Security Working Group meeting today

Security Working Group meeting today

[Joseph Reynolds]

This is a reminder of the OpenBMC Security Working Group meeting 
scheduled for this Wednesday November 11 at 10:00am PDT.
Apologies if this is a duplicate email.

We'll discuss the following items on the agenda 
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, 
and anything else that comes up:

 1.

    Is OpenBMC ready to move from root to an admin account?  See
    https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/33847
    <https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/33847>

 2.

    The PAM_ABL module https://github.com/deksai/pam_abl
    <https://github.com/deksai/pam_abl>is no longer supported.  We had
    discussed using PAM_ABL to help prevent DoS.

 3.

    The CSIS
    <https://www.cloudsecurityindustrysummit.org/#documents>published a
    paper “A Case for a Trustworthy BMC
    <https://cloudsecurityindustrysummit.s3.us-east-2.amazonaws.com/a-case-for-a-trustworthy-bmc.pdf>”
    that gives recommendations for security.  A section analyzes how
    well the OpenBMC project meets these recommendations
    <https://cloudsecurityindustrysummit.s3.us-east-2.amazonaws.com/a-case-for-a-trustworthy-bmc.pdf#h.h0igu5dbvaun>. 
    I’ve added this to the OpenBMC security wiki.


Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group 
<https://github.com/openbmc/openbmc/wiki/Security-working-group>

Re: Security Working Group meeting today

[Joseph Reynolds]

On 11/11/20 7:58 AM, Joseph Reynolds wrote:
> This is a reminder of the OpenBMC Security Working Group meeting 
> scheduled for this Wednesday November 11 at 10:00am PDT.
> Apologies if this is a duplicate email.

Here are the summary meeting notes.

> We'll discuss the following items on the agenda 
> <https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>, 
> and anything else that comes up:
>
> 1.  Is OpenBMC ready to move from root to an admin account?  See
>    https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/33847
> <https://gerrit.openbmc-project.xyz/c/openbmc/docs/+/33847>

Please add an image feature for an admin account. It should work and 
play nicely with the existing phosphor-user-manager support and with the 
sudo package.


>
> 2.  The PAM_ABL module https://github.com/deksai/pam_abl
>    <https://github.com/deksai/pam_abl>is no longer supported.  We had
>    discussed using PAM_ABL to help prevent DoS.

No discussion.


> 3. The CSIS
> <https://www.cloudsecurityindustrysummit.org/#documents>published a
>    paper “A Case for a Trustworthy BMC
> <https://cloudsecurityindustrysummit.s3.us-east-2.amazonaws.com/a-case-for-a-trustworthy-bmc.pdf>”
>    that gives recommendations for security.  A section analyzes how
>    well the OpenBMC project meets these recommendations
> <https://cloudsecurityindustrysummit.s3.us-east-2.amazonaws.com/a-case-for-a-trustworthy-bmc.pdf#h.h0igu5dbvaun>. 
>
>    I’ve added this to the OpenBMC security wiki.

No discussion.  Plans are to track OpenBMC’s efforts in the security wiki.


Bonus item 4: Anton’s progress in running daemon processes as a non-root 
user. ANSWER:

Success making a sandbox that launched multiple daemons (BMCWeb  and 
ipmi-network) using less-privileged “namespace’d users” and using Linux 
groups to carry authority.  These daemons communicate with the rest of 
the system via D-Bus.

We also discussed if this daemon work has any tie-ins or complication 
with the work to login with a non-root admin or operator account. We 
also discussed what model / low-level design to use network user 
successfully authenticates: how to drop root authority.
>
> Access, agenda and notes are in the wiki:
> https://github.com/openbmc/openbmc/wiki/Security-working-group 
> <https://github.com/openbmc/openbmc/wiki/Security-working-group>
>
>