Bug#442180: d-i preseed method allows for remote cmd exec. in combination with DNS hijacking
Moritz Naumann <bugs.debian.org@moritz-naumann.com> writes:
> If an attcker is able to hijack or otherwise influence the DNS server
> used when Debian GNU/Linux is installed using win32-loader, she may be
> able to run any command that is available on the system to be installed
> as root by redirecting requests to a different web server which provides
> a given arbitrary command at the same URL.
One possible way for fixing it is to use md5sum of the preseeding file
and ask d-i to check it.
--
O T A V I O S A L V A D O R
---------------------------------------------
E-mail: otavio@debian.org UIN: 5906116
GNU/Linux User: 239058 GPG ID: 49A5F855
Home Page: http://otavio.ossystems.com.br
---------------------------------------------
"Microsoft sells you Windows ... Linux gives
you the whole house."
Reply to: