Functionality vs Security
Brad Bishop
bradleyb at fuzziesquirrel.com
Thu Feb 13 11:05:39 AEDT 2020
> On Feb 12, 2020, at 4:16 PM, James Feist <james.feist at linux.intel.com> wrote:
>
> In IRC yesterday I proposed the question of whether to change the default of bmcweb to disable REST D-Bus, or to change it in our meta-layers only. I created the patch here: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/29344 and I am looking for feedback. While REST D-Bus does expose many useful APIs, and phosphor-webui depends heavily on it, it does leak information to any logged in user. This comes to the question, should we prefer functionality by default or security by default? It is a compile switch either way, so each user can still decide which they prefer. I have the opinion that the default should be the safest configuration, and if someone wants to change that, then they can accept the risk and change the build flag.
>
> Thoughts?
>
> Thanks,
>
> James
One idea I have is adding a new distro configuration. Today we have openbmc-phosphor - we could add a DISTRO=openbmc-secure-at-all-costs to meta-phosphor, and the legacy API could be disabled by default there, and remain enabled by default in openbmc-phosphor.
This is still a workaround - what really needs to happen is (most of) the webui and test automation suites need to be ported to Redfish, and when that happens, the need for this new distro policy set goes away - at least in terms of legacy REST API enablement.
Would this be a satisfactory compromise?
-brad
More information about the openbmc
mailing list