On Sat, Jun 13, 2015 at 04:32:04PM +0100, Aliz Hammond wrote: > > Due to this, an attacker on the local network can spoof a DHCP responce > pointing to their own preseed file, which can do all sorts of mischief > (such as adding users or executing commands). So the actual problem is that the local network is compromised. > I'm not sure of the best way to mitigate this, without annoying people > who use this feature. Perhaps a kernel commandline arg to specifically > enable preseed via DHCP is a good idea? A good idea is getting the local network to a state where it can be trusted to use DHCP at all. Groeten Geert Stappers Who considered control: tag -1 wontfix -- Leven en laten leven
Attachment:
signature.asc
Description: Digital signature