* Security Working Group - Wednesday April 28 @ 2021-04-27 21:48 Joseph Reynolds 2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2021-04-27 21:48 UTC (permalink / raw) To: openbmc This is a reminder of the OpenBMC Security Working Group meeting scheduled for this Wednesday April 28 at 10:00am PDT. We'll discuss the following items on the agenda <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, and anything else that comes up: 1. passwordless sudo access to members of the wheel group Access, agenda and notes are in the wiki: https://github.com/openbmc/openbmc/wiki/Security-working-group <https://github.com/openbmc/openbmc/wiki/Security-working-group> - Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-27 21:48 Security Working Group - Wednesday April 28 Joseph Reynolds @ 2021-04-28 21:31 ` Joseph Reynolds 2021-04-28 22:20 ` Andrew Jeffery 0 siblings, 1 reply; 8+ messages in thread From: Joseph Reynolds @ 2021-04-28 21:31 UTC (permalink / raw) To: openbmc On 4/27/21 4:48 PM, Joseph Reynolds wrote: > This is a reminder of the OpenBMC Security Working Group meeting > scheduled for this Wednesday April 28 at 10:00am PDT. > > We'll discuss the following items on the agenda > <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, > and anything else that comes up: > > 1. passwordless sudo access to members of the wheel group This customization does not match the common OpenBMC use cases. Abandoning this commit. Bonus topics: 2. Intel Hack-a-Thon 2021 results are coming soon. 3. As a step toward threat modeling, we discussed how to model external devices the BMC interfaces with. The next step is to extend the existing "BMC interfaces" doc to model the a simple host processor module as part of the BMC's host interface. Joseph > > Access, agenda and notes are in the wiki: > https://github.com/openbmc/openbmc/wiki/Security-working-group > <https://github.com/openbmc/openbmc/wiki/Security-working-group> > > - Joseph ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds @ 2021-04-28 22:20 ` Andrew Jeffery 2021-04-28 22:25 ` Bruce Mitchell 0 siblings, 1 reply; 8+ messages in thread From: Andrew Jeffery @ 2021-04-28 22:20 UTC (permalink / raw) To: Joseph Reynolds, openbmc On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: > On 4/27/21 4:48 PM, Joseph Reynolds wrote: > > This is a reminder of the OpenBMC Security Working Group meeting > > scheduled for this Wednesday April 28 at 10:00am PDT. > > > > We'll discuss the following items on the agenda > > <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, > > and anything else that comes up: > > > > 1. passwordless sudo access to members of the wheel group > This customization does not match the common OpenBMC use cases. > Abandoning this commit. > > Bonus topics: > > 2. Intel Hack-a-Thon 2021 results are coming soon. What does this mean? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 22:20 ` Andrew Jeffery @ 2021-04-28 22:25 ` Bruce Mitchell 2021-04-28 22:28 ` Andrew Jeffery 0 siblings, 1 reply; 8+ messages in thread From: Bruce Mitchell @ 2021-04-28 22:25 UTC (permalink / raw) To: Andrew Jeffery, Joseph Reynolds, openbmc On 4/28/2021 15:20, Andrew Jeffery wrote: > > > On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: >> On 4/27/21 4:48 PM, Joseph Reynolds wrote: >>> This is a reminder of the OpenBMC Security Working Group meeting >>> scheduled for this Wednesday April 28 at 10:00am PDT. >>> >>> We'll discuss the following items on the agenda >>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, >>> and anything else that comes up: >>> >>> 1. passwordless sudo access to members of the wheel group >> This customization does not match the common OpenBMC use cases. >> Abandoning this commit. >> >> Bonus topics: >> >> 2. Intel Hack-a-Thon 2021 results are coming soon. > > What does this mean? > I believe Intel is trying publishing the results of their "Intel (security) Hack-a-Thon 2021" by the end of next week. ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 22:25 ` Bruce Mitchell @ 2021-04-28 22:28 ` Andrew Jeffery 2021-04-28 22:34 ` Bruce Mitchell 0 siblings, 1 reply; 8+ messages in thread From: Andrew Jeffery @ 2021-04-28 22:28 UTC (permalink / raw) To: Bruce Mitchell, Joseph Reynolds, openbmc On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote: > On 4/28/2021 15:20, Andrew Jeffery wrote: > > > > > > On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: > >> On 4/27/21 4:48 PM, Joseph Reynolds wrote: > >>> This is a reminder of the OpenBMC Security Working Group meeting > >>> scheduled for this Wednesday April 28 at 10:00am PDT. > >>> > >>> We'll discuss the following items on the agenda > >>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, > >>> and anything else that comes up: > >>> > >>> 1. passwordless sudo access to members of the wheel group > >> This customization does not match the common OpenBMC use cases. > >> Abandoning this commit. > >> > >> Bonus topics: > >> > >> 2. Intel Hack-a-Thon 2021 results are coming soon. > > > > What does this mean? > > > > I believe Intel is trying publishing the results of > their "Intel (security) Hack-a-Thon 2021" by the end > of next week. > Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs? What can we expect? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 22:28 ` Andrew Jeffery @ 2021-04-28 22:34 ` Bruce Mitchell 2021-04-28 22:43 ` Andrew Jeffery 0 siblings, 1 reply; 8+ messages in thread From: Bruce Mitchell @ 2021-04-28 22:34 UTC (permalink / raw) To: Andrew Jeffery, Joseph Reynolds, openbmc, Mihm, James On 4/28/2021 15:28, Andrew Jeffery wrote: > > > On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote: >> On 4/28/2021 15:20, Andrew Jeffery wrote: >>> >>> >>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: >>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote: >>>>> This is a reminder of the OpenBMC Security Working Group meeting >>>>> scheduled for this Wednesday April 28 at 10:00am PDT. >>>>> >>>>> We'll discuss the following items on the agenda >>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, >>>>> and anything else that comes up: >>>>> >>>>> 1. passwordless sudo access to members of the wheel group >>>> This customization does not match the common OpenBMC use cases. >>>> Abandoning this commit. >>>> >>>> Bonus topics: >>>> >>>> 2. Intel Hack-a-Thon 2021 results are coming soon. >>> >>> What does this mean? >>> >> >> I believe Intel is trying publishing the results of >> their "Intel (security) Hack-a-Thon 2021" by the end >> of next week. >> > > Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs? > > What can we expect? > OpenBMC Security Working Group Meeting Notes and Agenda are here: https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u Anything beyond that Intel would have to state what they are doing; James? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 22:34 ` Bruce Mitchell @ 2021-04-28 22:43 ` Andrew Jeffery 2021-04-29 3:54 ` Joseph Reynolds 0 siblings, 1 reply; 8+ messages in thread From: Andrew Jeffery @ 2021-04-28 22:43 UTC (permalink / raw) To: openbmc On Thu, 29 Apr 2021, at 08:04, Bruce Mitchell wrote: > On 4/28/2021 15:28, Andrew Jeffery wrote: > > > > > > On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote: > >> On 4/28/2021 15:20, Andrew Jeffery wrote: > >>> > >>> > >>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: > >>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote: > >>>>> This is a reminder of the OpenBMC Security Working Group meeting > >>>>> scheduled for this Wednesday April 28 at 10:00am PDT. > >>>>> > >>>>> We'll discuss the following items on the agenda > >>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, > >>>>> and anything else that comes up: > >>>>> > >>>>> 1. passwordless sudo access to members of the wheel group > >>>> This customization does not match the common OpenBMC use cases. > >>>> Abandoning this commit. > >>>> > >>>> Bonus topics: > >>>> > >>>> 2. Intel Hack-a-Thon 2021 results are coming soon. > >>> > >>> What does this mean? > >>> > >> > >> I believe Intel is trying publishing the results of > >> their "Intel (security) Hack-a-Thon 2021" by the end > >> of next week. > >> > > > > Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs? > > > > What can we expect? > > > > OpenBMC Security Working Group Meeting Notes and Agenda are here: > https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u Okay, so: > 2 Intel HaT2021 results are being reviewed > internally and are planned to be sent to the > OpenBMC security response team. So nothing is being made public yet it seems? ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results 2021-04-28 22:43 ` Andrew Jeffery @ 2021-04-29 3:54 ` Joseph Reynolds 0 siblings, 0 replies; 8+ messages in thread From: Joseph Reynolds @ 2021-04-29 3:54 UTC (permalink / raw) To: openbmc On 4/28/21 5:43 PM, Andrew Jeffery wrote: > > On Thu, 29 Apr 2021, at 08:04, Bruce Mitchell wrote: >> On 4/28/2021 15:28, Andrew Jeffery wrote: >>> >>> On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote: >>>> On 4/28/2021 15:20, Andrew Jeffery wrote: >>>>> >>>>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote: >>>>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote: >>>>>>> This is a reminder of the OpenBMC Security Working Group meeting >>>>>>> scheduled for this Wednesday April 28 at 10:00am PDT. >>>>>>> >>>>>>> We'll discuss the following items on the agenda >>>>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, >>>>>>> and anything else that comes up: >>>>>>> >>>>>>> 1. passwordless sudo access to members of the wheel group >>>>>> This customization does not match the common OpenBMC use cases. >>>>>> Abandoning this commit. >>>>>> >>>>>> Bonus topics: >>>>>> >>>>>> 2. Intel Hack-a-Thon 2021 results are coming soon. >>>>> What does this mean? >>>>> >>>> I believe Intel is trying publishing the results of >>>> their "Intel (security) Hack-a-Thon 2021" by the end >>>> of next week. >>>> >>> Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs? >>> >>> What can we expect? >>> >> OpenBMC Security Working Group Meeting Notes and Agenda are here: >> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u > Okay, so: > >> 2 Intel HaT2021 results are being reviewed >> internally and are planned to be sent to the >> OpenBMC security response team. > So nothing is being made public yet it seems? Correct. The OpenBMC security response team should expect to have a number of security vulnerability reports to triage. Some of the results from Intel's HaT last year have been turned into fixes, so I'm happy to see work being done here. I'll try to make the announcement more clear next time. - Joseph https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-29 3:55 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-04-27 21:48 Security Working Group - Wednesday April 28 Joseph Reynolds 2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds 2021-04-28 22:20 ` Andrew Jeffery 2021-04-28 22:25 ` Bruce Mitchell 2021-04-28 22:28 ` Andrew Jeffery 2021-04-28 22:34 ` Bruce Mitchell 2021-04-28 22:43 ` Andrew Jeffery 2021-04-29 3:54 ` Joseph Reynolds
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.