Date: Fri, 2 Jan 2009 11:26:45 -0600 From: Matt <datahead4@gmail.com> To: cpghost <cpghost@cordula.ws> Cc: freebsd-questions@freebsd.org Subject: Re: Foiling MITM attacks on source and ports trees Message-ID: <cd6b4a5b0901020926t11dc7817j74e44cf61980f262@mail.gmail.com> In-Reply-To: <20090102164412.GA1258@phenom.cordula.ws> References: <20090102164412.GA1258@phenom.cordula.ws>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jan 2, 2009 at 10:44 AM, cpghost <cpghost@cordula.ws> wrote: > Hello, > > with MITM attacks [1] on the rise, I'm concerned about the integrity > of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup > (and portsnap) from master or mirror servers. > > [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack > > There's already a small protection against MITM on the distfiles in > ports: distinfo contain md5 and sha256 digests. This is an excellent > idea that could be extended to *all* files in /usr/src, /usr/doc, and > /usr/ports. > Something like this was discussed back in September: http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/026052.html I haven't tried Max's script yet, but it looks like it should do at least some of what you're looking for. Matt
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cd6b4a5b0901020926t11dc7817j74e44cf61980f262>