Foiling MITM attacks on source and ports trees

cpghost cpghost at cordula.ws
Fri Jan 2 18:17:05 UTC 2009


On Fri, Jan 02, 2009 at 05:30:12PM +0000, Vincent Hoffman wrote:
> cpghost wrote:
> > Hello,
> >
> > with MITM attacks [1] on the rise, I'm concerned about the integrity
> > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup
> > (and portsnap) from master or mirror servers.
> >
> >   [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
> >
> > There's already a small protection against MITM on the distfiles in
> > ports: distinfo contain md5 and sha256 digests. This is an excellent
> > idea that could be extended to *all* files in /usr/src, /usr/doc, and
> > /usr/ports.
> >   
> 
> According to http://www.daemonology.net (the creator of portsnap and
> also freebsd-update as well as being the freebsd security officer's
> website) and a quick look though the freebsd-update and portsnap
> scripts, both portsnap and freebsd update provide reasonable
> cryptographic protection from MITHM attacks.
> ({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key
> used to sign the updates)
> Admittedly this doesn't give a file by file checksum but does give
> reasonable protection against MITM attacks for updates of the ports tree
> and the -RELEASE src trees.

Interesting! As csup user, I'm not using freebsd-update and portsnap
often nor regularly, but will have a look at it. Thanks for the hint.

> > Assuming there's a secure way (which is not affected by MITM) to
> > obtain a master public key (GnuPG key) of the FreeBSD Project, it
> > would be nice to have a mechanism in place that would:
>   
> Agreed, a more secure way of getting it than
> http://www.freebsd.org/security/so_public_key.asc would be nice, (just
> ssl would make me happy.)

Yup. ;)

Regards,
-cpghost.

-- 
Cordula's Web. http://www.cordula.ws/


More information about the freebsd-questions mailing list