Hmmm, security is a big problem. I can not find an elegant way to do ACL
because these is no "inode" in sockfs... But how about making only root
be able to open IPMI socket like PACKET socket? Or else we can implement
a sysctl to indicate the legal user of the IPMI socket.
Any comments?
- Louis
On Thu, 2003-03-13 at 01:07, Corey Minyard wrote:
> I agree, and I've thought hard about this in the past. The code looks
> clean, and the design is straightforward. However, I have not figured
> out how to handle security. In your implementation, anyone can open an
> IPMI socket, which is a bad thing. I like that fact that administrators
> can set the permissions on the device any way they like (so it can
> belong to root, a maintenance user, ACLs can be used, etc.)
>
> Any thoughts on that? Once that problem is solved, I would like to
> include this.
>
> - -Corey
>
> Louis Zhuang wrote:
>
> |Dear Corey,
> | I'd like to propose a socket interface for IPMI. IMHO, IPMI is like a
> |mini-network so it is natural to manipulate IPMI by socket. Following
> |code demostrate the interface's usage.
> |P.S. the patch is a quick and dirty implementation with full of holes,
> |I'll refine it if you like to adopt it, so do not blame me at this time
> |;-).
> |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd prefer a list of valid users, with root always allowed. I don't
know how easy this is with a sysctl, but it shouldn't be too bad, I
would think.
- -Corey
Louis Zhuang wrote:
|Hmmm, security is a big problem. I can not find an elegant way to do ACL
|because these is no "inode" in sockfs... But how about making only root
|be able to open IPMI socket like PACKET socket? Or else we can implement
|a sysctl to indicate the legal user of the IPMI socket.
|
|Any comments?
|
| - Louis
|On Thu, 2003-03-13 at 01:07, Corey Minyard wrote:
|
|>I agree, and I've thought hard about this in the past. The code looks
|>clean, and the design is straightforward. However, I have not figured
|>out how to handle security. In your implementation, anyone can open an
|>IPMI socket, which is a bad thing. I like that fact that administrators
|>can set the permissions on the device any way they like (so it can
|>belong to root, a maintenance user, ACLs can be used, etc.)
|>
|>Any thoughts on that? Once that problem is solved, I would like to
|>include this.
|>
|>- -Corey
|>
|>Louis Zhuang wrote:
|>
|>|Dear Corey,
|>| I'd like to propose a socket interface for IPMI. IMHO, IPMI is like a
|>|mini-network so it is natural to manipulate IPMI by socket. Following
|>|code demostrate the interface's usage.
|>|P.S. the patch is a quick and dirty implementation with full of holes,
|>|I'll refine it if you like to adopt it, so do not blame me at this time
|>|;-).
|>|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+dgWXmUvlb4BhfF4RApBsAJ9AS4aAskvQLDNtYhW5PzjGUtZ/jgCfSDvF
d5Op76MZgz5Kgg8kHHiJWCU=
=MSck
-----END PGP SIGNATURE-----