diff options
author | kris <kris@FreeBSD.org> | 2000-01-11 07:46:33 +0000 |
---|---|---|
committer | kris <kris@FreeBSD.org> | 2000-01-11 07:46:33 +0000 |
commit | 41010e575bb05d19f79962707a42c60c457bc6c5 (patch) | |
tree | 31bb41a9e7ee8ba5bc61dcf21f62d14aa0880a39 /usr.sbin/ctm/ctm | |
parent | f91e1883f7e61f640aef04be58303a69762389a4 (diff) | |
download | FreeBSD-src-41010e575bb05d19f79962707a42c60c457bc6c5.zip FreeBSD-src-41010e575bb05d19f79962707a42c60c457bc6c5.tar.gz |
Document the (in)security features of CTM, especially ctm_rmail.
Diffstat (limited to 'usr.sbin/ctm/ctm')
-rw-r--r-- | usr.sbin/ctm/ctm/ctm.1 | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/usr.sbin/ctm/ctm/ctm.1 b/usr.sbin/ctm/ctm/ctm.1 index 4656301..d51bbc2 100644 --- a/usr.sbin/ctm/ctm/ctm.1 +++ b/usr.sbin/ctm/ctm/ctm.1 @@ -222,7 +222,33 @@ Pathnames can be selected for CTM's consideration using the option. .El - +.Pp +.Sh SECURITY +.Pp +CTM is an +.Bf Em +INSECURE PROTOCOL +.Ef +- there is no authentication performed that the +changes applied to the source code were sent by a +trusted party, and so care should be taken if the +CTM deltas are obtained via an unauthenticated +medium such as email. +It is a relatively simple matter for an attacker +to forge a CTM delta to replace or precede the +legitimate one and insert malicious code into your +source tree. +If the legitimate delta is somehow prevented from +arriving, this will go unnoticed until a later +delta attempts to touch the same file, at which +point the MD5 checksum will fail. +.Pp +A future version of +.Fx +may solve this problem by authenticating CTM +deltas using cryptographic signatures, but in the +mean time it is strongly recommended that you +obtain the CTM deltas via FTP, and not via email. .Sh ENVIRONMENT .Ev TMPDIR, if set to a pathname, will cause ctm to use that pathname |