Suppose I install Fedora Core 3 on a machine using NFS, http, or ftp. Is it possible for some outside agent to attack the installation process, or subvert it, with or without my knowing about it? Does the anaconda installer block incoming network connections while it is performing an installation?
No services are running on your machine during an NFS install, so I suspect the only type of attack that would be easy would be "man in the middle" attacks where your DNS is poisoned, or a router has been compromised, making someone elses server look like the NFS server you are installing from.
It would be nice if Anaconda supported (as an option) GPG package verification on install - load the GPG key from the boot.iso. Such an option would have to be an option though because of custom install scenarios where packages are added to anaconda that are not from Fedora (IE you need a different kernel or something).
