File Manager Service in OpenBMC
Patrick Williams
patrick at stwcx.xyz
Wed Feb 14 01:35:53 AEDT 2024
On Thu, Feb 08, 2024 at 12:52:11PM +0530, Sunitha Harish wrote:
> This usecase is being re-designed, to stop
> bmcweb from modifying and accessing BMC file system directly.
Why? What motivated this?
> To achieve this, a dbus & backend application is needed. This should
> provide APIs to Create, Update, Get and Delete a file. This application
> should also take care of security aspects of the File upload usecases,
> before letting the BMC file system updated. Please share your views on
> adding this application.
What are the "security aspects"? This is a very broad statement and
feels a bit hand-wavy.
I'm not really sure what views you expected anyone to give. There are
basically 2 sentences of details here. My gut reaction is "this sounds
like a CVE waiting to happen", but, if you want to write a design
document proposal go ahead.
--
Patrick Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20240213/ebcba752/attachment-0001.sig>
More information about the openbmc
mailing list