[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#788634: debian-installer: Accepting a preseed URL from DHCP allows attacker to hijack installation

Quoting Aliz 'Randomdude' (randomdude@gmail.com):

> +Template: preseed/accept_preseed_from_DHCP
> +Type: boolean
> +Default: false
> +_Description: Accept a preseed URL from the DHCP server?
> + The DHCP server has provided extra commands or customisations to

s/has provided/provided

Better English, imho....

> + debian-installer via a preseed file. It is possible that these
> + commands were set by the network administrator; however, it is
> + impossible to verify this, or to ensure they have not been altered
> + by an attacker who already has access to your local network. For
> + this reason, you should only accept these customisations if you
> + accept the risk they entail.

s/your local network/the local network

>  Template: debian-installer/network-preseed/title
> I've made it slightly more verbose as well. Is this acceptable, or
> should I solicit comments on debian-l10n-english@lists.debian.org?

It is always a good idea to ask for a review in

Attachment: signature.asc
Description: Digital signature

Reply to: