Bug#932828: The initial LTSP chroot image should include the LDAP server certificate to improve security

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#932828: The initial LTSP chroot image should include the LDAP server certificate to improve security
From: Wolfgang Schweer <w.schweer@gmx.de>
Date: Tue, 23 Jul 2019 19:50:46 +0200
Message-id: <[🔎] 20190723175046.GA4810@star>
Reply-to: Wolfgang Schweer <w.schweer@gmx.de>, 932828@bugs.debian.org

Package: debian-edu-config
Version: 2.10.65
Severity: important

After setting up a system including the 'LTSP-Server' profile, the LTSP 
chroot's SquashFS image (generated at installation time and used by NBD 
to provide an LTSP client's root filesystem) doesn't include the LDAP 
server certificate (pub key). The certificate will only be included in 
the image if it is rebuilt. As long as this isn't done, a MITM attack is 
possible. See the discussion in #931413.

Wolfgang

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Processed: Bug#932828 marked as pending in debian-edu-config
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Re: Bug#931413: [debian-edu-commits] [Git][debian-edu/debian-edu-config][master] debian/debian-edu-config.fetch-ldap-cert: Retrieve TJENER's PKI server...
Next by Date: Processed: Bug#932828 marked as pending in debian-edu-config
Previous by thread: Re: Reorganisation of www.debian.org: Please provide information about your Blend
Next by thread: Processed: Bug#932828 marked as pending in debian-edu-config
Index(es):
- Date
- Thread