Geert Stappers <firstname.lastname@example.org> (2015-06-13): > On Sat, Jun 13, 2015 at 04:32:04PM +0100, Aliz Hammond wrote: > > > > Due to this, an attacker on the local network can spoof a DHCP responce > > pointing to their own preseed file, which can do all sorts of mischief > > (such as adding users or executing commands). > > So the actual problem is that the local network is compromised. > > > > I'm not sure of the best way to mitigate this, without annoying people > > who use this feature. Perhaps a kernel commandline arg to specifically > > enable preseed via DHCP is a good idea? > > A good idea is getting the local network > to a state where it can be trusted to use DHCP at all. > > > Groeten > Geert Stappers > Who considered > control: tag -1 wontfix I don't think handwaving and tagging wontfix is the right play here. Mraw, KiBi.
Description: Digital signature