HEADS UP: Importing csup into base
Wesley Shields
wxs at csh.rit.edu
Wed Mar 1 23:25:18 GMT 2006
On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote:
> On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote:
> > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote:
> > > Scott Long <scottl at samsco.org> writes:
> > >
> > > > Maxime Henrion wrote:
> > > > > Hey all,
> > > > > I have released a new snapshot of csup a few minutes ago,
> > > >
> > > > [...]
> > > >
> > > > > - Executes (shell commands sent by the server, even more rarely
> > > > > used),
> > > >
> > > > Are you joking?
> > >
> > > Are you asking whether he's joking about (1) the idea of ever
> > > implementing it, (2) the fact that he hasn't done it yet, or
> > > (3) the idea that it's rarely used? All of those sound
> > > reasonable to me...
> >
> > I'm questioning (1) myself. This just seems like a bad idea from a
> > security perspective. Of course, some kind of sanitization could
> > mitigate the issue.
>
> Let's not lose sight of the fact that whoever runs the cvsup server
> already owns your machine, since they're giving you unauthenticated
> source code [1].
You are right on this point. But on the scale of potentially bad things
I think a rogue server sending commands that the client exectues is
pretty close to a rogue server sending malicious source code. At least
the source is easily verifiable and (in the case of the malicious source
being inserted at the master site) has a good chance of being noticed.
It's not that I'm 100% against this idea, but rather that I'd like to
see the client be cautious of the possibility of a rogue server. Of
course, this could all be the plan and I'm just raising a non-issue.
> Kris
>
> [1] Please don't take this as an invitation to talk about how Someone
> Should Fix This, since it's not on the table until Someone first
> writes csupd :-)
I didn't see it as an invitation as I've seen it discussed many times
before. Either way, I'm very pleased to see a client written in C. :)
-- WXS
More information about the freebsd-current
mailing list