[FUG-BR] Procedimento para atualizar PORT vulnerável
Celso Viana
celso.vianna em gmail.com
Quarta Setembro 26 16:17:51 BRT 2007
2007/9/26, Ricardo Nabinger Sanchez <rnsanchez at gmail.com>:
> On Wed, 26 Sep 2007 11:57:32 -0300
> "Celso Viana" <celso.vianna at gmail.com> wrote:
>
> > Ou seja?
>
> Pode ser vulnerável, visto que o "problema" é com o protocolo em si, e
> não com a aplicação (cvsup ou csup):
>
> Historically, most people have used CVSup to keep their ports tree up to
> date, but CVSup has a number of limitations:
>
> * CVSup is insecure. The protocol uses no encryption or signing, and
> any attacker who can intercept the connection can insert arbitrary data
> into the tree you are updating.
> * CVSup isn't end-to-end. Related to the previous point, this means
> that anyone who can compromise a CVSup mirror can feed arbitrary data to
> the people who are using that mirror.
> * CVSup isn't designed for frequent small updates. While CVSup is
> very good at distributing CVS trees, and is very efficient for updating
> a tree which has been significantly changed (eg, by a month or more of
> commits), it transmits a list of all the files in the tree, which makes
> it quite inefficient if only a few files have changed.
> * CVSup uses a custom protocol. This can cause problems for people
> behind firewalls -- outgoing connections on port 5999 need to be
> permitted -- and it needs a heavyweight server (cvsupd).
>
> http://www.daemonology.net/portsnap/
>
> --
> Ricardo Nabinger Sanchez rnsanchez at gmail.com
> Powered by FreeBSD
>
> "Left to themselves, things tend to go from bad to worse."
> -------------------------
> Histórico: http://www.fug.com.br/historico/html/freebsd/
> Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
>
Ricardo,
Valews pela explicação; gosto mais do cvsup/csup porque ele pega as
atualizações quando elas são feitas, né? parece que com o portsnap é
feita uma compilação por dia; me corrija se estiver errado; outra
coisa: já é possível ter um mirror para a rede local do portsnap,
assim como o cvsup?
Obrigado
--
Celso Vianna
BSD User: 51318
http://www.bsdcounter.org
63 8404-8559
Palmas/TO
Mais detalhes sobre a lista de discussão freebsd