svn commit: r306701 - stable/9/usr.sbin/portsnap/portsnap
Ed Maste
emaste at FreeBSD.org
Wed Oct 5 01:01:11 UTC 2016
Author: emaste
Date: Wed Oct 5 01:01:10 2016
New Revision: 306701
URL: https://svnweb.freebsd.org/changeset/base/306701
Log:
MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/
Previously it was possible to smuggle in addional files that would
used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.
This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.
Modified:
stable/9/usr.sbin/portsnap/portsnap/portsnap.sh
Directory Properties:
stable/9/usr.sbin/portsnap/portsnap/ (props changed)
Modified: stable/9/usr.sbin/portsnap/portsnap/portsnap.sh
==============================================================================
--- stable/9/usr.sbin/portsnap/portsnap/portsnap.sh Wed Oct 5 00:49:39 2016 (r306700)
+++ stable/9/usr.sbin/portsnap/portsnap/portsnap.sh Wed Oct 5 01:01:10 2016 (r306701)
@@ -649,6 +649,13 @@ fetch_snapshot() {
fetch_index_sanity || return 1
# Verify the snapshot contents
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
+ cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
+ find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
+ if ! cmp -s files.expected files.snap; then
+ echo "unexpected files in snapshot."
+ return 1
+ fi
+ rm files.expected files.snap
echo "done."
# Move files into their proper locations
More information about the svn-src-stable-9
mailing list