From owner-freebsd-security@FreeBSD.ORG Sun Jun 22 12:40:51 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 5267EA74 for ; Sun, 22 Jun 2014 12:40:51 +0000 (UTC) Received: from smtp.pobox.com (smtp.pobox.com [208.72.237.35]) by mx1.freebsd.org (Postfix) with ESMTP id 1C1D8230F for ; Sun, 22 Jun 2014 12:40:50 +0000 (UTC) Received: from smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id F32611964B for ; Sun, 22 Jun 2014 08:40:39 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to :subject:date:message-id:in-reply-to:references:mime-version :content-type:sender; s=sasl; bh=EboNd9ZMUAmS/vX0+YcsVfruHy8=; b= A3IFI5byWQ43ukwUAxkFiojDBGc1lgq8WT8vK6LVEa1HB+z19KUrBBDJlzN1zEkQ qrOU6Ulyos9PIyL5/vJIwcGzhs8g81NQsJmlAugSw/QpY/x6SOzJ5DJZAQZcboSG U2CFFmvbd6UWDmfNS5tYVD5Ge0hiSeub4k4JmKWrOTU= DomainKey-Signature: a=rsa-sha1; c=nofws; d=pobox.com; h=from:to:subject :date:message-id:in-reply-to:references:mime-version :content-type:sender; q=dns; s=sasl; b=qoOYR5lTvOXzXHxq66hxDMAmM UgzfJdQaZkm9qrGnGENnKPNlPCzm5numVzpyvIfEHKuJG2DhRzbXP0Nu5jr5pT/M 5DOuxkfL4eh2fJPPICWJTjH/QDxYbmgFtiGPKV5eDtFi86xms1qzFZ/1gvOjKjU5 mT4RR9cZ+mAse/qBV4= Received: from pb-smtp0.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp0.pobox.com (Postfix) with ESMTP id E98141964A for ; Sun, 22 Jun 2014 08:40:39 -0400 (EDT) Received: from behemoth.localnet (unknown [50.90.2.70]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-smtp0.pobox.com (Postfix) with ESMTPSA id 967BD19649 for ; Sun, 22 Jun 2014 08:40:35 -0400 (EDT) From: Chris Nehren To: freebsd-security@freebsd.org Subject: Re: Ports tree insecure because of IGNOREFILES+IGNORE Date: Sun, 22 Jun 2014 08:40:03 -0400 Message-ID: <5004359.PqOTrjIgg6@behemoth> User-Agent: KMail/4.12.5 (FreeBSD/10.0-STABLE; KDE/4.12.5; amd64; ; ) In-Reply-To: References: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart9024034.TGMyTBnSM8"; micalg="pgp-sha1"; protocol="application/pgp-signature" Sender: Chris Nehren X-Pobox-Relay-ID: 68365AC2-FA0A-11E3-A1F9-9903E9FBB39C-49531120!pb-smtp0.pobox.com X-Mailman-Approved-At: Sun, 22 Jun 2014 13:42:20 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Jun 2014 12:40:51 -0000 --nextPart9024034.TGMyTBnSM8 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" On Sunday, June 22, 2014 22:31:50 philj@openmailbox.org wrote: > The IGNOREFILES+IGNORE mechanism allows port maintainers to > disable checksum checks. I feel that this mechanism is a stain=20 > on an otherwise fantastic ports system. It reduces user > confidence in security and makes us all sitting ducks for=20 > sophisticated adversaries. Er. There's nothing stopping a port maintainer from saying=20 "Sorry, the distfiles aren't fetchable from the master sites any=20 more, I can host a copy" and then host a malicious distfile. Or=20 doing any number of simpler things to cause a problem. The=20 Project doesn't have the resources to audit every single=20 distfile's code. If you're that paranoid, you're welcome to do=20 so yourself. =2D-=20 Chris Nehren --nextPart9024034.TGMyTBnSM8 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABAgAGBQJTps7BAAoJEBHA+GJAM0vPW9MP/1qS+NfB5B21L0n+g9CtG+U7 STG+r5uADq7qWW2+m5As0dTGOyrjYueDkt0AlWXAYxWZAhye0vs9oSgeCgMNSg7V WGkeHT5BxxLKq3rpobracXVA0C7zKbm0Sd40ra36551++CuAlqpjciy0vH85GtnK V/dNOw5ZmU3AD/fV1Zh1oDIpEvzgBzg1OkL2GOOzHTY6aC6iovfINhiaSGJR2Dhw 41AJE/YdaxI3e9ki6kNIzWwYYBXBdvreSI5s8jmSwFE6rxqh6EY+96YIx0rj3tj/ b9R13h9vCsjtmKvjfhXO/S7uIoYhFd7A4TdjaCzUOMMQU3FYlay7huz36PYIFTYO nDa+nOnHzcI3sxy7S9Z1yR1zB/1/ExCHdjzHhlp7dgRg4MKZru4sBmkJSakgdKic 4fvLgBrMe043TI15/z5Moy9RRd1RU5BbqY5be/o+piSDow4wzUOyupH/CZ5lDU6/ UCXz9yM0rOBQAeDLGslJbnurGA5z10fA3ed0+PG91xDSAMucFzRhJ5jT7vP7uCoY JLWLzorOJaaAd1p0RPljQp1tykSuSsIqyqql8lNeL/zbmsmkaSW4H7ZiexUH3oyb mPDZ3pxTBDsPecl6sWer72iaLXB3G8UoIuI8w1NxZ5jYQke+FowS9Rb5tfGWMq5t 9vEC2OQHlylnFhpNQnVi =hte2 -----END PGP SIGNATURE----- --nextPart9024034.TGMyTBnSM8--