Foiling MITM attacks on source and ports trees
datahead4 at gmail.com
Fri Jan 2 17:50:50 UTC 2009
On Fri, Jan 2, 2009 at 10:44 AM, cpghost <cpghost at cordula.ws> wrote:
> with MITM attacks  on the rise, I'm concerned about the integrity
> of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup
> (and portsnap) from master or mirror servers.
>  http://en.wikipedia.org/wiki/Man-in-the-middle_attack
> There's already a small protection against MITM on the distfiles in
> ports: distinfo contain md5 and sha256 digests. This is an excellent
> idea that could be extended to *all* files in /usr/src, /usr/doc, and
Something like this was discussed back in September:
I haven't tried Max's script yet, but it looks like it should do at
least some of what you're looking for.
More information about the freebsd-questions