Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 20 Nov 2012 15:45:20 +0000
From:      Matthew Seaman <matthew@freebsd.org>
To:        freebsd-security@freebsd.org
Subject:   Re: Recent security announcement and csup/cvsup?
Message-ID:  <50ABA590.5090600@freebsd.org>
In-Reply-To: <20121120100148.GA93826@roberto-aw.eurocontrol.fr>
References:  <20121117150556.GE24320@in-addr.com> <alpine.BSF.2.00.1211171705170.32838@m.fuglos.org> <20121118180421.GF24320@in-addr.com> <20121120100148.GA93826@roberto-aw.eurocontrol.fr>

next in thread | previous in thread | raw e-mail | index | archive | help
On 20/11/2012 10:01, Ollivier Robert wrote:
> According to Gary Palmer on Sun, Nov 18, 2012 at 01:04:21PM -0500:
>> > In other words: while signed updates via freebsd-update and portsnap
>> > are great for a good chunk of users, they don't address everyones needs.

> Hopefully, with the move toward kngng, there will be less need of portsnap (and /usr/ports for that matter).

kngng?  I had visions of Kerberized pkgng there for a moment...

pkgng will have a crypto-signing mechanism for packages with
per-repository public keys and so forth.  It's not there yet -- stuff is
awaiting review by security team people, who are (even moreso, given
current events) generally insanely busy.

This will allow everyone to be confident that the packages they install
are as generated on the build system used to generate them.  Which won't
help at all if an attacker can subvert either the mechanisms by which
the build system gets its source code[*], or the source repositories
that code comes from -- and remember, since this is the ports, that code
comes from all sorts of places of greater and lesser security.

In that sense, pkgng offers no fundamental security advantage over using
the ports directly yourself.  pkgng will be more convenient and a lot
quicker, but it isn't meant to entirely replace the ports.

	Cheers,

	Matthew

[*] Including faking the SHA checksums of the distfiles, which is a
little extra step that seems to elude most attackers and that has
resulted in uncovering such attacks in the past.





Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50ABA590.5090600>