10.0-BETA4 bsdinstall zfs encryption broken
Ben Morrow
ben at morrow.me.uk
Wed Dec 4 23:02:03 UTC 2013
Quoth Darren Pilgrim <list_freebsd at bluerosetech.com>:
> On 12/4/2013 12:13 PM, Ben Morrow wrote:
> > Quoth Devin Teske <dteske at freebsd.org>:
> >>
> >> The procedure I use is to take the existing ISO and...
> >>
> >> 1. use mdconfig to access it
> >> 2. use mount_cd9660 to mount it
> >> 3. use rsync to copy the contents to a local dir
> >
> > It's more secure to use tar for these three steps. Filesystems generally
> > aren't hardened against malicious input.
>
> I'm curious about this statement. What extra security would tar get
> you? Tar would be faster, but I can't think of how it would be more
> secure since it's all going to end up on the same filesystem either way.
Tar can extract files from an ISO without using mdconfig or the kernel's
cd9660 filesystem. It's possible that a maliciously corrupted ISO image
could cause a buffer overflow or similar inside the cd9660 filesystem
code; at that point you've got a kernel-mode security breach. Tar's
implementation of ISO9660 (in libarchive) runs in usermode with the
current user's privileges, so the potential consequences of a bug are
much less serious.
Ben
More information about the freebsd-stable
mailing list