Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Feb 2014 08:41:24 +0100 (CET)
From:      =?ISO-8859-1?Q?Trond_Endrest=F8l?= <Trond.Endrestol@fagskolen.gjovik.no>
To:        "C. P. Ghost" <cpghost@cordula.ws>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Verifying a subversion checkout
Message-ID:  <alpine.BSF.2.00.1402110834090.90985@mail.fig.ol.no>
In-Reply-To: <CADGWnjUgW%2BORTn=aRE4R-i3NA-1EQS6Oq%2BkXG9vVb_trHwy9vA@mail.gmail.com>
References:  <CADGWnjUgW%2BORTn=aRE4R-i3NA-1EQS6Oq%2BkXG9vVb_trHwy9vA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, 11 Feb 2014 08:26+0100, C. P. Ghost wrote:

> Hello,
> 
> is there a way to automatically verify that the checkout
> of a random subversion revision of /usr/src hasn't been
> tampered with?
> 
> I'm worried about the possibility of

>   1/ an MitM attack while fetching the sources

HTTPS would be the best option, compared to pure SVN and HTTP access.

>   2/ changes to the local /usr/src for whatever reasons

Look into the svn status command. See svn --help status for all 
possible options. 

Otherwise, a complete new checkout would hopefully eliminate any 
wrongdoing.

Protecting, handholding and keeping your own local svn mirror updated 
might be another option.

> 2/ isn't so critical; there's always the possibility to check
> them from another machine, provided checksums were
> created immediately after the svn update. It's 1/ that's
> bothering me.
> 
> Or, asked differently, does SVN protocol support some
> kind of authentication that thwarts man-in-the-middle
> attacks?
> 
> Of course, at release points, we always have checksums
> for the ISO images. That's security-wise the only point
> where I'm sure that I'm running from genuine sources.
> It's what's in-between releases that I'm asking about.
> 
> Thanks,
> -cpghost.

-- 
+-------------------------------+------------------------------------+
| Vennlig hilsen,               | Best regards,                      |
| Trond Endrestøl,              | Trond Endrestøl,                   |
| IT-ansvarlig,                 | System administrator,              |
| Fagskolen Innlandet,          | Gjøvik Technical College, Norway,  |
| tlf. mob.   952 62 567,       | Cellular...: +47 952 62 567,       |
| sentralbord 61 14 54 00.      | Switchboard: +47 61 14 54 00.      |
+-------------------------------+------------------------------------+

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1402110834090.90985>