secure /usr/src update
Martin Laabs
martin.laabs at mailbox.tu-dresden.de
Sat Aug 25 14:38:38 PDT 2007
Hello,
as far as I know neither CVSup, CTM nor (anonymous) CVS support any
kind of (cryptographic) signing or encryption.
Now I'd like to know if it is possible to obtain or update the base system
in a secure and reliable way at all. For the ports collection there is
portsnap which seems for me - in respect to the security issue - well
concepted.
Also, if I buy a (pressed) DVD I (hopefully) can trust the integrity of the
system I install. (And with this DVD I'll receive the keyprint of portsnap
on a - hopefull sufficient - secure way.)
Solely the update of the /usr/src branch seems to be easily attackable by
some standard stream inserting or very simple man in the middle attacks.
Do you have any suggestions?
Thank you,
Martin Laabs
More information about the freebsd-questions
mailing list