On Wed, Sep 28, 2016 at 09:22:51PM +0000, Ed Maste wrote: > Author: emaste > Date: Wed Sep 28 21:22:51 2016 > New Revision: 306417 > URL: https://svnweb.freebsd.org/changeset/base/306417 > > Log: > portsnap: only move expected snapshot contents from snap/ to files/ > > Previously it was possible to smuggle in addional files that would > be used by later portsnap runs. Now we only move those files expected > to be in the snapshot into files/ and require that there are no > unexpected files. > > This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic > attacks against FreeBSD update components" anonymous gist. > > Reported by: anonymous gist > Reviewed by: allanjude, delphij > MFC after: ASAP > Sponsored by: The FreeBSD Foundation > Differential Revision: https://reviews.freebsd.org/D8052
Hey Ed, Any plans to release a security announcement? Thanks, -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
