some ideas

Henning Glawe glaweh at physik.fu-berlin.de
Tue May 28 20:12:43 CEST 2002


On Wed, May 22, 2002 at 10:34:57AM +0200, Ronan KERYELL wrote:
> I wonder wether CVS is subtle enough about access rights when you get a
> local copy of a file, because if the directory is not locked enough some
> users may spy some passwd files (/etc/shadow, /etc/ppp/chap-secrets,...).
exactly this is one weak point in fai...
but not only with cvs: if you give a whole subnet the permission to
mount the config space and/or the nfsroot, you've got the same
problems...
> It looks like RCS used locally keeps the previous access rights of a file
> (such as 0600,...).
cvs does not... it remembers some permissions from first checkin
(owners rw), but seems to grant a+r und duplicate the execute bit...

> By the way, how to converge toward a more secured FAI installation, without
> /etc/shadow sniffing or FAI_ROOTPW sniffing in fai.conf, etc ?
exactly this is my actual sub-project: securing the installation
we base our installation on individual bootfloppies, each with hard-coded 
ip-address and hostname (functionality now provided by
make-fai-bootfloppy)

now we are adding a passphraseless gnupg key to the floppy, putting the
public one to the server. 
when being installed, the client first asks the server if the key is 
valid.
each machine generates its own ssh-hostkey, now the public one is signed
with the gpg key on the floppy and given to the server, after
verification the server deletes the public key.

a special account exists on the server, where the host key is added as
ssh-authorized, automtically activating on login a program which should
return this machines root passwort.

what do you think of this concept ?

-- 
c u
henning



More information about the linux-fai mailing list