Bug 188434

Summary: Freeze attacks against freebsd-update(8)
Product: Base System Reporter: David <david.i.noel>
Component: binAssignee: freebsd-bugs (Nobody) <bugs>
Status: Open ---    
Severity: Affects Only Me CC: emaste
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description David 2014-04-10 17:50:00 UTC 
freebsd-update is vulnerable to freeze attacks.

Fix: 

Solution summary: the server-side inclusion of date-stamps, and strict client-side enforcement of expiration policies would mitigate this attack vector.
Comment 1 Mark Linimon freebsd_committer freebsd_triage 2014-04-14 00:27:34 UTC 
Responsible Changed
From-To: freebsd-bugs->cperciva

Over to maintainer.
Comment 2 Eitan Adler freebsd_committer freebsd_triage 2018-05-28 19:42:30 UTC 
batch change:

For bugs that match the following
-  Status Is In progress 
AND
- Untouched since 2018-01-01.
AND
- Affects Base System OR Documentation

DO:

Reset to open status.


Note:
I did a quick pass but if you are getting this email it might be worthwhile to double check to see if this bug ought to be closed.
Comment 3 Colin Percival freebsd_committer freebsd_triage 2019-03-12 23:00:16 UTC 
Drop freebsd-update PRs which were assigned to me.  I'm not working on this code any more.