From owner-freebsd-questions@FreeBSD.ORG  Thu Mar 17 01:49:16 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 8B79316A4CE; Thu, 17 Mar 2005 01:49:16 +0000 (GMT)
Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id B514743D3F; Thu, 17 Mar 2005 01:49:15 +0000 (GMT)
	(envelope-from lorenl@alzatex.com)
Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1])
	by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j2H1nEUQ026776
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 16 Mar 2005 17:49:14 -0800
Received: (from sttng359@localhost)
	by hosea.tallye.com (8.12.8/8.12.10/Submit) id j2H1nDow026774;
	Wed, 16 Mar 2005 17:49:13 -0800
X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to
	lorenl@alzatex.com using -f
Date: Wed, 16 Mar 2005 17:49:13 -0800
From: "Loren M. Lang" <lorenl@alzatex.com>
To: Danny <nocmonkey@gmail.com>
Message-ID: <20050317014913.GU18080@alzatex.com>
References: <addc34c605031615064b793c89@mail.gmail.com>
	<20050316233556.GM91771@hub.freebsd.org>
	<addc34c60503161549443a23b3@mail.gmail.com>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="TegBI+r9roYdcP94"
Content-Disposition: inline
In-Reply-To: <addc34c60503161549443a23b3@mail.gmail.com>
User-Agent: Mutt/1.4.1i
X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C
cc: Kris Kennaway <kris@freebsd.org>
cc: FreeBSD-questions <questions@freebsd.org>
Subject: Re: Portsnap necessary? CVSup insecure?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Mar 2005 01:49:16 -0000


--TegBI+r9roYdcP94
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote:
> On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris@freebsd.org> wrot=
e:
> > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote:
> > > With regards to: http://www.daemonology.net/portsnap/
> > >
> > > Should I be concerned about my servers that use CVSup?  Do the FreeBSD
> > > guru's refuse to use CVSup, or is this overkill?
> >=20
> > Depends on your threat model, i.e. what are you afraid of?
>=20
> I will respond to your question with a question to hopefully answer
> both of our questions. :)
>=20
> When is the last time a FreeBSD CVSup server was compromised - if ever?
>=20
> > If it's something that cvsup doesn't protect against, and portsnap does=
, then
> > use the latter.
>=20
> Assuming Portsnap protects and/or overcomes against all of CVSup's
> "limitations":
>=20
> "# CVSup is insecure. The protocol uses no encryption or signing, and
> any attacker who can intercept the connection can insert arbitrary
> data into the tree you are updating.
> # CVSup isn't end-to-end. Related to the previous point, this means
> that anyone who can compromise a CVSup mirror can feed arbitrary data
> to the people who are using that mirror.
> # CVSup isn't designed for frequent small updates. While CVSup is very
> good at distributing CVS trees, and is very efficient for updating a
> tree which has been significantly changed (eg, by a month or more of
> commits), it has transmits a list of all the files in the tree, which
> makes it quite inefficient if only a few files have changed.
> # CVSup uses a custom protocol. This can cause problems for people
> behind firewalls -- outgoing connections on port 5999 need to be
> permitted -- and it needs a heavyweight server (cvsupd)."
>=20
> I don't know, it's just that if the FreeBSD org and handbook recommend
> using CVSup, it's can't be that bad?

I don't much about portsnap, but if your looking for a secure way to do
updates, plain old cvs through an ssh connection is very secure
assuming you verified the fingerprint before hand.  This will protect
against everything mentioned above minus the cvs service itself being
compromised, but then again, no protocol is safe against that.

>=20
> Thanks Kris,
>=20
> ...D
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"

--=20
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: CEE1 AAE2 F66C 59B5 34CA  C415 6D35 E847 0118 A3D2
=20

--TegBI+r9roYdcP94
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFCOOIZbTXoRwEYo9IRAoPcAJwLL1i8QAEvteKRjaqZ1nANB7C3VgCeJw6a
Mv9C5R+hAbhIv4VDuI3kqIg=
=nPPQ
-----END PGP SIGNATURE-----

--TegBI+r9roYdcP94--