* Security Working Group - Wednesday April 28
@ 2021-04-27 21:48 Joseph Reynolds
2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds
0 siblings, 1 reply; 8+ messages in thread
From: Joseph Reynolds @ 2021-04-27 21:48 UTC (permalink / raw)
To: openbmc
This is a reminder of the OpenBMC Security Working Group meeting
scheduled for this Wednesday April 28 at 10:00am PDT.
We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
and anything else that comes up:
1. passwordless sudo access to members of the wheel group
Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group
<https://github.com/openbmc/openbmc/wiki/Security-working-group>
- Joseph
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-27 21:48 Security Working Group - Wednesday April 28 Joseph Reynolds
@ 2021-04-28 21:31 ` Joseph Reynolds
2021-04-28 22:20 ` Andrew Jeffery
0 siblings, 1 reply; 8+ messages in thread
From: Joseph Reynolds @ 2021-04-28 21:31 UTC (permalink / raw)
To: openbmc
On 4/27/21 4:48 PM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting
> scheduled for this Wednesday April 28 at 10:00am PDT.
>
> We'll discuss the following items on the agenda
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> and anything else that comes up:
>
> 1. passwordless sudo access to members of the wheel group
This customization does not match the common OpenBMC use cases.
Abandoning this commit.
Bonus topics:
2. Intel Hack-a-Thon 2021 results are coming soon.
3. As a step toward threat modeling, we discussed how to model external
devices the BMC interfaces with. The next step is to extend the
existing "BMC interfaces" doc to model the a simple host processor
module as part of the BMC's host interface.
Joseph
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
> - Joseph
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds
@ 2021-04-28 22:20 ` Andrew Jeffery
2021-04-28 22:25 ` Bruce Mitchell
0 siblings, 1 reply; 8+ messages in thread
From: Andrew Jeffery @ 2021-04-28 22:20 UTC (permalink / raw)
To: Joseph Reynolds, openbmc
On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
> > This is a reminder of the OpenBMC Security Working Group meeting
> > scheduled for this Wednesday April 28 at 10:00am PDT.
> >
> > We'll discuss the following items on the agenda
> > <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> > and anything else that comes up:
> >
> > 1. passwordless sudo access to members of the wheel group
> This customization does not match the common OpenBMC use cases.
> Abandoning this commit.
>
> Bonus topics:
>
> 2. Intel Hack-a-Thon 2021 results are coming soon.
What does this mean?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 22:20 ` Andrew Jeffery
@ 2021-04-28 22:25 ` Bruce Mitchell
2021-04-28 22:28 ` Andrew Jeffery
0 siblings, 1 reply; 8+ messages in thread
From: Bruce Mitchell @ 2021-04-28 22:25 UTC (permalink / raw)
To: Andrew Jeffery, Joseph Reynolds, openbmc
On 4/28/2021 15:20, Andrew Jeffery wrote:
>
>
> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
>> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
>>> This is a reminder of the OpenBMC Security Working Group meeting
>>> scheduled for this Wednesday April 28 at 10:00am PDT.
>>>
>>> We'll discuss the following items on the agenda
>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
>>> and anything else that comes up:
>>>
>>> 1. passwordless sudo access to members of the wheel group
>> This customization does not match the common OpenBMC use cases.
>> Abandoning this commit.
>>
>> Bonus topics:
>>
>> 2. Intel Hack-a-Thon 2021 results are coming soon.
>
> What does this mean?
>
I believe Intel is trying publishing the results of
their "Intel (security) Hack-a-Thon 2021" by the end
of next week.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 22:25 ` Bruce Mitchell
@ 2021-04-28 22:28 ` Andrew Jeffery
2021-04-28 22:34 ` Bruce Mitchell
0 siblings, 1 reply; 8+ messages in thread
From: Andrew Jeffery @ 2021-04-28 22:28 UTC (permalink / raw)
To: Bruce Mitchell, Joseph Reynolds, openbmc
On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote:
> On 4/28/2021 15:20, Andrew Jeffery wrote:
> >
> >
> > On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
> >> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
> >>> This is a reminder of the OpenBMC Security Working Group meeting
> >>> scheduled for this Wednesday April 28 at 10:00am PDT.
> >>>
> >>> We'll discuss the following items on the agenda
> >>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> >>> and anything else that comes up:
> >>>
> >>> 1. passwordless sudo access to members of the wheel group
> >> This customization does not match the common OpenBMC use cases.
> >> Abandoning this commit.
> >>
> >> Bonus topics:
> >>
> >> 2. Intel Hack-a-Thon 2021 results are coming soon.
> >
> > What does this mean?
> >
>
> I believe Intel is trying publishing the results of
> their "Intel (security) Hack-a-Thon 2021" by the end
> of next week.
>
Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs?
What can we expect?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 22:28 ` Andrew Jeffery
@ 2021-04-28 22:34 ` Bruce Mitchell
2021-04-28 22:43 ` Andrew Jeffery
0 siblings, 1 reply; 8+ messages in thread
From: Bruce Mitchell @ 2021-04-28 22:34 UTC (permalink / raw)
To: Andrew Jeffery, Joseph Reynolds, openbmc, Mihm, James
On 4/28/2021 15:28, Andrew Jeffery wrote:
>
>
> On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote:
>> On 4/28/2021 15:20, Andrew Jeffery wrote:
>>>
>>>
>>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
>>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
>>>>> This is a reminder of the OpenBMC Security Working Group meeting
>>>>> scheduled for this Wednesday April 28 at 10:00am PDT.
>>>>>
>>>>> We'll discuss the following items on the agenda
>>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
>>>>> and anything else that comes up:
>>>>>
>>>>> 1. passwordless sudo access to members of the wheel group
>>>> This customization does not match the common OpenBMC use cases.
>>>> Abandoning this commit.
>>>>
>>>> Bonus topics:
>>>>
>>>> 2. Intel Hack-a-Thon 2021 results are coming soon.
>>>
>>> What does this mean?
>>>
>>
>> I believe Intel is trying publishing the results of
>> their "Intel (security) Hack-a-Thon 2021" by the end
>> of next week.
>>
>
> Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs?
>
> What can we expect?
>
OpenBMC Security Working Group Meeting Notes and Agenda are here:
https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u
Anything beyond that Intel would have to state what they are doing;
James?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 22:34 ` Bruce Mitchell
@ 2021-04-28 22:43 ` Andrew Jeffery
2021-04-29 3:54 ` Joseph Reynolds
0 siblings, 1 reply; 8+ messages in thread
From: Andrew Jeffery @ 2021-04-28 22:43 UTC (permalink / raw)
To: openbmc
On Thu, 29 Apr 2021, at 08:04, Bruce Mitchell wrote:
> On 4/28/2021 15:28, Andrew Jeffery wrote:
> >
> >
> > On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote:
> >> On 4/28/2021 15:20, Andrew Jeffery wrote:
> >>>
> >>>
> >>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
> >>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
> >>>>> This is a reminder of the OpenBMC Security Working Group meeting
> >>>>> scheduled for this Wednesday April 28 at 10:00am PDT.
> >>>>>
> >>>>> We'll discuss the following items on the agenda
> >>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
> >>>>> and anything else that comes up:
> >>>>>
> >>>>> 1. passwordless sudo access to members of the wheel group
> >>>> This customization does not match the common OpenBMC use cases.
> >>>> Abandoning this commit.
> >>>>
> >>>> Bonus topics:
> >>>>
> >>>> 2. Intel Hack-a-Thon 2021 results are coming soon.
> >>>
> >>> What does this mean?
> >>>
> >>
> >> I believe Intel is trying publishing the results of
> >> their "Intel (security) Hack-a-Thon 2021" by the end
> >> of next week.
> >>
> >
> > Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs?
> >
> > What can we expect?
> >
>
> OpenBMC Security Working Group Meeting Notes and Agenda are here:
> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u
Okay, so:
> 2 Intel HaT2021 results are being reviewed
> internally and are planned to be sent to the
> OpenBMC security response team.
So nothing is being made public yet it seems?
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: Security Working Group - Wednesday April 28 - results
2021-04-28 22:43 ` Andrew Jeffery
@ 2021-04-29 3:54 ` Joseph Reynolds
0 siblings, 0 replies; 8+ messages in thread
From: Joseph Reynolds @ 2021-04-29 3:54 UTC (permalink / raw)
To: openbmc
On 4/28/21 5:43 PM, Andrew Jeffery wrote:
>
> On Thu, 29 Apr 2021, at 08:04, Bruce Mitchell wrote:
>> On 4/28/2021 15:28, Andrew Jeffery wrote:
>>>
>>> On Thu, 29 Apr 2021, at 07:55, Bruce Mitchell wrote:
>>>> On 4/28/2021 15:20, Andrew Jeffery wrote:
>>>>>
>>>>> On Thu, 29 Apr 2021, at 07:01, Joseph Reynolds wrote:
>>>>>> On 4/27/21 4:48 PM, Joseph Reynolds wrote:
>>>>>>> This is a reminder of the OpenBMC Security Working Group meeting
>>>>>>> scheduled for this Wednesday April 28 at 10:00am PDT.
>>>>>>>
>>>>>>> We'll discuss the following items on the agenda
>>>>>>> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
>>>>>>> and anything else that comes up:
>>>>>>>
>>>>>>> 1. passwordless sudo access to members of the wheel group
>>>>>> This customization does not match the common OpenBMC use cases.
>>>>>> Abandoning this commit.
>>>>>>
>>>>>> Bonus topics:
>>>>>>
>>>>>> 2. Intel Hack-a-Thon 2021 results are coming soon.
>>>>> What does this mean?
>>>>>
>>>> I believe Intel is trying publishing the results of
>>>> their "Intel (security) Hack-a-Thon 2021" by the end
>>>> of next week.
>>>>
>>> Okay, but what does that mean? Are they pushing patches? Announcing CVEs? Opening bugs?
>>>
>>> What can we expect?
>>>
>> OpenBMC Security Working Group Meeting Notes and Agenda are here:
>> https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit#heading=h.8bihrhc0925u
> Okay, so:
>
>> 2 Intel HaT2021 results are being reviewed
>> internally and are planned to be sent to the
>> OpenBMC security response team.
> So nothing is being made public yet it seems?
Correct. The OpenBMC security response team should expect to have a
number of security vulnerability reports to triage. Some of the results
from Intel's HaT last year have been turned into fixes, so I'm happy to
see work being done here.
I'll try to make the announcement more clear next time.
- Joseph
https://github.com/openbmc/docs/blob/master/security/obmc-security-response-team.md
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-29 3:55 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-27 21:48 Security Working Group - Wednesday April 28 Joseph Reynolds
2021-04-28 21:31 ` Security Working Group - Wednesday April 28 - results Joseph Reynolds
2021-04-28 22:20 ` Andrew Jeffery
2021-04-28 22:25 ` Bruce Mitchell
2021-04-28 22:28 ` Andrew Jeffery
2021-04-28 22:34 ` Bruce Mitchell
2021-04-28 22:43 ` Andrew Jeffery
2021-04-29 3:54 ` Joseph Reynolds
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.