-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'd prefer a list of valid users, with root always allowed. I don't
know how easy this is with a sysctl, but it shouldn't be too bad, I
would think.
- -Corey
Louis Zhuang wrote:
|Hmmm, security is a big problem. I can not find an elegant way to do ACL
|because these is no "inode" in sockfs... But how about making only root
|be able to open IPMI socket like PACKET socket? Or else we can implement
|a sysctl to indicate the legal user of the IPMI socket.
|
|Any comments?
|
| - Louis
|On Thu, 2003-03-13 at 01:07, Corey Minyard wrote:
|
|>I agree, and I've thought hard about this in the past. The code looks
|>clean, and the design is straightforward. However, I have not figured
|>out how to handle security. In your implementation, anyone can open an
|>IPMI socket, which is a bad thing. I like that fact that administrators
|>can set the permissions on the device any way they like (so it can
|>belong to root, a maintenance user, ACLs can be used, etc.)
|>
|>Any thoughts on that? Once that problem is solved, I would like to
|>include this.
|>
|>- -Corey
|>
|>Louis Zhuang wrote:
|>
|>|Dear Corey,
|>| I'd like to propose a socket interface for IPMI. IMHO, IPMI is like a
|>|mini-network so it is natural to manipulate IPMI by socket. Following
|>|code demostrate the interface's usage.
|>|P.S. the patch is a quick and dirty implementation with full of holes,
|>|I'll refine it if you like to adopt it, so do not blame me at this time
|>|;-).
|>|
|
|
|
|
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE+dgWXmUvlb4BhfF4RApBsAJ9AS4aAskvQLDNtYhW5PzjGUtZ/jgCfSDvF
d5Op76MZgz5Kgg8kHHiJWCU=
=MSck
-----END PGP SIGNATURE-----
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Mar 23 2003 - 22:00:20 EST