Date: Wed, 16 Mar 2005 17:49:13 -0800 From: "Loren M. Lang" <lorenl@alzatex.com> To: Danny <nocmonkey@gmail.com> Cc: FreeBSD-questions <questions@freebsd.org> Subject: Re: Portsnap necessary? CVSup insecure? Message-ID: <20050317014913.GU18080@alzatex.com> In-Reply-To: <addc34c60503161549443a23b3@mail.gmail.com> References: <addc34c605031615064b793c89@mail.gmail.com> <20050316233556.GM91771@hub.freebsd.org> <addc34c60503161549443a23b3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--TegBI+r9roYdcP94 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: > On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris@freebsd.org> wrot= e: > > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > > With regards to: http://www.daemonology.net/portsnap/ > > > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > > guru's refuse to use CVSup, or is this overkill? > >=20 > > Depends on your threat model, i.e. what are you afraid of? >=20 > I will respond to your question with a question to hopefully answer > both of our questions. :) >=20 > When is the last time a FreeBSD CVSup server was compromised - if ever? >=20 > > If it's something that cvsup doesn't protect against, and portsnap does= , then > > use the latter. >=20 > Assuming Portsnap protects and/or overcomes against all of CVSup's > "limitations": >=20 > "# CVSup is insecure. The protocol uses no encryption or signing, and > any attacker who can intercept the connection can insert arbitrary > data into the tree you are updating. > # CVSup isn't end-to-end. Related to the previous point, this means > that anyone who can compromise a CVSup mirror can feed arbitrary data > to the people who are using that mirror. > # CVSup isn't designed for frequent small updates. While CVSup is very > good at distributing CVS trees, and is very efficient for updating a > tree which has been significantly changed (eg, by a month or more of > commits), it has transmits a list of all the files in the tree, which > makes it quite inefficient if only a few files have changed. > # CVSup uses a custom protocol. This can cause problems for people > behind firewalls -- outgoing connections on port 5999 need to be > permitted -- and it needs a heavyweight server (cvsupd)." >=20 > I don't know, it's just that if the FreeBSD org and handbook recommend > using CVSup, it's can't be that bad? I don't much about portsnap, but if your looking for a secure way to do updates, plain old cvs through an ssh connection is very secure assuming you verified the fingerprint before hand. This will protect against everything mentioned above minus the cvs service itself being compromised, but then again, no protocol is safe against that. >=20 > Thanks Kris, >=20 > ...D > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 =20 --TegBI+r9roYdcP94 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCOOIZbTXoRwEYo9IRAoPcAJwLL1i8QAEvteKRjaqZ1nANB7C3VgCeJw6a Mv9C5R+hAbhIv4VDuI3kqIg= =nPPQ -----END PGP SIGNATURE----- --TegBI+r9roYdcP94--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050317014913.GU18080>