openbmc.lists.ozlabs.org archive mirror
 help / color / mirror / Atom feed
From: Parth Shukla <timevortex@google.com>
To: openbmc@lists.ozlabs.org
Subject: Security Working Group Meeting - Wed 14 October
Date: Tue, 13 Oct 2020 21:06:08 +0200	[thread overview]
Message-ID: <CAC1Cx+sq1RM4YBnbbiKq1uJ-1bjdETj2u116cSzsd2vhSo2K7Q@mail.gmail.com> (raw)

[-- Attachment #1: Type: text/plain, Size: 1126 bytes --]

This is a reminder of the OpenBMC Security Working Group meeting scheduled
for this Wednesday October 14 at 10:00am PDT.

We'll discuss the following items on the agenda
<https://docs.google.com/document/d/1b7x9BaxsfcukQDqbvZsU2ehMq4xoJRQvLxxsDUWmAOI/edit>,
and anything else that comes up:

   1. (Joseph): Follow up from 2020-8-19: Gerrit code review: BMCWeb webUI
   login change: https://gerrit.openbmc-project.xyz/c/openbmc/bmcweb/+/35457
   Question: What are the security risks of using the proposed config flag
   BMCWEB_INSECURE_ENABLE_UNAUTHENTICATED_ASSETS=YES?
      1. Fingerprinting (leak information about the BMC’s manufacturer and
      version).
      2. Attackers have an easier time getting the code to find and exploit
      security bugs.
      3. May make DoS easier.
      4. More?
   2. (Joseph): Per
   https://lists.ozlabs.org/pipermail/openbmc/2020-October/023530.html do
   we agree on the approach?  What security categories seem most important?

Access, agenda and notes are in the wiki:
https://github.com/openbmc/openbmc/wiki/Security-working-group

Regards,
Parth

[-- Attachment #2: Type: text/html, Size: 1899 bytes --]

             reply	other threads:[~2020-10-13 19:08 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-10-13 19:06 Parth Shukla [this message]
2020-10-15 14:14 ` Security Working Group Meeting - Wed 14 October - results Joseph Reynolds
2020-10-15 14:22   ` Security Working Group Meeting - Wed 14 October - request for security bug tracker Joseph Reynolds
2020-10-15 15:53     ` krtaylor

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAC1Cx+sq1RM4YBnbbiKq1uJ-1bjdETj2u116cSzsd2vhSo2K7Q@mail.gmail.com \
    --to=timevortex@google.com \
    --cc=openbmc@lists.ozlabs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).