fai-chboot

[Thomas Lange]

>>>>> On Tue, 9 Mar 2010 19:07:38 +0100 (CET), "Thomas Neumann" <blacky+fai at fluffbunny.de> said:

    > Is it just my imagination or is this routine an open invite for exploitation?
    > a) have/gain root-access on a client installed via fai
    > b) find out where the nfs-storage is
    > c) mount nfs-storage, gain access to private key
    > d) call fai-chboot for any host you (don't) like
    > e) wait for / force this host to reboot
Yes, you can do this.

But you can disable remote root access on all install clients, and
also disable the root console on A-F4 and A-F5.

    > I had a similar situation where I wanted to upload some file from a lot of
    > clients to a central host. After playing around a bit I found a nice way
    > to make sure a host can upload files only to a host-specific directory.
    > (And under no circumstances be able to overwrite other hosts' files.)
    > Maybe this helps making an attack / unfortunate mistake somewhat less
    > likely.
I think every install client can always pretend to be another install
client and change the PXE config of another host. This can only be
disabled, if the install server could authenticate an install client. But the
install client has no secret (for e.g. ssh key) that can be verified
by the install server. Since FAI is using PXE boot (an unencrypted
broadcast) all remaining parts of FAI can be forged or a
man-in-the-middle attack can be used.


    > A different approach could be to write a little webscript which does
    > nothing else then wait for a request.
faimond(1) has the option -b.

-- 
regards Thomas