Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 20 Mar 2016 10:52:01 -0500
From:      David I Noel <david.i.noel@gmail.com>
To:        tyler@tysdomain.com
Cc:        freebsd-hackers@freebsd.org
Subject:   Re: looking for areas to contribute
Message-ID:  <CAHAXwYBPEMFfv%2B5=ezs23r%2BvweeE63O0x6Q35Ny=braQKSAqtA@mail.gmail.com>
In-Reply-To: <56ED75D8.1050800@tysdomain.com>
References:  <56ED75D8.1050800@tysdomain.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
>On 3/19/16, Littlefield, Tyler
> I'm fluent with C and other languages and want to start contributing
> to BSD. I'm happy to work where ever I can be of use, I love more
> lower level stuff but anything that has me working on code would be
> great. My questions:

Hi Tyler,

While not as glamorous as some of the more lower-level work, there are
a handful of potentially nasty script-related bugs in the base copies
of portsnap, freebsd-update, and pmirror that have been sitting around
for a decade or so now:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188428 (MITM against portsnap)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188430 (Freeze
against portsnap)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188429 (MITM against
freebsd-update)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188434 (Freeze
against freebsd-update)
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=188432 (MITM against pmirror)

It's been a long while since anyone's discussed them, and I wasn't
sure how interested in looking into them you might be so I only
grabbed a few links, but some of the relevant threads can be found
across the lists under the subjects "MITM attacks against portsnap and
freebsd-update". I believe there is also some info under "Retiring
portsnap [was MITM attacks against portsnap and freebsd-update]".

The first was cross-posted to several lists and I believe several
independent threads spun off from it as a result. But here are a few
quick ones I could find immediately.

https://marc.info/?t=139714957000008&r=1&w=2
https://marc.info/?t=139718224200001&r=1&w=2

If you're interested and want more information let me know.

Take care,

David Noel

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAXwYBPEMFfv%2B5=ezs23r%2BvweeE63O0x6Q35Ny=braQKSAqtA>