Can NFS Installs Be Attacked?
Michael A. Peters
mpeters at mac.com
Sat Jan 29 22:32:14 UTC 2005
On 01/29/2005 02:06:06 PM, Robert L Cochran wrote:
> Suppose I install Fedora Core 3 on a machine using NFS, http, or ftp.
> Is it possible for some outside agent to attack the installation
> process, or subvert it, with or without my knowing about it? Does the
> anaconda installer block incoming network connections while it is
> performing an installation?
No services are running on your machine during an NFS install, so I
suspect the only type of attack that would be easy would be "man in the
middle" attacks where your DNS is poisoned, or a router has been
compromised, making someone elses server look like the NFS server you
are installing from.
It would be nice if Anaconda supported (as an option) GPG package
verification on install - load the GPG key from the boot.iso. Such an
option would have to be an option though because of custom install
scenarios where packages are added to anaconda that are not from Fedora
(IE you need a different kernel or something).
More information about the users
mailing list