On Fri, Jan 2, 2009 at 10:44 AM, cpghost <cpgh...@cordula.ws> wrote:
> Hello,
>
> with MITM attacks [1] on the rise, I'm concerned about the integrity
> of local /usr/src, /usr/doc, and /usr/ports trees fetched through csup
> (and portsnap) from master or mirror servers.
>
>  [1] http://en.wikipedia.org/wiki/Man-in-the-middle_attack
>
> There's already a small protection against MITM on the distfiles in
> ports: distinfo contain md5 and sha256 digests. This is an excellent
> idea that could be extended to *all* files in /usr/src, /usr/doc, and
> /usr/ports.
>
Something like this was discussed back in September:
http://lists.freebsd.org/pipermail/freebsd-hackers/2008-September/026052.html

I haven't tried Max's script yet, but it looks like it should do at
least some of what you're looking for.

Matt
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to