Security Working Group Meeting - Wed 14 October
Parth Shukla
timevortex at google.com
Wed Oct 14 06:06:08 AEDT 2020
This is a reminder of the OpenBMC Security Working Group meeting scheduled
for this Wednesday October 14 at 10:00am PDT.
We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
and anything else that comes up:
1. (Joseph): Follow up from 2020-8-19: Gerrit code review: BMCWeb webUI
login change: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35457
Question: What are the security risks of using the proposed config flag
BMCWEB_INSECURE_ENABLE_UNAUTHENTICATED_ASSETS=YES?
1. Fingerprinting (leak information about the BMC’s manufacturer and
version).
2. Attackers have an easier time getting the code to find and exploit
security bugs.
3. May make DoS easier.
4. More?
2. (Joseph): Per
https://lists.ozlabs.org/pipermail/openbmc/2020-October/023530.html do
we agree on the approach? What security categories seem most important?
Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
Regards,
Parth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20201013/36149fb6/attachment.htm>
More information about the openbmc
mailing list