From owner-freebsd-questions@FreeBSD.ORG Thu Dec 24 19:55:48 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 348F0106566B for ; Thu, 24 Dec 2009 19:55:48 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id 97B458FC18 for ; Thu, 24 Dec 2009 19:55:47 +0000 (UTC) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.3/8.14.3) with ESMTP id nBOJta7w090138; Thu, 24 Dec 2009 19:55:42 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.8.3 smtp.infracaninophile.co.uk nBOJta7w090138 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=infracaninophile.co.uk; s=200708; t=1261684542; bh=OPPl0nJi0hCSy0gmrbr/s+WjycH4Gc+1is1KaCZ+TVM=; h=Message-ID:Date:From:MIME-Version:To:CC:Subject:References: In-Reply-To:Content-Type:Cc:Content-Type:Date:From:In-Reply-To: Message-ID:Mime-Version:References:To; z=Message-ID:=20<4B33C731.9030909@infracaninophile.co.uk>|Date:=20T hu,=2024=20Dec=202009=2019:55:29=20+0000|From:=20Matthew=20Seaman= 20|Organization:=20Infracaninophi le|User-Agent:=20Thunderbird=202.0.0.23=20(X11/20091129)|MIME-Vers ion:=201.0|To:=20QIU=20Quan=20|CC:=20freebsd-que stions@freebsd.org|Subject:=20Re:=20Are=20source=20updating=20mech anisms=20vulnerable=20to=20MITM=20attacks?|References:=20<53a56570 0912240020s7476721egca5d7801ffcd2bb7@mail.gmail.com>|In-Reply-To:= 20<53a565700912240020s7476721egca5d7801ffcd2bb7@mail.gmail.com>|X- Enigmail-Version:=200.95.6|Content-Type:=20multipart/signed=3B=20m icalg=3Dpgp-sha256=3B=0D=0A=20protocol=3D"application/pgp-signatur e"=3B=0D=0A=20boundary=3D"------------enig175B4A5CF0C9616C79FBBE55 "; b=0fCX2MuFdfH92rEumtROxXxLArLAXRHOjzVtfwALovk+o5yw6kQgSXH6NKnnxh3L6 mStB8HsGTOu+8qg26urLVqfW6Zz9V75QuOq1cdk9zaI8Jxb5mIGHUb5qJlIFVAEcja gpaeEZJToWOLLvFfcHtak51+LELPUyhDnNIS8Wm0= X-Authentication-Warning: happy-idiot-talk.infracaninophile.co.uk: Host localhost [IPv6:::1] claimed to be happy-idiot-talk.infracaninophile.co.uk Message-ID: <4B33C731.9030909@infracaninophile.co.uk> Date: Thu, 24 Dec 2009 19:55:29 +0000 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.23 (X11/20091129) MIME-Version: 1.0 To: QIU Quan References: <53a565700912240020s7476721egca5d7801ffcd2bb7@mail.gmail.com> In-Reply-To: <53a565700912240020s7476721egca5d7801ffcd2bb7@mail.gmail.com> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig175B4A5CF0C9616C79FBBE55" X-Virus-Scanned: clamav-milter 0.95.3 at happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VERIFIED,NO_RELAYS autolearn=ham version=3.2.5 X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-questions@freebsd.org Subject: Re: Are source updating mechanisms vulnerable to MITM attacks? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Dec 2009 19:55:48 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig175B4A5CF0C9616C79FBBE55 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: quoted-printable QIU Quan wrote: > It seems CVSup uses clear text, with neither server authentication as > SSH nor message authentication as PGP. >=20 > Is it possible to poison the DNS records and fire a man-in-the-middle > attack against the source updating procedure? In principle, yes. There have been no reports of this happening in the w= ild however. > It seems portsnap uses a public key to verify downloads. >=20 > Are there some source updating mechanisms with authentication or verifi= cation? freebsd-update(8), freebsd-update.conf(5) You can use this just to pull = down the system sources I believe, but only for release branches, not for -CUR= RENT or -STABLE. Installing from the cryptographically checksummed release .iso images, an= d then only applying the updates from the PGP signed advisory messages and patches? Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig175B4A5CF0C9616C79FBBE55 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkszxzcACgkQ8Mjk52CukIyfTACfQrbMnMz7Hx8JV5uUwyWGGWsx riEAoIiXUqGXmEYSkpa/rq81j+nOtvnV =EEKQ -----END PGP SIGNATURE----- --------------enig175B4A5CF0C9616C79FBBE55--