security projects thoughts
Arno Hautala
arno at alum.wpi.edu
Mon Apr 18 06:48:31 PDT 2011
On Mon, Apr 18, 2011 at 09:38, Daniel J. Luke <dluke at geeklair.net> wrote:
> On Apr 18, 2011, at 9:27 AM, Arno Hautala wrote:
>>
>> So let's say you're for some reason using the MacPorts sudo instead of
>> the system shipped version (maybe the system version is out of date
>> and insecure). You're updating your ports at a cafe and someone spoofs
>> the update for the sudo port.
>
> Which method are they using to do this?
Magic? ;-)
The easiest example is the malicious network operator.
>> With signed portfiles and packages they
>> can't [1]. With the current scheme, they can spoof the portfile and
>> replace the package source and hash.
>
> I think it's worthwhile to think about this, but it's probably also important to remember that it's not the only (or even the most likely) threat model.
This is why netsec is fun. You get to seriously discuss models that
are unlikely :-)
> It's not like most maintainers (or probably any) really audit upstream source releases to make sure they don't contain anything malicious [which brings us back to jkh's sandbox everything idea, which is a good one].
I suppose it's a good time to remember that spending too much time on
miniscule threats can make other vulnerabilities greater risks than
they were previously.
Security in layers and tradeoffs.
--
arno s hautala /-| arno at alum.wpi.edu
pgp b2c9d448
More information about the macports-dev
mailing list