Re: [RFC][PATCH] socket interface for IPMI

Louis Zhuang (louis.zhuang@linux.co.intel.com)
13 Mar 2003 11:29:47 +0800


Hmmm, security is a big problem. I can not find an elegant way to do ACL
because these is no "inode" in sockfs... But how about making only root
be able to open IPMI socket like PACKET socket? Or else we can implement
a sysctl to indicate the legal user of the IPMI socket.

Any comments?

- Louis
On Thu, 2003-03-13 at 01:07, Corey Minyard wrote:
> I agree, and I've thought hard about this in the past. The code looks
> clean, and the design is straightforward. However, I have not figured
> out how to handle security. In your implementation, anyone can open an
> IPMI socket, which is a bad thing. I like that fact that administrators
> can set the permissions on the device any way they like (so it can
> belong to root, a maintenance user, ACLs can be used, etc.)
>
> Any thoughts on that? Once that problem is solved, I would like to
> include this.
>
> - -Corey
>
> Louis Zhuang wrote:
>
> |Dear Corey,
> | I'd like to propose a socket interface for IPMI. IMHO, IPMI is like a
> |mini-network so it is natural to manipulate IPMI by socket. Following
> |code demostrate the interface's usage.
> |P.S. the patch is a quick and dirty implementation with full of holes,
> |I'll refine it if you like to adopt it, so do not blame me at this time
> |;-).
> |

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/