://blog.vx.sk
> > > 
> > 
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "
> freebsd-current-unsubscribe@freebsd.org"