On Wed, 26 Sep 2007 11:57:32 -0300
"Celso Viana" <[EMAIL PROTECTED]> wrote:
> Ou seja?
Pode ser vulnerável, visto que o "problema" é com o protocolo em si, e
não com a aplicação (cvsup ou csup):
Historically, most people have used CVSup to keep their ports tree up to
date, but CVSup has a number of limitations:
* CVSup is insecure. The protocol uses no encryption or signing, and
any attacker who can intercept the connection can insert arbitrary data
into the tree you are updating.
* CVSup isn't end-to-end. Related to the previous point, this means
that anyone who can compromise a CVSup mirror can feed arbitrary data to
the people who are using that mirror.
* CVSup isn't designed for frequent small updates. While CVSup is
very good at distributing CVS trees, and is very efficient for updating
a tree which has been significantly changed (eg, by a month or more of
commits), it transmits a list of all the files in the tree, which makes
it quite inefficient if only a few files have changed.
* CVSup uses a custom protocol. This can cause problems for people
behind firewalls -- outgoing connections on port 5999 need to be
permitted -- and it needs a heavyweight server (cvsupd).
http://www.daemonology.net/portsnap/
--
Ricardo Nabinger Sanchez [EMAIL PROTECTED]
Powered by FreeBSD
"Left to themselves, things tend to go from bad to worse."
-------------------------
Histórico: http://www.fug.com.br/historico/html/freebsd/
Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
