securing installation
Henning Glawe
glaweh at physik.fu-berlin.de
Wed Sep 12 11:38:07 CEST 2007
On Wed, Sep 12, 2007 at 11:36:06AM +0200, Henning Glawe wrote:
> On Wed, Sep 12, 2007 at 11:10:56AM +0200, Michael Tautschnig wrote:
> > [...]
> > > The only question is where should I add the code that views the cgi script?
> > > Should I add in the rcS file? And where? I guess some things have to be
> > > configure first before I start the download.
> > >
> > I think a hook for the task confdir should do; just note that you can't put that
> > into the config space :-), but it must go in the NFSROOT instead.
>
> well, the nfsroot is usually exported to a bunch of machines, with
> no_root_squash enabled... i.e. unless you have a separate "install-net"
> any attacker kidnapping an IP address of a legitimate machine has full access
> to the nfsroot ;)
>
> I took a different approach, based on the assumption that the ssh private key
ok, forget about the last part, it does not have anything to do with the
original question ;)
--
c u
henning
More information about the linux-fai
mailing list