Page MenuHomeFreeBSD

portsnap: use lam on the 'good' hash list instead of sed on the untrusted one
ClosedPublic

Authored by emaste on Sep 29 2016, 1:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 27 2024, 12:39 AM
Unknown Object (File)
Sep 28 2024, 3:45 AM
Unknown Object (File)
Sep 26 2024, 10:06 PM
Unknown Object (File)
Sep 26 2024, 4:43 PM
Unknown Object (File)
Sep 26 2024, 7:28 AM
Unknown Object (File)
Sep 24 2024, 2:51 PM
Unknown Object (File)
Sep 20 2024, 9:56 AM
Unknown Object (File)
Sep 20 2024, 9:54 AM
Subscribers

Details

Summary

This change should be equivalent to the approach committed in rS306417, but if sed has a bug it could be exploited by the untrusted tar file. Instead, convert the expected hash list to the expected tar content filesystem layout, and compare that with find's output.

Submitted by: @cperciva in D8052

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

emaste retitled this revision from to portsnap: use lam on the 'good' hash list instead of sed on the untrusted one.
emaste updated this object.
emaste edited the test plan for this revision. (Show Details)
emaste added reviewers: cperciva, allanjude.
emaste added a subscriber: cperciva.

I am capsicumizing lam(1), and will have a review soon

oshogbo edited edge metadata.
oshogbo added inline comments.
usr.sbin/portsnap/portsnap/portsnap.sh
694

\ - is not needed, or you should add some space like in rest file.

This revision is now accepted and ready to land.Oct 7 2016, 7:52 PM