Date: Mon, 23 Jun 2003 16:20:59 +0200 From: William Fletcher <ultraviolet@epweb.co.za> To: chat@freebsd.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <20030623142058.GF24407@tulip.epweb.co.za> In-Reply-To: <3EF70AEA.9FAC92A9@mindspring.com> References: <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621175414.GC18653@tulip.epweb.co.za> <3EF70AEA.9FAC92A9@mindspring.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--KIzF6Cje4W/osXrF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable All I really want, is to know that my /usr/src and /usr/ports=20 aren't screwed up, can't be trojaned by somebody on my local lan. I don't trust local networks, especially ones with all sorts of clowns running all sorts of installations.=20 On Mon, Jun 23, 2003 at 07:12:58AM -0700, Terry Lambert wrote: > William Fletcher wrote: > > One other thing while I'm at making a clown of myself. > >=20 > > Wouldn't it be an absolute joke if someone rooted a redhat box on > > your network, dns poisoned for cvsup.*.freebsd.org and promptly > > found a way to create a cvsup-mirror on another machine > > with modified source. > >=20 > > They could then trojan /usr/src and /usr/ports and probably gain > > root on all your machines running FreeBSD, quick and easy. > >=20 > > Just wanted the general publics opinion of that too. > >=20 > > Anyway, home time, expect interesting responses on monday morning. > > (Will sign up to security-general again). > >=20 > > PS. Some people work for companies which inflict redhat on them. :/ >=20 > FWIW: If they did this, they'd just declare themselves a signing > authority, and sign the trojan'ed packages themselves. All you've > done by introducing signatures is add one more hoop for them to > jump through. At the same time, you've made ports quit working > over code changes, which is something that was one of the best > benefits of the ports tree in the first place. >=20 > -- Terry --=20 William Fletcher (ultraviolet) Powered by http://www.FreeBSD.org/ IT Administrator, EPWeb networks. irc at irc.epweb.co.za http://www.epweb.co.za/ http://vision.za.net/irc/ Tel: +27 (041) 395 6800 =20 Fax: +27 (041) 395 6818=09 Support: support@epweb.co.za My new years resolution will be to not get stressed by linux and its users.= =20 --KIzF6Cje4W/osXrF Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+9wzKju3fq0dMPxsRAnxXAJ4oi9sY58AfJuMgmhbd5aO8gJB1QQCdHkm7 gCBWp5s1YGpQNDyrFNgsJGU= =eooP -----END PGP SIGNATURE----- --KIzF6Cje4W/osXrF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030623142058.GF24407>