[OS X TeX] [OT] All about P2P (was: MacTeX-2008 Status)
Adam R. Maxwell
amaxwell at mac.com
Thu Sep 4 16:41:53 CEST 2008
On Sep 4, 2008, at 3:38 AM, Thomas Bohn wrote:
> On 4 Sep 2008, at 05:09, Adam R. Maxwell wrote:
>
>> Requesting data from an http/ftp/nntp server is a bit different
>> from opening up your filesystem to people all over the world,
>
> You don't. At least not with BitTorrent, this protocol gives access
> to the file(s) in question nothing else. It is to my knowledge not
> possible to access other files, except those described in the
> BitTorrent file.
Be that as it may, you are explicitly allowing traffic through your
firewall in order for other persons to access some portion of your
computer, right?
>> hoping the program doesn't have a buffer overflow or a back door
>> that gives someone full access (assuming it was configured securely
>> in the first place).
>
> This can be a problem if someone is spreading a manipulated
> BitTorrent file and this can be as dangerous as open a manipulated
> JPEG in a browser. But who runs such a software or any software for
> that matter as root or admin?
I'd guess that most Mac users are running under an admin account all
the time; I certainly run as admin at home. Many of us are probably
conditioned to enter our password every time it's requested, also...
> I think you get the "old" way of P2P like Napster and Gnutella
> confused with BitTorrent.
My point is this: if it is possible to misconfigure the software /or/
it contains an exploitable bug, your risk increases. Google [1]
indicates that such vulnerabilities have been found in bittorrent
software [2]. The user (or owner of the computer/data) needs to
decide if that risk is acceptable.
>> In the present case of MacTeX, it not necessary to use p2p, so
>> there's no justification for it.
>
> P2P can help to reduce the load of the servers and get MacTeX faster
> to the people who wants it. You actually can distribute it to the
> public and to the mirrors at the same time.
Yes, it has some benefits, and can be a useful tool. If it's worth
the risk to you, by all means use it; it may not be acceptable for
everyone on this list, though.
--
Adam
[1] http://www.google.com/search?ie=utf8&oe=utf8&q=bittorrent+vulnerability
[2] http://cyberinsecure.com/torrent-quietly-patched-an-old-zero-day-vulnerability/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2415 bytes
Desc: not available
URL: <http://tug.org/pipermail/macostex-archives/attachments/20080904/f3c795a9/attachment.bin>
More information about the macostex-archives
mailing list