From owner-freebsd-security@FreeBSD.ORG Sat Nov 17 15:06:02 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 48C8D76F for ; Sat, 17 Nov 2012 15:06:02 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 188EA8FC08 for ; Sat, 17 Nov 2012 15:06:02 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.80.1 (FreeBSD)) (envelope-from ) id 1TZjy1-000BRh-4p for freebsd-security@freebsd.org; Sat, 17 Nov 2012 10:05:57 -0500 Date: Sat, 17 Nov 2012 10:05:57 -0500 From: Gary Palmer To: freebsd-security@freebsd.org Subject: Recent security announcement and csup/cvsup? Message-ID: <20121117150556.GE24320@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 15:06:02 -0000 Hi, Can someone explain why the cvsup/csup infrastructure is considered insecure if the person had access to the *package* building cluster? Is it because the leaked key also had access to something in the chain that goes to cvsup, or is it because the project is not auditing the cvsup system and so the default assumption is that it cannot be trusted to not be compromised? If it is the latter, someone from the community could check rather than encourage everyone who has been using csup/cvsup to wipe and reinstall their boxes. Unfortunately the wipe option is not possible for me right now and my backups do go back to before the 19th of September Thanks Gary