From owner-freebsd-current@FreeBSD.ORG Wed Mar 1 23:25:18 2006 Return-Path: X-Original-To: current@freebsd.org Delivered-To: freebsd-current@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F6E816A420; Wed, 1 Mar 2006 23:25:18 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (syn.csh.rit.edu [129.21.60.158]) by mx1.FreeBSD.org (Postfix) with ESMTP id 72A2543D48; Wed, 1 Mar 2006 23:25:17 +0000 (GMT) (envelope-from wxs@syn.csh.rit.edu) Received: from syn.csh.rit.edu (localhost [127.0.0.1]) by syn.csh.rit.edu (8.13.4/8.13.4) with ESMTP id k21NXtjk054760; Wed, 1 Mar 2006 18:33:55 -0500 (EST) (envelope-from wxs@syn.csh.rit.edu) Received: (from wxs@localhost) by syn.csh.rit.edu (8.13.4/8.13.4/Submit) id k21NXtRl054759; Wed, 1 Mar 2006 18:33:55 -0500 (EST) (envelope-from wxs) Date: Wed, 1 Mar 2006 18:33:55 -0500 From: Wesley Shields To: Kris Kennaway Message-ID: <20060301233355.GA53937@csh.rit.edu> References: <20060301170306.GZ55746@elvis.mu.org> <4405F673.8060907@samsco.org> <44mzg9ucpm.fsf@be-well.ilk.org> <20060301211932.GA42815@csh.rit.edu> <20060301211708.GA30508@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060301211708.GA30508@xor.obsecurity.org> User-Agent: Mutt/1.5.11 X-Mailman-Approved-At: Thu, 02 Mar 2006 00:22:56 +0000 Cc: arch@freebsd.org, current@freebsd.org, Lowell Gilbert Subject: Re: HEADS UP: Importing csup into base X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2006 23:25:18 -0000 On Wed, Mar 01, 2006 at 04:17:08PM -0500, Kris Kennaway wrote: > On Wed, Mar 01, 2006 at 04:19:32PM -0500, Wesley Shields wrote: > > On Wed, Mar 01, 2006 at 03:33:41PM -0500, Lowell Gilbert wrote: > > > Scott Long writes: > > > > > > > Maxime Henrion wrote: > > > > > Hey all, > > > > > I have released a new snapshot of csup a few minutes ago, > > > > > > > > [...] > > > > > > > > > - Executes (shell commands sent by the server, even more rarely > > > > > used), > > > > > > > > Are you joking? > > > > > > Are you asking whether he's joking about (1) the idea of ever > > > implementing it, (2) the fact that he hasn't done it yet, or > > > (3) the idea that it's rarely used? All of those sound > > > reasonable to me... > > > > I'm questioning (1) myself. This just seems like a bad idea from a > > security perspective. Of course, some kind of sanitization could > > mitigate the issue. > > Let's not lose sight of the fact that whoever runs the cvsup server > already owns your machine, since they're giving you unauthenticated > source code [1]. You are right on this point. But on the scale of potentially bad things I think a rogue server sending commands that the client exectues is pretty close to a rogue server sending malicious source code. At least the source is easily verifiable and (in the case of the malicious source being inserted at the master site) has a good chance of being noticed. It's not that I'm 100% against this idea, but rather that I'd like to see the client be cautious of the possibility of a rogue server. Of course, this could all be the plan and I'm just raising a non-issue. > Kris > > [1] Please don't take this as an invitation to talk about how Someone > Should Fix This, since it's not on the table until Someone first > writes csupd :-) I didn't see it as an invitation as I've seen it discussed many times before. Either way, I'm very pleased to see a client written in C. :) -- WXS