From owner-freebsd-questions@FreeBSD.ORG Thu Mar 17 01:49:16 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B79316A4CE; Thu, 17 Mar 2005 01:49:16 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id B514743D3F; Thu, 17 Mar 2005 01:49:15 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id j2H1nEUQ026776 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 16 Mar 2005 17:49:14 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id j2H1nDow026774; Wed, 16 Mar 2005 17:49:13 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Wed, 16 Mar 2005 17:49:13 -0800 From: "Loren M. Lang" To: Danny Message-ID: <20050317014913.GU18080@alzatex.com> References: <20050316233556.GM91771@hub.freebsd.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TegBI+r9roYdcP94" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: Kris Kennaway cc: FreeBSD-questions Subject: Re: Portsnap necessary? CVSup insecure? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Mar 2005 01:49:16 -0000 --TegBI+r9roYdcP94 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: > On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway wrot= e: > > On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: > > > With regards to: http://www.daemonology.net/portsnap/ > > > > > > Should I be concerned about my servers that use CVSup? Do the FreeBSD > > > guru's refuse to use CVSup, or is this overkill? > >=20 > > Depends on your threat model, i.e. what are you afraid of? >=20 > I will respond to your question with a question to hopefully answer > both of our questions. :) >=20 > When is the last time a FreeBSD CVSup server was compromised - if ever? >=20 > > If it's something that cvsup doesn't protect against, and portsnap does= , then > > use the latter. >=20 > Assuming Portsnap protects and/or overcomes against all of CVSup's > "limitations": >=20 > "# CVSup is insecure. The protocol uses no encryption or signing, and > any attacker who can intercept the connection can insert arbitrary > data into the tree you are updating. > # CVSup isn't end-to-end. Related to the previous point, this means > that anyone who can compromise a CVSup mirror can feed arbitrary data > to the people who are using that mirror. > # CVSup isn't designed for frequent small updates. While CVSup is very > good at distributing CVS trees, and is very efficient for updating a > tree which has been significantly changed (eg, by a month or more of > commits), it has transmits a list of all the files in the tree, which > makes it quite inefficient if only a few files have changed. > # CVSup uses a custom protocol. This can cause problems for people > behind firewalls -- outgoing connections on port 5999 need to be > permitted -- and it needs a heavyweight server (cvsupd)." >=20 > I don't know, it's just that if the FreeBSD org and handbook recommend > using CVSup, it's can't be that bad? I don't much about portsnap, but if your looking for a secure way to do updates, plain old cvs through an ssh connection is very secure assuming you verified the fingerprint before hand. This will protect against everything mentioned above minus the cvs service itself being compromised, but then again, no protocol is safe against that. >=20 > Thanks Kris, >=20 > ...D > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2 =20 --TegBI+r9roYdcP94 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCOOIZbTXoRwEYo9IRAoPcAJwLL1i8QAEvteKRjaqZ1nANB7C3VgCeJw6a Mv9C5R+hAbhIv4VDuI3kqIg= =nPPQ -----END PGP SIGNATURE----- --TegBI+r9roYdcP94--