-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/9/10 16:04 , Richard O'Keefe wrote: > I thought "X is a mirror of Y" meant X would be a read-only replica of Y, > with some sort of protocol between X and Y to keep X up to date. > As long as the material from Y replicated at X is *supposed* to be > publicly available, I don't see a security problem here. Only Y accepts > updates from outside, and it continues to do whatever authentication it > would do without a mirror. The mirror X would *not* accept updates.
The above assumes that the operator of the mirror is trustworthy. It wouldn't be difficult for a hostile party to set up a mirror, but then modify the packages to include malware payloads --- if the packages aren't signed. (Or even if they are signed if it's a sufficiently weak algorithm. MD5 is already unusable for the purpose.) Other possibilities include MITM attacks where the hostile party detects that someone is attempting to download a package and spoofs a reply that directs it to a different package. (Or more complex tricks; see http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.167.4096&rep=rep1&type=pdf for examples.) - -- brandon s. allbery [linux,solaris,freebsd,perl] allb...@kf8nh.com system administrator [openafs,heimdal,too many hats] allb...@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0D1jcACgkQIn7hlCsL25V3dQCfZ4zdF9KXNNS7bA35CL33e00q FzUAnAvQiRhElO/86qgagtKzv/cwgQfJ =DxV9 -----END PGP SIGNATURE----- _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe