From owner-freebsd-stable@FreeBSD.ORG Tue Nov 18 08:42:57 2003 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EC11316A4CE for ; Tue, 18 Nov 2003 08:42:57 -0800 (PST) Received: from tx2.oucs.ox.ac.uk (tx2.oucs.ox.ac.uk [163.1.2.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1E99143FDD for ; Tue, 18 Nov 2003 08:42:56 -0800 (PST) (envelope-from colin.percival@wadham.ox.ac.uk) Received: from scan2.oucs.ox.ac.uk ([163.1.2.162] helo=localhost) by tx2.oucs.ox.ac.uk with esmtp (Exim 4.20) id 1AM8wJ-00007S-KD for freebsd-stable@freebsd.org; Tue, 18 Nov 2003 16:42:55 +0000 Received: from rx2.oucs.ox.ac.uk ([163.1.2.161]) by localhost (scan2.oucs.ox.ac.uk [163.1.2.162]) (amavisd-new, port 25) with ESMTP id 00428-01 for ; Tue, 18 Nov 2003 16:42:55 +0000 (GMT) Received: from gateway.wadham.ox.ac.uk ([163.1.161.253]) by rx2.oucs.ox.ac.uk with smtp (Exim 4.20) id 1AM8wJ-00007F-6Y for freebsd-stable@freebsd.org; Tue, 18 Nov 2003 16:42:55 +0000 Received: (qmail 14502 invoked by uid 0); 18 Nov 2003 16:42:54 -0000 Received: from colin.percival@wadham.ox.ac.uk by gateway by uid 71 with qmail-scanner-1.16 (sweep: 2.14/3.71. spamassassin: 2.53. Clear:. Processed in 1.227139 secs); 18 Nov 2003 16:42:54 -0000 X-Qmail-Scanner-Mail-From: colin.percival@wadham.ox.ac.uk via gateway X-Qmail-Scanner: 1.16 (Clear:. Processed in 1.227139 secs) Received: from dhcp1131.wadham.ox.ac.uk (HELO piii600.wadham.ox.ac.uk) (163.1.161.131) by gateway.wadham.ox.ac.uk with SMTP; 18 Nov 2003 16:42:53 -0000 Message-Id: <5.0.2.1.1.20031118163606.031db020@popserver.sfu.ca> X-Sender: cperciva@popserver.sfu.ca X-Mailer: QUALCOMM Windows Eudora Version 5.0.2 Date: Tue, 18 Nov 2003 16:42:52 +0000 To: "M. Warner Losh" , des@des.no From: Colin Percival In-Reply-To: <20031118.093202.131522893.imp@bsdimp.com> References: <5.0.2.1.1.20031117165641.03101720@popserver.sfu.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed cc: caroloveres@yahoo.com cc: freebsd-stable@freebsd.org cc: colin.percival@wadham.ox.ac.uk Subject: Re: Secure updating of OS and ports X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Nov 2003 16:42:58 -0000 At 09:32 18/11/2003 -0700, M. Warner Losh wrote: >cvsup is secure from everything except man in the middle or >redirection attacks. When you run cvsup over an ssh-tunnel, you can >solve these problems if you trust the cvsup running on the localhost >you ssh to. In other words, cvsup -- as the general public uses it -- is secure, provided that you trust your DNS servers, the FreeBSD DNS servers, the cvsup mirror you access, and everyone with access to the local network segments on which the above reside. It's *almost* as secure as http -- but not quite, since the mirror system provides another point of attack. If everyone used ssh tunnels to cvsup-master, this wouldn't be an issue... but that isn't an option. Colin Percival