File Manager Service in OpenBMC
Sunitha Harish
sunithaharish04 at gmail.com
Wed Feb 14 16:40:09 AEDT 2024
On 13/02/24 8:05 pm, Patrick Williams wrote:
> On Thu, Feb 08, 2024 at 12:52:11PM +0530, Sunitha Harish wrote:
>> This usecase is being re-designed, to stop
>> bmcweb from modifying and accessing BMC file system directly.
> Why? What motivated this?
This is being worked due to Ed's concern over the bmcweb design of IBM Management console APIs.
We will be removing the current bmcweb implementation and moving towards a dbus app based file
operations to make the design in-line with any other BMC features.
>> To achieve this, a dbus & backend application is needed. This should
>> provide APIs to Create, Update, Get and Delete a file. This application
>> should also take care of security aspects of the File upload usecases,
>> before letting the BMC file system updated. Please share your views on
>> adding this application.
> What are the "security aspects"? This is a very broad statement and
> feels a bit hand-wavy.
Security aspects include the storage path, size and the directory & file sizes, contents, permissions etc.
> I'm not really sure what views you expected anyone to give. There are
> basically 2 sentences of details here. My gut reaction is "this sounds
> like a CVE waiting to happen", but, if you want to write a design
> document proposal go ahead.
>
Agree, this app would allow the file uploads to the BMC. Thus a threat model and validations of the incoming data should be in place.
There is no DMTF schema available to do the file operations.
I have initiated a thread at DMTF athttps://redfishforum.com/thread/1014/file-collection-resource
Current plan is to retain IBM OEM REST path /ibm/v1; which will invoke the APIs provided by this file manager.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20240214/5d90d4de/attachment.htm>
More information about the openbmc
mailing list