Professional Web Applications Themes

Portsnap necessary? CVSup insecure? - FreeBSD

With regards to: http://www.daemonology.net/portsnap/ Should I be concerned about my servers that use CVSup? Do the FreeBSD guru's refuse to use CVSup, or is this overkill? Thank you, ....D...

  1. #1

    Default Portsnap necessary? CVSup insecure?

    With regards to: http://www.daemonology.net/portsnap/

    Should I be concerned about my servers that use CVSup? Do the FreeBSD
    guru's refuse to use CVSup, or is this overkill?

    Thank you,

    ....D
    Danny Guest

  2. #2

    Default Re: Portsnap necessary? CVSup insecure?

    On Wed, Mar 16, 2005 at 06:06:07PM -0500, Danny wrote: 

    Depends on your threat model, i.e. what are you afraid of? If it's
    something that cvsup doesn't protect against, and portsnap does, then
    use the latter.

    Kris

    --
    In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <mit.edu>
    Kris Guest

  3. #3

    Default Re: Portsnap necessary? CVSup insecure?

    On Wed, 16 Mar 2005 23:35:56 +0000, Kris Kennaway <org> wrote: 
    >
    > Depends on your threat model, i.e. what are you afraid of?[/ref]

    I will respond to your question with a question to hopefully answer
    both of our questions. :)

    When is the last time a FreeBSD CVSup server was compromised - if ever?
     

    Assuming Portsnap protects and/or overcomes against all of CVSup's
    "limitations":

    "# CVSup is insecure. The protocol uses no encryption or signing, and
    any attacker who can intercept the connection can insert arbitrary
    data into the tree you are updating.
    # CVSup isn't end-to-end. Related to the previous point, this means
    that anyone who can compromise a CVSup mirror can feed arbitrary data
    to the people who are using that mirror.
    # CVSup isn't designed for frequent small updates. While CVSup is very
    good at distributing CVS trees, and is very efficient for updating a
    tree which has been significantly changed (eg, by a month or more of
    commits), it has transmits a list of all the files in the tree, which
    makes it quite inefficient if only a few files have changed.
    # CVSup uses a custom protocol. This can cause problems for people
    behind firewalls -- outgoing connections on port 5999 need to be
    permitted -- and it needs a heavyweight server (cvsupd)."

    I don't know, it's just that if the FreeBSD org and handbook recommend
    using CVSup, it's can't be that bad?

    Thanks Kris,

    ....D
    Danny Guest

  4. #4

    Default Re: Portsnap necessary? CVSup insecure?

    On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: 
    > >
    > > Depends on your threat model, i.e. what are you afraid of?[/ref]
    >
    > I will respond to your question with a question to hopefully answer
    > both of our questions. :)
    >
    > When is the last time a FreeBSD CVSup server was compromised - if ever?[/ref]

    I don't know that it's ever happened.

    I don't know that that's really the threat model you should care about
    anyway, since someone could compromise the master portsnap server as
    well, just not any mirrors (but these are currently nonexistent
    anyway, afaik).

    Kris

    --
    In God we Trust -- all others must submit an X.509 certificate.
    -- Charles Forsythe <mit.edu>
    Kris Guest

  5. #5

    Default Re: Portsnap necessary? CVSup insecure?

    On Thu, 17 Mar 2005 00:59:27 +0000, Kris Kennaway <org> wrote: 
    >
    > I don't know that it's ever happened.
    >
    > I don't know that that's really the threat model you should care about
    > anyway, since someone could compromise the master portsnap server as
    > well, just not any mirrors (but these are currently nonexistent
    > anyway, afaik).[/ref]

    Alright, I think it's safe to say that I'll just have to try it out
    and see which one works best for me. Hopefully I haven't caused any
    unnecessary controversy, although I would like to hear other
    comparisons between the two.

    Thank you for your time, Kris.

    ....D
    Danny Guest

  6. #6

    Default Re: Portsnap necessary? CVSup insecure?

    On Wed, Mar 16, 2005 at 06:49:05PM -0500, Danny wrote: 
    > >
    > > Depends on your threat model, i.e. what are you afraid of?[/ref]
    >
    > I will respond to your question with a question to hopefully answer
    > both of our questions. :)
    >
    > When is the last time a FreeBSD CVSup server was compromised - if ever?
    >  
    >
    > Assuming Portsnap protects and/or overcomes against all of CVSup's
    > "limitations":
    >
    > "# CVSup is insecure. The protocol uses no encryption or signing, and
    > any attacker who can intercept the connection can insert arbitrary
    > data into the tree you are updating.
    > # CVSup isn't end-to-end. Related to the previous point, this means
    > that anyone who can compromise a CVSup mirror can feed arbitrary data
    > to the people who are using that mirror.
    > # CVSup isn't designed for frequent small updates. While CVSup is very
    > good at distributing CVS trees, and is very efficient for updating a
    > tree which has been significantly changed (eg, by a month or more of
    > commits), it has transmits a list of all the files in the tree, which
    > makes it quite inefficient if only a few files have changed.
    > # CVSup uses a custom protocol. This can cause problems for people
    > behind firewalls -- outgoing connections on port 5999 need to be
    > permitted -- and it needs a heavyweight server (cvsupd)."
    >
    > I don't know, it's just that if the FreeBSD org and handbook recommend
    > using CVSup, it's can't be that bad?[/ref]

    I don't much about portsnap, but if your looking for a secure way to do
    updates, plain old cvs through an ssh connection is very secure
    assuming you verified the fingerprint before hand. This will protect
    against everything mentioned above minus the cvs service itself being
    compromised, but then again, no protocol is safe against that.
     

    --
    I sense much NT in you.
    NT leads to Bluescreen.
    Bluescreen leads to downtime.
    Downtime leads to suffering.
    NT is the path to the darkside.
    Powerful Unix is.

    Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
    Fingerprint: CEE1 AAE2 F66C 59B5 34CA C415 6D35 E847 0118 A3D2


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (GNU/Linux)

    iD8DBQFCOOIZbTXoRwEYo9IRAoPcAJwLL1i8QAEvteKRjaqZ1n ANB7C3VgCeJw6a
    Mv9C5R+hAbhIv4VDuI3kqIg=
    =nPPQ
    -----END PGP SIGNATURE-----

    Loren Guest

Similar Threads

  1. 6.0.79.0 insecure
    By melvin24 in forum Macromedia Flash Player
    Replies: 0
    Last Post: May 20th, 08:04 AM
  2. cvsup gcc
    By Jim in forum FreeBSD
    Replies: 2
    Last Post: February 28th, 08:38 PM
  3. Replies: 6
    Last Post: September 5th, 11:39 PM
  4. Insecure $ENV{PATH}
    By Panneer Selvan in forum PERL Beginners
    Replies: 1
    Last Post: August 30th, 02:03 PM
  5. insecure dependency open while running setgid
    By David K. Wall in forum PERL Miscellaneous
    Replies: 1
    Last Post: August 25th, 06:00 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139