Greetings!
On Reddit they report on that topic:
The FreeBSD attacks are from earlier this year.
g2k16 Hackathon Report:
Marc Espie on package signing evolution. So, the gist of that idea is that FreeBSD got a fairly sophisticated attack against some upgrade mechanism. The upgrade data is signed, but everything is inside an archive, and the attack was against the archive, most specifically the decompression code, before signatures are even checked. Not quite. There are five independent attacks, any one of which can be used in isolation to compromise a system, and every FreeBSD system is still vulnerable to at least one of the attacks, with -RELEASE users still being vulnerable to all five:
1. portsnap because of flawed signature checking (gunzip-related).
2. portsnap because of an easily achievable file-prediction attack.
3. portsnap because of decompression-unrelated libarchive vulnerabilities, with each libarchive vulnerability also being independent and upstream taking its royal time on fixing all of them.
4. portsnap because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for -RELEASE users, who are yet to receive the Capsicum + other fixes.
5. freebsd-update because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for -RELEASE users, who are yet to receive the Capsicum + other fixes.
Because the package manager (pkg) does not have a separation of privileges and keeps everything running as root?
On Reddit they report on that topic:
The FreeBSD attacks are from earlier this year.
g2k16 Hackathon Report:
Marc Espie on package signing evolution. So, the gist of that idea is that FreeBSD got a fairly sophisticated attack against some upgrade mechanism. The upgrade data is signed, but everything is inside an archive, and the attack was against the archive, most specifically the decompression code, before signatures are even checked. Not quite. There are five independent attacks, any one of which can be used in isolation to compromise a system, and every FreeBSD system is still vulnerable to at least one of the attacks, with -RELEASE users still being vulnerable to all five:
1. portsnap because of flawed signature checking (gunzip-related).
2. portsnap because of an easily achievable file-prediction attack.
3. portsnap because of decompression-unrelated libarchive vulnerabilities, with each libarchive vulnerability also being independent and upstream taking its royal time on fixing all of them.
4. portsnap because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for -RELEASE users, who are yet to receive the Capsicum + other fixes.
5. freebsd-update because of bspatch vulnerabilities, with each attack path being independent and with only one path patched for -RELEASE users, who are yet to receive the Capsicum + other fixes.
Because the package manager (pkg) does not have a separation of privileges and keeps everything running as root?
Last edited:
