10.0-BETA4 bsdinstall zfs encryption broken
Teske, Devin
Devin.Teske at fisglobal.com
Thu Dec 5 04:38:54 UTC 2013
On Dec 4, 2013, at 3:01 PM, Ben Morrow wrote:
> Quoth Darren Pilgrim <list_freebsd at bluerosetech.com>:
>> On 12/4/2013 12:13 PM, Ben Morrow wrote:
>>> Quoth Devin Teske <dteske at freebsd.org>:
>>>>
>>>> The procedure I use is to take the existing ISO and...
>>>>
>>>> 1. use mdconfig to access it
>>>> 2. use mount_cd9660 to mount it
>>>> 3. use rsync to copy the contents to a local dir
>>>
>>> It's more secure to use tar for these three steps. Filesystems generally
>>> aren't hardened against malicious input.
>>
>> I'm curious about this statement. What extra security would tar get
>> you? Tar would be faster, but I can't think of how it would be more
>> secure since it's all going to end up on the same filesystem either way.
>
> Tar can extract files from an ISO
Doesn't work in 9.2-R; which is why I still go to mdconfig+rsync.
>From 9.2-R...
$ tar xf ../FreeBSD-10.0-BETA2-i386-20131031-r257419-disc1.iso
etc/termcap.small: Can't create 'etc/termcap.small'
etc/unbound: Can't create 'etc/unbound'
sbin/nos-tun: Can't create 'sbin/nos-tun'
usr/bin/make: Can't create 'usr/bin/make'
usr/bin/newgrp: Can't create 'usr/bin/newgrp'
usr/bin/pic: Can't create 'usr/bin/pic'
... ad nauseum ...
Analyzing the situation, for every file that has a symlink *to* it, the
file is not unpacked. So for the case of all the library files, where
there is a *.so symlink to a *.so.N... the *.so.N is not created, but
the *.so symlink is. So the unpacked data ends up being unusable.
Tried on 10.0 and worked fine. So problem is 9.2-R libarchive.
---
Devin
_____________
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
More information about the freebsd-stable
mailing list