Security Working Group - Wednesday April 28 - results

Joseph Reynolds jrey at linux.ibm.com
Thu Apr 29 13:54:42 AEST 2021


On 4/28/21 5:43 PM, Andrew Jeffery wrote:
>
> On Thu, 29 Apr 2021, at 08:04, Bruce Mitchell wrote:
>> On 4/28/2021 15:28, Andrew Jeffery wrote:
>>>
>>> On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote:
>>>> On 4/28/2021 15:20, Andrew Jeffery wrote:
>>>>>
>>>>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
>>>>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
>>>>>>> This is a reminder of the OpenBMC Security Working Group meeting
>>>>>>> scheduled for this Wednesday April 28 at 10:00am PDT.
>>>>>>>
>>>>>>> We'll discuss the following items on the agenda
>>>>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
>>>>>>> and anything else that comes up:
>>>>>>>
>>>>>>> 1. passwordless sudo access to members of the wheel group
>>>>>> This customization does not match the common OpenBMC use cases.
>>>>>> Abandoning this commit.
>>>>>>
>>>>>> Bonus topics:
>>>>>>
>>>>>> 2. Intel Hack-a-Thon 2021 results are coming soon.
>>>>> What does this mean?
>>>>>
>>>> I believe Intel is trying publishing the results of
>>>> their "Intel (security) Hack-a-Thon 2021" by the end
>>>> of next week.
>>>>
>>> Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs?
>>>
>>> What can we expect?
>>>
>> OpenBMC Security Working Group Meeting Notes and Agenda are here:
>> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u
> Okay, so:
>
>> 2 Intel HaT2021 results are being reviewed
>> internally and are planned to be sent to the
>> OpenBMC security response team.
> So nothing is being made public yet it seems?

Correct.  The OpenBMC security response team should expect to have a 
number of security vulnerability reports to triage.  Some of the results 
from Intel's HaT last year have been turned into fixes, so I'm happy to 
see work being done here.
I'll try to make the announcement more clear next time.

- Joseph

https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md



More information about the openbmc mailing list