[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.

From: Maksym Planeta
Subject: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.
Date: Wed, 02 Mar 2016 20:45:37 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0


I found a possible security vulnerability in libfreeipmi, which may affect software which runs under super user and uses this library.

I have to admit that I did not test this patch, because I even failed to compile the library correctly. But the code is straightforward. I took it almost literally from the POSIX standard.

An application, where this shortcoming pops up is SLURM. When, for example, it is run with an energy plugin, which opens /dev/ipmi0, every user process, which is started inside job allocation, has file /dev/ipmi0 open. Although typical rights for this file are rw-------

There is also a discussion on what /dev/ipmi0 access rights should be:

Maksym Planeta

Attachment: 0001-Set-FD_CLOEXEC-for-ipmi-driver-device-file.patch
Description: Text Data

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]