Date: Thu, 28 Jul 2022 21:05:18 +0300 From: niko.nastonen@icloud.com To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: "freebsd-pkg@freebsd.org" <freebsd-pkg@FreeBSD.org> Subject: Re: pkg and root privileges Message-ID: <FB07198D-022D-40FF-9FA0-A7E79EA6C4E7@icloud.com> In-Reply-To: <20220728154408.em52aqyovyvatcff@aniel.nours.eu> References: <0320D2DB-F61B-4F8B-B80F-D7765860283E@icloud.com> <20220728150805.ixev66bv3bhdjdn4@aniel.nours.eu> <1FDE9D79-08E1-46E7-83A6-9538D81333A4@icloud.com> <20220728154408.em52aqyovyvatcff@aniel.nours.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
What about HTTPS? I know the packages are signed, but there are plenty = of MitM and replay attacks going on especially with root handling it = all. Br. Niko > On 28. Jul 2022, at 18.44, Baptiste Daroussin <bapt@FreeBSD.org> = wrote: >=20 > On Thu, Jul 28, 2022 at 06:30:37PM +0300, niko.nastonen@icloud.com = wrote: >> The thread on the forum was closed and deleted by moderators due to = unsportsmanlike conduct of some very worried about security :-) >>=20 >> pkg indeed needs some review in terms of usage of superuser = privileges, in my opinion. Not only fetch, but other parts too, fetch = just being probably the most fragile in that sense. >>=20 >> Thanks for your attention. >=20 > I am open to any audit, and of course like for any audit there will be = bugs > found. as for usage of superuser privileges, we use capsicum sandbox = in most > sensitive cases, like signature verification for example. so while we = are > clearly not bullet proof, I don't think the situation is dramatic at = all. >=20 > Best regards, > Bapt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FB07198D-022D-40FF-9FA0-A7E79EA6C4E7>