[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.

From: Albert Chu
Subject: Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.
Date: Wed, 02 Mar 2016 12:13:05 -0800

There is a discussion with Maksym on github about this.

In principle, I believe the patch is fine.  However, b/c it would change
behavior, I would like to see if anyone knows of a use case where this
would cause problems.


On Wed, 2016-03-02 at 20:45 +0100, Maksym Planeta wrote:
> Hello,
> I found a possible security vulnerability in libfreeipmi, which may 
> affect software which runs under super user and uses this library.
> I have to admit that I did not test this patch, because I even failed to 
> compile the library correctly. But the code is straightforward. I took 
> it almost literally from the POSIX standard.
> An application, where this shortcoming pops up is SLURM. When, for 
> example, it is run with an energy plugin, which opens /dev/ipmi0, every 
> user process, which is started inside job allocation, has file 
> /dev/ipmi0 open. Although typical rights for this file are rw-------
> There is also a discussion on what /dev/ipmi0 access rights should be:
> _______________________________________________
> Freeipmi-devel mailing list
> address@hidden

Albert Chu
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory

reply via email to

[Prev in Thread] Current Thread [Next in Thread]