Portsnap necessary? CVSup insecure?
Danny
nocmonkey at gmail.com
Wed Mar 16 15:49:20 PST 2005
On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <kris at freebsd.org> wrote:
> On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote:
> > With regards to: http://www.daemonology.net/portsnap/
> >
> > Should I be concerned about my servers that use CVSup? Do the FreeBSD
> > guru's refuse to use CVSup, or is this overkill?
>
> Depends on your threat model, i.e. what are you afraid of?
I will respond to your question with a question to hopefully answer
both of our questions. :)
When is the last time a FreeBSD CVSup server was compromised - if ever?
> If it's something that cvsup doesn't protect against, and portsnap does, then
> use the latter.
Assuming Portsnap protects and/or overcomes against all of CVSup's
"limitations":
"# CVSup is insecure. The protocol uses no encryption or signing, and
any attacker who can intercept the connection can insert arbitrary
data into the tree you are updating.
# CVSup isn't end-to-end. Related to the previous point, this means
that anyone who can compromise a CVSup mirror can feed arbitrary data
to the people who are using that mirror.
# CVSup isn't designed for frequent small updates. While CVSup is very
good at distributing CVS trees, and is very efficient for updating a
tree which has been significantly changed (eg, by a month or more of
commits), it has transmits a list of all the files in the tree, which
makes it quite inefficient if only a few files have changed.
# CVSup uses a custom protocol. This can cause problems for people
behind firewalls -- outgoing connections on port 5999 need to be
permitted -- and it needs a heavyweight server (cvsupd)."
I don't know, it's just that if the FreeBSD org and handbook recommend
using CVSup, it's can't be that bad?
Thanks Kris,
...D
More information about the freebsd-questions
mailing list