Date: Thu, 5 Dec 2013 04:38:51 +0000 From: "Teske, Devin" <Devin.Teske@fisglobal.com> To: Ben Morrow <ben@morrow.me.uk> Cc: Devin Teske <dteske@freebsd.org>, freebsd-stable stable <freebsd-stable@freebsd.org>, "Teske, Devin" <Devin.Teske@fisglobal.com> Subject: Re: 10.0-BETA4 bsdinstall zfs encryption broken Message-ID: <41DA6C6E-1D37-424A-B3EB-6A5CD8ECB022@fisglobal.com> In-Reply-To: <20131204230155.GA40375@anubis.morrow.me.uk> References: <CAAoTqfu904a=W8zZ_170bjVUUeqxe-Jajo_W=g%2BU2vk%2BwTdaeg@mail.gmail.com> <099CD122-B7D8-4FC1-9C99-F19248418CD0@fisglobal.com> <CAAoTqftxt74DEWjxeYtpaiavqiuj8_gawY4%2BGpHirWM-FPaKQQ@mail.gmail.com> <A7DF3606-B33E-4117-A1DB-FE759E0A0E5F@fisglobal.com> <CAAoTqfvaPb4go_d7aeU0sepmPAGey1WuAtxVYsour11DVTguBQ@mail.gmail.com> <20131204201312.GA39227@anubis.morrow.me.uk> <20131204230155.GA40375@anubis.morrow.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Dec 4, 2013, at 3:01 PM, Ben Morrow wrote: > Quoth Darren Pilgrim <list_freebsd@bluerosetech.com>: >> On 12/4/2013 12:13 PM, Ben Morrow wrote: >>> Quoth Devin Teske <dteske@freebsd.org>: >>>> >>>> The procedure I use is to take the existing ISO and... >>>> >>>> 1. use mdconfig to access it >>>> 2. use mount_cd9660 to mount it >>>> 3. use rsync to copy the contents to a local dir >>> >>> It's more secure to use tar for these three steps. Filesystems generally >>> aren't hardened against malicious input. >> >> I'm curious about this statement. What extra security would tar get >> you? Tar would be faster, but I can't think of how it would be more >> secure since it's all going to end up on the same filesystem either way. > > Tar can extract files from an ISO Doesn't work in 9.2-R; which is why I still go to mdconfig+rsync. >From 9.2-R... $ tar xf ../FreeBSD-10.0-BETA2-i386-20131031-r257419-disc1.iso etc/termcap.small: Can't create 'etc/termcap.small' etc/unbound: Can't create 'etc/unbound' sbin/nos-tun: Can't create 'sbin/nos-tun' usr/bin/make: Can't create 'usr/bin/make' usr/bin/newgrp: Can't create 'usr/bin/newgrp' usr/bin/pic: Can't create 'usr/bin/pic' ... ad nauseum ... Analyzing the situation, for every file that has a symlink *to* it, the file is not unpacked. So for the case of all the library files, where there is a *.so symlink to a *.so.N... the *.so.N is not created, but the *.so symlink is. So the unpacked data ends up being unusable. Tried on 10.0 and worked fine. So problem is 9.2-R libarchive. --- Devin _____________ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?41DA6C6E-1D37-424A-B3EB-6A5CD8ECB022>