Date: Wed, 16 Mar 2005 18:49:05 -0500 From: Danny <nocmonkey@gmail.com> To: Kris Kennaway <kris@freebsd.org> Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Portsnap necessary? CVSup insecure? Message-ID: <addc34c60503161549443a23b3@mail.gmail.com> In-Reply-To: <20050316233556.GM91771@hub.freebsd.org> References: <addc34c605031615064b793c89@mail.gmail.com> <20050316233556.GM91771@hub.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris@freebsd.org> wrote: > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > With regards to: http://www.daemonology.net/portsnap/ > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > guru's refuse to use CVSup, or is this overkill? > > Depends on your threat model, i.e. what are you afraid of? I will respond to your question with a question to hopefully answer both of our questions. :) When is the last time a FreeBSD CVSup server was compromised - if ever? > If it's something that cvsup doesn't protect against, and portsnap does, then > use the latter. Assuming Portsnap protects and/or overcomes against all of CVSup's "limitations": "# CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating. # CVSup isn't end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror. # CVSup isn't designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it has transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed. # CVSup uses a custom protocol. This can cause problems for people behind firewalls -- outgoing connections on port 5999 need to be permitted -- and it needs a heavyweight server (cvsupd)." I don't know, it's just that if the FreeBSD org and handbook recommend using CVSup, it's can't be that bad? Thanks Kris, ...D
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?addc34c60503161549443a23b3>