From owner-freebsd-security@FreeBSD.ORG Sat Nov 17 15:43:50 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00844518 for ; Sat, 17 Nov 2012 15:43:49 +0000 (UTC) (envelope-from m-freebsd@fuglos.org) Received: from m.fuglos.org (m.fuglos.org [217.11.61.114]) by mx1.freebsd.org (Postfix) with ESMTP id B2A0E8FC16 for ; Sat, 17 Nov 2012 15:43:49 +0000 (UTC) Received: by m.fuglos.org (Postfix, from userid 1001) id 312DF35B7C3; Sat, 17 Nov 2012 17:07:16 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by m.fuglos.org (Postfix) with ESMTP id 2518335B7C2 for ; Sat, 17 Nov 2012 17:07:16 +0100 (CET) Date: Sat, 17 Nov 2012 17:07:16 +0100 (CET) From: "M. Schulte" X-X-Sender: mel@m.fuglos.org To: freebsd-security@freebsd.org Subject: Re: Recent security announcement and csup/cvsup? In-Reply-To: <20121117150556.GE24320@in-addr.com> Message-ID: References: <20121117150556.GE24320@in-addr.com> User-Agent: Alpine 2.00 (BSF 1167 2008-08-23) MIME-Version: 1.0 Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 17 Nov 2012 15:43:50 -0000 Hi, > Can someone explain why the cvsup/csup infrastructure is considered > insecure [...] Speaking of cvsup security -- correct me if I'm wrong, but as far as I know cvsup is generally vulnerable to man-in-the-attacks[0]. Hence I'd be very happy about more and more people moving over to the portsnap camp. Best, mel [0] http://en.wikipedia.org/wiki/Portsnap http://unix.derkeiler.com/Mailing-Lists/FreeBSD/stable/2003-11/0287.html