Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 21 Jun 2003 19:38:38 +0100
From:      Colin Percival <colin.percival@wadham.ox.ac.uk>
To:        ultraviolet@epweb.co.za, chat@freebsd.org
Subject:   Re: Cryptographically enabled ports tree.
Message-ID:  <5.0.2.1.1.20030621193449.02c91ce8@popserver.sfu.ca>
In-Reply-To: <20030621175414.GC18653@tulip.epweb.co.za>
References:  <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca> <20030621163835.GA18653@tulip.epweb.co.za> <5.0.2.1.1.20030621175853.02c92e00@popserver.sfu.ca>

next in thread | previous in thread | raw e-mail | index | archive | help
At 19:54 21/06/2003 +0200, William Fletcher wrote:
>One other thing while I'm at making a clown of myself.
>
>Wouldn't it be an absolute joke if someone rooted a redhat box on
>your network, dns poisoned for cvsup.*.freebsd.org and promptly
>found a way to create a cvsup-mirror on another machine
>with modified source.

   I'm not sure I'd use the word "joke"... yes, that would definitely be a 
problem.
   Another security problem is FTP installs; sysinstall doesn't have any 
sort of signature verification built in, so anyone doing an FTP install 
could find themselves installing trojans.  The only secure distribution, 
AFAIK, is the ISO image, because the MD5 sum of that is announced in a 
(signed) release announcement.

Colin Percival




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.2.1.1.20030621193449.02c91ce8>