Skip to content

openbsd-pkg_add

Directory actions

More options

Directory actions

More options

Latest commit

 

History

History

openbsd-pkg_add

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
001-repository-url-is-executed-through-the-shell.md
001-repository-url-is-executed-through-the-shell.md
 
 
001-repository-url-is-executed-through-the-shell.patch
001-repository-url-is-executed-through-the-shell.patch
 
 
002-repository-eof-hangs-header-parser.md
002-repository-eof-hangs-header-parser.md
 
 
002-repository-eof-hangs-header-parser.patch
002-repository-eof-hangs-header-parser.patch
 
 
003-archive-path-escapes-destination-tree.md
003-archive-path-escapes-destination-tree.md
 
 
003-archive-path-escapes-destination-tree.patch
003-archive-path-escapes-destination-tree.patch
 
 
004-symlink-entry-redirects-later-file-extraction.md
004-symlink-entry-redirects-later-file-extraction.md
 
 
004-symlink-entry-redirects-later-file-extraction.patch
004-symlink-entry-redirects-later-file-extraction.patch
 
 
005-package-database-repair-follows-metadata-symlinks.md
005-package-database-repair-follows-metadata-symlinks.md
 
 
005-package-database-repair-follows-metadata-symlinks.patch
005-package-database-repair-follows-metadata-symlinks.patch
 
 
006-scp-repository-host-injects-ssh-options.md
006-scp-repository-host-injects-ssh-options.md
 
 
006-scp-repository-host-injects-ssh-options.patch
006-scp-repository-host-injects-ssh-options.patch
 
 
007-archive-mode-validation-uses-wrong-object.md
007-archive-mode-validation-uses-wrong-object.md
 
 
007-archive-mode-validation-uses-wrong-object.patch
007-archive-mode-validation-uses-wrong-object.patch
 
 
README.md
README.md
 
 

README.md

OpenBSD pkg_add Audit Findings

Security audit of OpenBSD's pkg_add, the package installation tool, along with the supporting Perl modules under OpenBSD/ that handle repositories, ustar archive extraction, and the on-disk package database. Each finding includes a detailed write-up and a patch.

Summary

Total findings: 7 -- High: 5, Medium: 1, Low: 1

Findings

Repository handlers

# Finding Severity
001 Repository URL is executed through the shell High
002 Repository EOF hangs HTTP reader Low
006 scp repository host injects ssh options High

Archive extraction

# Finding Severity
003 Archive path escapes destination tree High
004 Symlink entry redirects later file extraction High
007 Archive mode validation uses wrong object High

Package database

# Finding Severity
005 Package database repair follows metadata symlinks Medium