portsnap: only move expected snapshot contents from snap/ to files/
Previously it was possible to smuggle in addional files that would be used by later portsnap runs. Now we only move those files expected to be in the snapshot into files/ and require that there are no unexpected files. This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic attacks against FreeBSD update components" anonymous gist. Reported by: anonymous gist Reviewed by: allanjude, delphij MFC after: ASAP Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D8052
This commit is contained in:
parent
d6e65178c6
commit
54786ab35e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=306417
@ -691,6 +691,13 @@ fetch_snapshot() {
|
|||||||
fetch_index_sanity || return 1
|
fetch_index_sanity || return 1
|
||||||
# Verify the snapshot contents
|
# Verify the snapshot contents
|
||||||
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
|
cut -f 2 -d '|' INDEX.new | fetch_snapshot_verify || return 1
|
||||||
|
cut -f 2 -d '|' tINDEX.new INDEX.new | sort -u > files.expected
|
||||||
|
find snap -mindepth 1 | sed -E 's^snap/(.*)\.gz^\1^' | sort > files.snap
|
||||||
|
if ! cmp -s files.expected files.snap; then
|
||||||
|
echo "unexpected files in snapshot."
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
rm files.expected files.snap
|
||||||
echo "done."
|
echo "done."
|
||||||
|
|
||||||
# Move files into their proper locations
|
# Move files into their proper locations
|
||||||
|
Loading…
Reference in New Issue
Block a user