On Wed, 26 Sep 2007 11:57:32 -0300 "Celso Viana" <[EMAIL PROTECTED]> wrote:
> Ou seja? Pode ser vulnerável, visto que o "problema" é com o protocolo em si, e não com a aplicação (cvsup ou csup): Historically, most people have used CVSup to keep their ports tree up to date, but CVSup has a number of limitations: * CVSup is insecure. The protocol uses no encryption or signing, and any attacker who can intercept the connection can insert arbitrary data into the tree you are updating. * CVSup isn't end-to-end. Related to the previous point, this means that anyone who can compromise a CVSup mirror can feed arbitrary data to the people who are using that mirror. * CVSup isn't designed for frequent small updates. While CVSup is very good at distributing CVS trees, and is very efficient for updating a tree which has been significantly changed (eg, by a month or more of commits), it transmits a list of all the files in the tree, which makes it quite inefficient if only a few files have changed. * CVSup uses a custom protocol. This can cause problems for people behind firewalls -- outgoing connections on port 5999 need to be permitted -- and it needs a heavyweight server (cvsupd). http://www.daemonology.net/portsnap/ -- Ricardo Nabinger Sanchez [EMAIL PROTECTED] Powered by FreeBSD "Left to themselves, things tend to go from bad to worse." ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd