Date: Sat, 21 Jun 2003 19:38:38 +0100 From: Colin Percival <colin.percival@wadham.ox.ac.uk> To: ultraviolet@epweb.co.za, chat@freebsd.org Subject: Re: Cryptographically enabled ports tree. Message-ID: <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca> In-Reply-To: <20030621175414.GC18653@tulip.epweb.co.za> References: <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
At 19:54 21/06/2003 +0200, William Fletcher wrote: >One other thing while I'm at making a clown of myself. > >Wouldn't it be an absolute joke if someone rooted a redhat box on >your network, dns poisoned for cvsup.*.freebsd.org and promptly >found a way to create a cvsup-mirror on another machine >with modified source. I'm not sure I'd use the word "joke"... yes, that would definitely be a problem. Another security problem is FTP installs; sysinstall doesn't have any sort of signature verification built in, so anyone doing an FTP install could find themselves installing trojans. The only secure distribution, AFAIK, is the ISO image, because the MD5 sum of that is announced in a (signed) release announcement. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030621193449.02c91ce8>