2012/2/9 Thomas Lange
> > On Thu, 9 Feb 2012 12:59:03 -0200, Ivan Reche
> said:
>
>
>> Oh, I just forgot to mention another doubt:
>> - when I ssh into a system that has just been installed and waiting
> for reboot, I can see a lot of
>> FAI's variables, but $SERVER doesn't show
> On Thu, 9 Feb 2012 12:59:03 -0200, Ivan Reche said:
> Oh, I just forgot to mention another doubt:
> - when I ssh into a system that has just been installed and waiting for
reboot, I can see a lot of
> FAI's variables, but $SERVER doesn't show anything and there isn't any
var
2012/2/9 Ivan Reche
> 2012/2/9 Thomas Neumann
>
>> >> +It is possible to remotely execute 'fai-chboot ...' on the fai
>> >> server to switch the installed client to localboot after the
>> >> installation has completed. Warning: This may open up the fai
>> >> installation environment to exploits
2012/2/9 Thomas Neumann
> >> +It is possible to remotely execute 'fai-chboot ...' on the fai
> >> server to switch the installed client to localboot after the
> >> installation has completed. Warning: This may open up the fai
> >> installation environment to exploits if the remote login account
>
> On Thu, 9 Feb 2012 15:11:29 +0100, "Thomas Neumann"
> said:
First, I didn't hat the impression that anyone wants to attack me.
> That's totally fine. But why isn't that part of the documentation? Why not
> state that there are architectural issues related to pxe, tftp and
>> +It is possible to remotely execute 'fai-chboot ...' on the fai
>> server to switch the installed client to localboot after the
>> installation has completed. Warning: This may open up the fai
>> installation environment to exploits if the remote login account
>> is not properly secured.
> Sorr
Hi
Am 2012-02-09 16:11, schrieb Thomas Neumann:
-To skip booting from network card, you can use the command
fai-chboot(8)
to enable localboot.
+It is possible to remotely execute 'fai-chboot ...' on the fai
server to
switch the installed client to localboot after the installation has
comple
> Any kind of automated installation is unsecure. [...]
[...]
> Since PXE (and tftp) is insecure, FAI does not have special options for
> making completely insecure things more secure.
That's totally fine. But why isn't that part of the documentation? Why not
state that there are architectural iss
Hi Thomas,
> I apologize with all sincerence if you had the impression I'm trying to
> attack you. I didn't intend to at all.
>
Apologies if I overreacted, too.
I find it very useful to talk about vulnerabilities, sorry that
particular phrasing of 'Does nobody see the fault in...' made me
read '
I apologize with all sincerence if you had the impression I'm trying to
attack you. I didn't intend to at all.
> I don't see big flashing 'thou are forbidden to harden your install as
> you see fit' in the manpage either.
No. There isn't. I wrote this reply, because on the outside it _seems_
ssh+
> On Thu, 9 Feb 2012 10:41:26 +0100, "Thomas Neumann"
> said:
> Does nobody see the fault in having
> - a NFS-share mountable by any client [on a specific network]
> - a SSH-Key without a passphrase stored in that NFS-share
> - a login account allowing (at least) the
Hi Thomas,
On Thu, Feb 9, 2012 at 10:41, Thomas Neumann wrote:
> Please note: I haven't used fai-chboot to automatically disable
> fai-installation yet because the manpage scares me too much. What is
> described in this mail is an attack scenario that seems to be possible
> judging from the manpa
Please note: I haven't used fai-chboot to automatically disable
fai-installation yet because the manpage scares me too much. What is
described in this mail is an attack scenario that seems to be possible
judging from the manpage.
> have a look there:
> https://lists.uni-koeln.de/pipermail/linux-fa
13 matches
Mail list logo
