Hello all, I really hope I'm missing something here, and we can all have a nice chuckle at my expense.
But I can't see any way the integrity of the installer sets (base.txz, kernel.txz and friends) can be verified cryptographically? There is a MANIFEST file containing SHA256 checksums, but it itself does not appear to be signed in any way. The installer images do come with PGP-signed checksums. So, when using an image that already contains all the sets, one can be sure they are authentic. What happens when one uses a network-only installer, though? How can it authenticate the sets it downloads from the user's chosen mirror? A cursory glance at src/usr.sbin/bsdinstall suggests that it does not, in fact, do that. Checksums are compared against the MANIFEST (in scripts/checksum), but that is itself simply downloaded from the same mirror (in scripts/jail), usually over plain FTP, without any authentication. Thanks, -nd. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
