From owner-freebsd-security@FreeBSD.ORG Sun Nov 18 08:52:32 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B97761E6 for ; Sun, 18 Nov 2012 08:52:32 +0000 (UTC) (envelope-from andrej@brodnik.org) Received: from svarun.brodnik.org (www.brodnik.org [193.77.156.167]) by mx1.freebsd.org (Postfix) with ESMTP id 7198F8FC0C for ; Sun, 18 Nov 2012 08:52:31 +0000 (UTC) Received: from AndyMac.gotska.brodnik.org (AndyMac.gotska.brodnik.org [192.168.127.7]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by svarun.brodnik.org (Postfix) with ESMTPSA id B9CDF4AC49 for ; Sun, 18 Nov 2012 09:45:19 +0100 (CET) Message-ID: <50A8A035.3030304@brodnik.org> Date: Sun, 18 Nov 2012 09:45:41 +0100 From: "Andrej (Andy) Brodnik" User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.5; rv:16.0) Gecko/20121026 Thunderbird/16.0.2 MIME-Version: 1.0 To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? References: <20121117150556.GE24320@in-addr.com> <20121117234248.GB11298@redundancy.redundancy.org> In-Reply-To: <20121117234248.GB11298@redundancy.redundancy.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit X-Mailman-Approved-At: Sun, 18 Nov 2012 13:20:50 +0000 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2012 08:52:32 -0000 I agree, but there is signature system, which with addition of appropriate SW (e.g. built in in ports fetch/update/ ...) provides the required security. LPA Dne 11/18/12 12:42 AM, piše David Thiel: > On Sat, Nov 17, 2012 at 10:05:33AM -0500, Gary Palmer wrote: >> Can someone explain why the cvsup/csup infrastructure is considered insecure >> if the person had access to the *package* building cluster? Is it because >> the leaked key also had access to something in the chain that goes to cvsup, >> or is it because the project is not auditing the cvsup system and so the >> default assumption is that it cannot be trusted to not be compromised? > Regardless of the circumstances of the incident, use of cvsup/csup has > always been horrendously dangerous. People should regard any code > retrieved over this channel to have been potentially compromised by a > network attacker. > > Portsnap. Srsly. > > -David > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"