Cryptographically enabled ports tree.
William Fletcher
ultraviolet at epweb.co.za
Sat Jun 21 10:54:10 PDT 2003
> At 18:38 21/06/2003 +0200, William Fletcher wrote:
> >What I'm wondering about, is when FreeBSD is going to get
> >get a cryptographically signed ports tree system setup.
> >
> >It isn't a must, I was just wondering other peoples opinions about this.
>
> I've been thinking about this for a while; unfortunately I have neither
> the time to implement this right now, nor enough familiarity with CVS to
> make it work automagically.
> If nothing happens before September, I'll probably corner some people at
> BSDCon to talk about this.
>
> Colin Percival
One other thing while I'm at making a clown of myself.
Wouldn't it be an absolute joke if someone rooted a redhat box on
your network, dns poisoned for cvsup.*.freebsd.org and promptly
found a way to create a cvsup-mirror on another machine
with modified source.
They could then trojan /usr/src and /usr/ports and probably gain
root on all your machines running FreeBSD, quick and easy.
Just wanted the general publics opinion of that too.
Anyway, home time, expect interesting responses on monday morning.
(Will sign up to security-general again).
PS. Some people work for companies which inflict redhat on them. :/
--
William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/
IT Administrator, EPWeb networks.
http://www.epweb.co.za/
Tel: +27 (041) 395 6800
Fax: +27 (041) 395 6818
Support: support at epweb.co.za
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-chat/attachments/20030621/9d10d4bc/attachment.bin
More information about the freebsd-chat
mailing list