Cryptographically enabled ports tree.
Colin Percival
colin.percival at wadham.ox.ac.uk
Sat Jun 21 11:38:44 PDT 2003
At 19:54 21/06/2003 +0200, William Fletcher wrote:
>One other thing while I'm at making a clown of myself.
>
>Wouldn't it be an absolute joke if someone rooted a redhat box on
>your network, dns poisoned for cvsup.*.freebsd.org and promptly
>found a way to create a cvsup-mirror on another machine
>with modified source.
I'm not sure I'd use the word "joke"... yes, that would definitely be a
problem.
Another security problem is FTP installs; sysinstall doesn't have any
sort of signature verification built in, so anyone doing an FTP install
could find themselves installing trojans. The only secure distribution,
AFAIK, is the ISO image, because the MD5 sum of that is announced in a
(signed) release announcement.
Colin Percival
More information about the freebsd-chat
mailing list