On Fri, Jan 02, 2009 at 05:30:12PM +0000, Vincent Hoffman wrote: > cpghost wrote: > > Hello, > > > > with MITM attacks [1] on the rise, I'm concerned about the integrity > > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup > > (and portsnap) from master or mirror servers. > > > > [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack > > > > There's already a small protection against MITM on the distfiles in > > ports: distinfo contain md5 and sha256 digests. This is an excellent > > idea that could be extended to *all* files in /usr/src, /usr/doc, and > > /usr/ports. > > > > According to http://www.daemonology.net (the creator of portsnap and > also freebsd-update as well as being the freebsd security officer's > website) and a quick look though the freebsd-update and portsnap > scripts, both portsnap and freebsd update provide reasonable > cryptographic protection from MITHM attacks. > ({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key > used to sign the updates) > Admittedly this doesn't give a file by file checksum but does give > reasonable protection against MITM attacks for updates of the ports tree > and the -RELEASE src trees.
Interesting! As csup user, I'm not using freebsd-update and portsnap often nor regularly, but will have a look at it. Thanks for the hint. > > Assuming there's a secure way (which is not affected by MITM) to > > obtain a master public key (GnuPG key) of the FreeBSD Project, it > > would be nice to have a mechanism in place that would: > > Agreed, a more secure way of getting it than > http://www.freebsd.org/security/so_public_key.asc would be nice, (just > ssl would make me happy.) Yup. ;) Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/ _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
