freeipmi-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.


From: Albert Chu
Subject: Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.
Date: Wed, 02 Mar 2016 12:13:05 -0800

There is a discussion with Maksym on github about this.

https://github.com/chu11/freeipmi/pull/1

In principle, I believe the patch is fine.  However, b/c it would change
behavior, I would like to see if anyone knows of a use case where this
would cause problems.

Al

On Wed, 2016-03-02 at 20:45 +0100, Maksym Planeta wrote:
> Hello,
> 
> I found a possible security vulnerability in libfreeipmi, which may 
> affect software which runs under super user and uses this library.
> 
> I have to admit that I did not test this patch, because I even failed to 
> compile the library correctly. But the code is straightforward. I took 
> it almost literally from the POSIX standard.
> 
> An application, where this shortcoming pops up is SLURM. When, for 
> example, it is run with an energy plugin, which opens /dev/ipmi0, every 
> user process, which is started inside job allocation, has file 
> /dev/ipmi0 open. Although typical rights for this file are rw-------
> 
> There is also a discussion on what /dev/ipmi0 access rights should be:
> 
> https://lists.us.dell.com/pipermail/linux-poweredge/2009-August/039914.html
> 
> _______________________________________________
> Freeipmi-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/freeipmi-devel

-- 
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory





reply via email to

[Prev in Thread] Current Thread [Next in Thread]