Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 18 Nov 2003 16:42:52 +0000
From:      Colin Percival <colin.percival@wadham.ox.ac.uk>
To:        "M. Warner Losh" <imp@bsdimp.com>, des@des.no
Cc:        colin.percival@wadham.ox.ac.uk
Subject:   Re: Secure updating of OS and ports
Message-ID:  <5.0.2.1.1.20031118163606.031db020@popserver.sfu.ca>
In-Reply-To: <20031118.093202.131522893.imp@bsdimp.com>
References:  <xzp7k1yxdev.fsf@dwp.des.no> <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> <xzp7k1yxdev.fsf@dwp.des.no>

next in thread | previous in thread | raw e-mail | index | archive | help
At 09:32 18/11/2003 -0700, M. Warner Losh wrote:
>cvsup is secure from everything except man in the middle or
>redirection attacks.  When you run cvsup over an ssh-tunnel, you can
>solve these problems if you trust the cvsup running on the localhost
>you ssh to.

   In other words, cvsup -- as the general public uses it -- is secure, 
provided that you trust your DNS servers, the FreeBSD DNS servers, the 
cvsup mirror you access, and everyone with access to the local network 
segments on which the above reside.  It's *almost* as secure as http -- but 
not quite, since the mirror system provides another point of attack.
   If everyone used ssh tunnels to cvsup-master, this wouldn't be an 
issue... but that isn't an option.

Colin Percival



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20031118163606.031db020>