Functionality vs Security
James Feist
james.feist at linux.intel.com
Thu Feb 13 09:06:52 AEDT 2020
On 2/12/20 2:01 PM, Brad Bishop wrote:
> Hi James
>
>> On Feb 12, 2020, at 4:16 PM, James Feist <james.feist at linux.intel.com> wrote:
>>
>> In IRC yesterday I proposed the question of whether to change the default of bmcweb to disable REST D-Bus, or to change it in our meta-layers only. I created the patch here: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/29344 and I am looking for feedback. While REST D-Bus does expose many useful APIs, and phosphor-webui depends heavily on it, it does leak information to any logged in user. This comes to the question, should we prefer functionality by default or security by default? It is a compile switch either way, so each user can still decide which they prefer.
>
> There is no user that prefers something that doesn’t work or is incomplete, no matter how secure it is. If you can find one, I’m happy to be proven wrong.
To my knowledge the only thing that breaks is the Web-UI, if you don't
find the Web-UI useful, then I don't think it matters much.
>
> In my mind, the only user that wants this is Intel, because Intel has a bunch of patches to the webui that would make the broken upstream work. The path forward here is simple (in concept) - upstream your webui patches, and the need for this to even be a discussion point goes away. Has Intel had issues getting the webui patches upstreamed?
We had someone working on the Web-UI, but they had problems getting
things merged due to differences in design opinions. Unfortunately that
person has moved on, so the up-streaming effort has been halted for now.
>
>> I have the opinion that the default should be the safest configuration
>
> I completely agree! This disconnect is what should we entertain calling a configuration. I say that configurations that break existing (working) usage patterns of the upstream project code are not on the table.
It doesn't break it, it's just a default that you can switch back with a
single build flag. This is only changing a default.
>
> thx - brad
>
More information about the openbmc
mailing list