From owner-freebsd-security Tue Jan 11 11:58:30 2000 Delivered-To: freebsd-security@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 82AA515360; Tue, 11 Jan 2000 11:58:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 6F7CB1CD43F for ; Tue, 11 Jan 2000 11:58:28 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Tue, 11 Jan 2000 11:58:28 -0800 (PST) From: Kris Kennaway To: security@freebsd.org Subject: Warning: insecurity of ctm Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I've recently added the following warning to the ctm(1) and ctm_rmail(1) manpages: -------- SECURITY CTM is an INSECURE PROTOCOL - there is no authentication performed that the changes applied to the source code were sent by a trusted party, and so care should be taken if the CTM deltas are obtained via an unauthenti- cated medium such as email. It is a relatively simple matter for an at- tacker to forge a CTM delta to replace or precede the legitimate one and insert malicious code into your source tree. If the legitimate delta is somehow prevented from arriving, this will go unnoticed until a later delta attempts to touch the same file, at which point the MD5 checksum will fail. A future version of FreeBSD may solve this problem by authenticating CTM deltas using cryptographic signatures, but in the mean time it is strong- ly recommended that you obtain the CTM deltas via FTP, and not via email. -------- Everyone who uses CTM should be aware of the implications of this.. Kris To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message