lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date:	Wed, 04 Jul 2012 12:41:13 -0500
From:	Corey Minyard <tcminyard@...il.com>
To:	Andi Kleen <andi@...stfloor.org>
CC:	Srinivas_G_Gowda@...l.com, tcminyard@...il.com,
	mjg59@...f.ucam.org, linux-kernel@...r.kernel.org,
	openipmi-developer@...ts.sourceforge.net, jharg93@...il.com
Subject: Re: [PATCH 1/1 v2 ] ipmi: Setting OS name as Linux in BMC

On 07/04/2012 07:17 AM, Andi Kleen wrote:
>> Rather than just have a static entry such as 'Linux' I could probably write the version number and more(distro name etc.. )
>>
>> Thoughts.. ?
> I still think "Linux" means nothing even to the management software.
> What should it do with that?
>
> If you provide some way for a distro to fill in "foobar linux 1.2.3.4"
> maybe. But just Linux or even Linux x.y.z would be wrong because the same kernel
> version can behave very differently.
>
> But it would be  better to define specific feature flags for
> specific needs that actually mean something.

I think the conclusion I have come to is that this really belongs as a 
small program that runs at startup.  That's not significantly different 
than having it done in the driver.  I can help you write it, if you like.

I think Andi is right here.  "Linux" may mean something to your 
management software.  Some other management software may want "Linux 
x.y.z".  Another may want "SuSE Enterprise Linux x.y".  It's impossible 
to be general enough in the kernel.

>
>> I know there were some concerns with the security aspect, Can you please let me know what kind of security holes we could be looking at ?
> I don't think there are any security problems. just forward/backward
> compatibility problems, as the ACPI experience shows.

I had mentioned possible security issues with having some daemon that 
identified the system directly over IP.  I don't think there are any 
issues with IPMI, at least not any more than you already have with IPMI, 
and it's reasonably secure for what it does.

-corey
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ