On Wed, Jul 30, 2008 at 08:42:44AM -0700, Justin Cappos wrote: > You might also think about requiring the mirror's IP address to fall > in the subnet (or else they ask for your approval). This might > further complicate an attacker using this for evil. The challenge here is a) private servers often are on RFC1918 addresses, so they don't fall inside the public-visible netblock assignments. If it's a private server, MM doesn't even crawl it (they're likely unreachable anyhow), relying on them to run report_mirror. This also keeps our crawl times down to 4-6 hours, it only crawls the 50% of listed servers that are public. b) malicious sysadmins could change their DNS entry after getting the netblock set up by a Fedora sysadmin, so as to no longer be inside the netblock. I feel the window of opportunity here is small, and we're going to make changes to make it even smaller. Users can't install unsigned packages, the worst a malicious mirror can do is serve "stale" content for a period of time we'll be able to control (it may be ridiculously small, like "never" (which is easy to implement but a PITA for mirrors that sync only once a day), or up to 1 week (I haven't worked out how to do this cleanly, but it's nicer to users of mirrors who are good citizens) which is clearly what I want. -- Matt Domsch Linux Technology Strategist, Dell Office of the CTO linux.dell.com & www.dell.com/linux _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
