Bug#788634: debian-installer: Accepting a preseed URL from DHCP allows attacker to hijack installation
On Mon, Jun 22, 2015 at 10:03:52PM +0200, Geert Stappers wrote:
> > +Template: preseed/accept_preseed_from_DHCP
> > +Default: false
> > +_Description: Accept a preseed URL from the DHCP server?
>
> :-(
>
> We have allready 'auto-install/enable' ( 'auto' for short )
Which does not serve the same purpose.
auto-install/enable reorders some questions (including about networking)
so that you can put more information in the preseed URL and less
information in the command line preseed keys which you need to pass
along with auto-install/enable.
This is about enabling preseeding in the first place.
If you're going to use auto-install, you're most likely also going to
provide a preseed URL, so then having an unexpected preseed URL in DHCP
is fishy.
If you *are* going to provide the preseed URL via DHCP, then it's
perfectly possible to preseed the "accept preseed from dhcp" option on
the kernel command line.
However, I would personally feel more comfortable about this if it were
bypassed when the system has booted from PXE. As said before, in that
case you're already implicitly trusting your DHCP server, so it makes no
sense asking for it anymore.
--
It is easy to love a country that is famous for chocolate and beer
-- Barack Obama, speaking in Brussels, Belgium, 2014-03-26
Reply to: