From owner-freebsd-questions@FreeBSD.ORG Fri Jan 2 18:17:05 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 23E9D1065670 for ; Fri, 2 Jan 2009 18:17:05 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from fw.farid-hajji.net (fw.farid-hajji.net [213.146.115.42]) by mx1.freebsd.org (Postfix) with ESMTP id 808788FC16 for ; Fri, 2 Jan 2009 18:17:04 +0000 (UTC) (envelope-from cpghost@cordula.ws) Received: from phenom.cordula.ws (phenom [192.168.254.60]) by fw.farid-hajji.net (Postfix) with ESMTP id 55B5C36591; Fri, 2 Jan 2009 19:17:01 +0100 (CET) Date: Fri, 2 Jan 2009 19:18:35 +0100 From: cpghost To: Vincent Hoffman Message-ID: <20090102181835.GB1742@phenom.cordula.ws> References: <20090102164412.GA1258@phenom.cordula.ws> <495E4F24.80209@unsane.co.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <495E4F24.80209@unsane.co.uk> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Jan 2009 18:17:05 -0000 On Fri, Jan 02, 2009 at 05:30:12PM +0000, Vincent Hoffman wrote: > cpghost wrote: > > Hello, > > > > with MITM attacks [1] on the rise, I'm concerned about the integrity > > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup > > (and portsnap) from master or mirror servers. > > > > [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack > > > > There's already a small protection against MITM on the distfiles in > > ports: distinfo contain md5 and sha256 digests. This is an excellent > > idea that could be extended to *all* files in /usr/src, /usr/doc, and > > /usr/ports. > > > > According to http://www.daemonology.net (the creator of portsnap and > also freebsd-update as well as being the freebsd security officer's > website) and a quick look though the freebsd-update and portsnap > scripts, both portsnap and freebsd update provide reasonable > cryptographic protection from MITHM attacks. > ({freebsd-update,portsnap}.conf contains a sha256 hash of the rsa key > used to sign the updates) > Admittedly this doesn't give a file by file checksum but does give > reasonable protection against MITM attacks for updates of the ports tree > and the -RELEASE src trees. Interesting! As csup user, I'm not using freebsd-update and portsnap often nor regularly, but will have a look at it. Thanks for the hint. > > Assuming there's a secure way (which is not affected by MITM) to > > obtain a master public key (GnuPG key) of the FreeBSD Project, it > > would be nice to have a mechanism in place that would: > > Agreed, a more secure way of getting it than > http://www.freebsd.org/security/so_public_key.asc would be nice, (just > ssl would make me happy.) Yup. ;) Regards, -cpghost. -- Cordula's Web. http://www.cordula.ws/