Cryptographically enabled ports tree.
William Fletcher
ultraviolet at epweb.co.za
Mon Jun 23 07:20:56 PDT 2003
All I really want, is to know that my /usr/src and /usr/ports
aren't screwed up, can't be trojaned by somebody on my local lan.
I don't trust local networks, especially ones with all sorts of
clowns running all sorts of installations.
On Mon, Jun 23, 2003 at 07:12:58AM -0700, Terry Lambert wrote:
> William Fletcher wrote:
> > One other thing while I'm at making a clown of myself.
> >
> > Wouldn't it be an absolute joke if someone rooted a redhat box on
> > your network, dns poisoned for cvsup.*.freebsd.org and promptly
> > found a way to create a cvsup-mirror on another machine
> > with modified source.
> >
> > They could then trojan /usr/src and /usr/ports and probably gain
> > root on all your machines running FreeBSD, quick and easy.
> >
> > Just wanted the general publics opinion of that too.
> >
> > Anyway, home time, expect interesting responses on monday morning.
> > (Will sign up to security-general again).
> >
> > PS. Some people work for companies which inflict redhat on them. :/
>
> FWIW: If they did this, they'd just declare themselves a signing
> authority, and sign the trojan'ed packages themselves. All you've
> done by introducing signatures is add one more hoop for them to
> jump through. At the same time, you've made ports quit working
> over code changes, which is something that was one of the best
> benefits of the ports tree in the first place.
>
> -- Terry
--
William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/
IT Administrator, EPWeb networks. irc at irc.epweb.co.za
http://www.epweb.co.za/ http://vision.za.net/irc/
Tel: +27 (041) 395 6800
Fax: +27 (041) 395 6818
Support: support at epweb.co.za
My new years resolution will be to not get stressed by linux and its users.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-chat/attachments/20030623/bd18c1e7/attachment.bin
More information about the freebsd-chat
mailing list