security projects thoughts
Daniel J. Luke
dluke at geeklair.net
Mon Apr 18 06:38:14 PDT 2011
On Apr 18, 2011, at 9:27 AM, Arno Hautala wrote:
>
> So let's say you're for some reason using the MacPorts sudo instead of
> the system shipped version (maybe the system version is out of date
> and insecure). You're updating your ports at a cafe and someone spoofs
> the update for the sudo port.
Which method are they using to do this?
Maybe we fix it by just deploying DNSSEC? ;-)
> With signed portfiles and packages they
> can't [1]. With the current scheme, they can spoof the portfile and
> replace the package source and hash.
I think it's worthwhile to think about this, but it's probably also important to remember that it's not the only (or even the most likely) threat model.
It's not like most maintainers (or probably any) really audit upstream source releases to make sure they don't contain anything malicious [which brings us back to jkh's sandbox everything idea, which is a good one].
--
Daniel J. Luke
+========================================================+
| *---------------- dluke at geeklair.net ----------------* |
| *-------------- http://www.geeklair.net -------------* |
+========================================================+
| Opinions expressed are mine and do not necessarily |
| reflect the opinions of my employer. |
+========================================================+
More information about the macports-dev
mailing list