Secure installation and updating
David Adam
zanchey at ucc.gu.uwa.edu.au
Tue Mar 8 13:51:34 GMT 2005
Stian,
A question this technical really needs to go to
freebsd-questions at freebsd.org rather than the newbie discussion list.
Having said that: yes, you can download the entire /usr/src tree in a
variety of ways.
http://www.freebsd.org/support.html#cvs lists a few - you might want to
carry a custom-built FreeSBIE (www.freesbie.org) CD with cvsup-without-gui
installed on it to use CVS. That also gives you the security of knowing
that at least there are no software security breaches on your download
system.
I would recommend that you don't mount the pen drive as /usr/src, but
rather copy all the files (or better yet, a tarball) to /usr/src on your
target system. This will probably make things faster/better. If you do
mount the pen drive as /usr/src, remember to mark it noatime!
(Although there was a post above noting that checksums are used, remember
that if you can modify arbitrary traffic, you can modify the checksums
too. See dns/dnshijacker and security/ettercap for some interesting
insights.)
Cheers,
David Adam
zanchey at ucc.gu.uwa.edu.au
More information about the freebsd-newbies
mailing list