Date: Fri, 2 Jan 2009 19:18:35 +0100 From: cpghost <cpghost@cordula.ws> To: Vincent Hoffman <vince@unsane.co.uk> Cc: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <20090102181835.GB1742@phenom.cordula.ws> In-Reply-To: <495E4F24.80209@unsane.co.uk> References: <20090102164412.GA1258@phenom.cordula.ws> <495E4F24.80209@unsane.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 02, 2009 at 05:30:12PM +0000, Vincent Hoffman wrote: > cpghost wrote: > > Hello, > > > > with MITM attacks [1] on the rise, I'm concerned about the integrity > > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup > > (and portsnap) from master or mirror servers. > > > > [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack > > > > There's already a small protection against MITM on the distfiles in > > ports: distinfo contain md5 and sha256 digests. This is an excellent > > idea that could be extended to *all* files in /usr/src, /usr/doc, and > > /usr/ports. > > > > According to http://www.daemonology.net (the creator of portsnap and > also freebsd-update as well as being the freebsd security officer's > website) and a quick look though the freebsd-update and portsnap > scripts, both portsnap and freebsd update provide reasonable > cryptographic protection from MITHM attacks. > ({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key > used to sign the updates) > Admittedly this doesn't give a file by file checksum but does give > reasonable protection against MITM attacks for updates of the ports tree > and the -RELEASE src trees. Interesting! As csup user, I'm not using freebsd-update and portsnap often nor regularly, but will have a look at it. Thanks for the hint. > > Assuming there's a secure way (which is not affected by MITM) to > > obtain a master public key (GnuPG key) of the FreeBSD Project, it > > would be nice to have a mechanism in place that would: > > Agreed, a more secure way of getting it than > http://www.freebsd.org/security/so_public_key.asc would be nice, (just > ssl would make me happy.) Yup. ;) Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090102181835.GB1742>