Security Working Group Meeting - Wed 16 September
Parth Shukla
timevortex at google.com
Wed Sep 16 05:08:39 AEST 2020
This is a reminder of the OpenBMC Security Working Group meeting scheduled
for this Wednesday September 16 at 10:00am PDT.
We'll discuss the following items on the agenda, and anything else that
comes up:
1. (Parth) Common Remote API for TLS certificate management?
1. Certificate management = installation, rotation, revocation
2. FYI: BMCWeb Code review: Admin-configurable session timeouts
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/36016
3. FYI: BMCWeb core review: moving to Meson build system (from cmake): A
security concern is ensuring project defaults are preserved so that
builders get the same options when they use the new build system.
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/32816
4. BMCWeb code review: WIP toward HTTP-HTTPS redirect:
https://gerrit.openbmc-project.xyz/c/openbmc/meta-phosphor/+/36245
5. (Joseph): Interest in implementing Redfish ManagerNetworkProtocol
properties: HTTPS, IPMI, SSH, VirtualMedia, KVMIP, HTTP (redirect),
Oem.OpenBMC.TFTP, and Oem.OpenBMC.mDNS? This allows the BMC admin to
enable and disable these services. Previous discussion on 2019-11-13.
6. (Joseph): Interest in implementing Redfish
ManagerAccount.AccountTypes. This allows the BMC admin to control which
users are allowed to access specific BMC interfaces (like SSH or IPMI).
See https://redfishforum.com/thread/219/account-groups-property
7. (email): Protect BMCWeb against password guessing attacks. See
https://lists.ozlabs.org/pipermail/openbmc/2020-September/023054.html
8. Gerrit code review for “EventService: https client support”
https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/31735/
9. (Anton) PoC work for daemons’ privilege separation
<https://github.com/openbmc/openbmc/issues/3383>
Use systemd features for privilege drop & sandboxing.
Access, agenda, and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
Regards,
Parth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ozlabs.org/pipermail/openbmc/attachments/20200915/72abcd48/attachment-0001.htm>
More information about the openbmc
mailing list