svn commit: r306697 - stable/10/usr.sbin/portsnap/portsnap
Ed Maste
emaste at FreeBSD.org
Wed Oct 5 00:33:08 UTC 2016
Author: emaste
Date: Wed Oct 5 00:33:06 2016
New Revision: 306697
URL: https://svnweb.freebsd.org/changeset/base/306697
Log:
MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/
Previously it was possible to smuggle in addional files that would
be used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
Modified:
stable/10/usr.sbin/portsnap/portsnap/portsnap.sh
Directory Properties:
stable/10/ (props changed)
Modified: stable/10/usr.sbin/portsnap/portsnap/portsnap.sh
==============================================================================
--- stable/10/usr.sbin/portsnap/portsnap/portsnap.sh Tue Oct 4 23:12:35 2016 (r306696)
+++ stable/10/usr.sbin/portsnap/portsnap/portsnap.sh Wed Oct 5 00:33:06 2016 (r306697)
@@ -686,6 +686,13 @@ fetch_snapshot() {
fetch_index_sanity || return 1
# Verify the snapshot contents
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
+ cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
+ find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
+ if ! cmp -s files.expected files.snap; then
+ echo "unexpected files in snapshot."
+ return 1
+ fi
+ rm files.expected files.snap
echo "done."
# Move files into their proper locations
More information about the svn-src-all
mailing list