[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file.
|
From: |
Albert Chu |
|
Subject: |
Re: [Freeipmi-devel] Set FD_CLOEXEC for ipmi driver device file. |
|
Date: |
Wed, 02 Mar 2016 12:13:05 -0800 |
There is a discussion with Maksym on github about this.
https://github.com/chu11/freeipmi/pull/1
In principle, I believe the patch is fine. However, b/c it would change
behavior, I would like to see if anyone knows of a use case where this
would cause problems.
Al
On Wed, 2016-03-02 at 20:45 +0100, Maksym Planeta wrote:
> Hello,
>
> I found a possible security vulnerability in libfreeipmi, which may
> affect software which runs under super user and uses this library.
>
> I have to admit that I did not test this patch, because I even failed to
> compile the library correctly. But the code is straightforward. I took
> it almost literally from the POSIX standard.
>
> An application, where this shortcoming pops up is SLURM. When, for
> example, it is run with an energy plugin, which opens /dev/ipmi0, every
> user process, which is started inside job allocation, has file
> /dev/ipmi0 open. Although typical rights for this file are rw-------
>
> There is also a discussion on what /dev/ipmi0 access rights should be:
>
> https://lists.us.dell.com/pipermail/linux-poweredge/2009-August/039914.html
>
> _______________________________________________
> Freeipmi-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/freeipmi-devel
--
Albert Chu
address@hidden
Computer Scientist
High Performance Systems Division
Lawrence Livermore National Laboratory