From owner-freebsd-questions@FreeBSD.ORG Wed Mar 16 23:49:20 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A514116A4CE for ; Wed, 16 Mar 2005 23:49:20 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.193]) by mx1.FreeBSD.org (Postfix) with ESMTP id F0B5C43D54 for ; Wed, 16 Mar 2005 23:49:19 +0000 (GMT) (envelope-from nocmonkey@gmail.com) Received: by rproxy.gmail.com with SMTP id g11so305369rne for ; Wed, 16 Mar 2005 15:49:05 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=MU3GaY9Umv2FJIZ+0Vla77wKy+SGX86K9Y51Rbve+iLyutka7oXZpEdwnIohmZHPWvBiWLW0qQfYF7PEXa1SeVxfdtaIU5Nf543R+wpdz35lkoKMFP+AKM2Ga2aaeh+BxIqZiVeVZuNee4P9tJw4clxc4e6tDIMowwYmgagjxL8= Received: by 10.38.12.26 with SMTP id 26mr1012223rnl; Wed, 16 Mar 2005 15:49:05 -0800 (PST) Received: by 10.38.22.7 with HTTP; Wed, 16 Mar 2005 15:49:05 -0800 (PST) Message-ID: Date: Wed, 16 Mar 2005 18:49:05 -0500 From: Danny To: Kris Kennaway In-Reply-To: <20050316233556.GM91771@hub.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit References: <20050316233556.GM91771@hub.freebsd.org> cc: FreeBSD-questions Subject: Re: Portsnap necessary? CVSup insecure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Danny List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Mar 2005 23:49:20 -0000 On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway wrote: > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > With regards to: http://www.daemonology.net/portsnap/ > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > guru's refuse to use CVSup, or is this overkill? > > Depends on your threat model, i.e. what are you afraid of? I will respond to your question with a question to hopefully answer both of our questions. :) When is the last time a FreeBSD CVSup server was compromised - if ever? > If it's something that cvsup doesn't protect against, and portsnap does, then > use the latter. Assuming Portsnap protects and/or overcomes against all of CVSup's "limitations": "# CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating. # CVSup isn't end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror. # CVSup isn't designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it has transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed. # CVSup uses a custom protocol. This can cause problems for people behind firewalls -- outgoing connections on port 5999 need to be permitted -- and it needs a heavyweight server (cvsupd)." I don't know, it's just that if the FreeBSD org and handbook recommend using CVSup, it's can't be that bad? Thanks Kris, ...D