On Mon, 17 Nov 2003, Carol Overes wrote:
> I'm looking for a way to update in a secure manner my
> kernel, binaries and anything from the ports
> collection.
>
> I'm thinking of updating kernel and binaries with
> patches form ftp.freebsd.org which are siganed with
> the PGP key of the security officers. However, this
> has to be hand-made patching. Does anyone know a
> secure way via for example cvsup ?
>
> Also, I'm looking for a secure way to update ports
> applications. How can I check that patches for ports
> doesn't contain any trojans for example, or are coming
> from the original source.
>
> Any thoughts about his ?
I was thinking about this same problem myself not too long ago. What I
came up with was that all the related files could have md5sums (as the
distfiles already do) and these md5sum files would be signed by a trusted
entity and by default the Makefiles would check the md5sum signatures, the
md5sums themselves and refuse to do anything unless it all checks out.
While that would work great for ports, the actual source tree could be a
problem. If all files would have associated md5sums which would all be
checked during compilation, it might make the whole process unbearably
slow on slow machines. Although then there might be a switch to disable
the checking to increase speed at the cost of security.
Also there's the problem of locating the entity that would check all the
source code both in src and ports before signing. Of course the ports
could be signed by maintainers using a method provided by the FreeBSD
project, such as a key associated with a certificate.
Considerable amounts of work into a full-out PKI infrastructure could of
course also be a problem. All this de facto PGP/GPG stuff just makes my
head hurt.
More thoughts, anyone?
-jake
--
Jarkko Santala <jake(?t)iki.fi> System Administrator http://iki.fi/jake/