Re: Ports are insecure?
From: Alex Kiesel (alex.kiesel@document-root.de)
Date: 08/27/02
- Next message: Garrett Wollman: "Re: Administrivia: Discussion - Making this list subscriber-only"
- Previous message: Bill Fumerola: "Re: IPsec tunnel between XP and FreeBSD"
- In reply to: Erick Mechler: "Re: Ports are insecure?"
- Next in thread: Mark Murray: "Re: Ports are insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 27 Aug 2002 22:30:16 +0200 From: Alex Kiesel <alex.kiesel@document-root.de> To: Erick Mechler <emechler@techometer.net>
On Aug 27, 2002, Erick Mechler wrote:
> Not just anybody can contribute to a FreeBSD port entry; the commit still
> has to be done by an authorized committer. However, it's true that just
> about anybody's software package can become a port, so if you just blindly
> start installing ports, you might, on rare occasions, install a piece of
> software that's been trojaned (take the recent OpenSSH trojan for example).
As the ports collection has a checksum for every file that is needed, it
should not be a big problem to avoid installing trojanized software.
IIRC you could not install OpenSSH without ignoring checksum alerts.
Cheers,
Alex
-- Alex Kiesel PGP Key: 0x09F4FA11 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Garrett Wollman: "Re: Administrivia: Discussion - Making this list subscriber-only"
- Previous message: Bill Fumerola: "Re: IPsec tunnel between XP and FreeBSD"
- In reply to: Erick Mechler: "Re: Ports are insecure?"
- Next in thread: Mark Murray: "Re: Ports are insecure?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
