Are source updating mechanisms vulnerable to MITM attacks?
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu Dec 24 19:55:48 UTC 2009
QIU Quan wrote:
> It seems CVSup uses clear text, with neither server authentication as
> SSH nor message authentication as PGP.
>
> Is it possible to poison the DNS records and fire a man-in-the-middle
> attack against the source updating procedure?
In principle, yes. There have been no reports of this happening in the wild
however.
> It seems portsnap uses a public key to verify downloads.
>
> Are there some source updating mechanisms with authentication or verification?
freebsd-update(8), freebsd-update.conf(5) You can use this just to pull down
the system sources I believe, but only for release branches, not for -CURRENT
or -STABLE.
Installing from the cryptographically checksummed release .iso images, and
then only applying the updates from the PGP signed advisory messages and
patches?
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091224/9a409575/signature.pgp
More information about the freebsd-questions
mailing list