There is a discussion with Maksym on github about this. https://github.com/chu11/freeipmi/pull/1
In principle, I believe the patch is fine. However, b/c it would change behavior, I would like to see if anyone knows of a use case where this would cause problems. Al On Wed, 2016-03-02 at 20:45 +0100, Maksym Planeta wrote: > Hello, > > I found a possible security vulnerability in libfreeipmi, which may > affect software which runs under super user and uses this library. > > I have to admit that I did not test this patch, because I even failed to > compile the library correctly. But the code is straightforward. I took > it almost literally from the POSIX standard. > > An application, where this shortcoming pops up is SLURM. When, for > example, it is run with an energy plugin, which opens /dev/ipmi0, every > user process, which is started inside job allocation, has file > /dev/ipmi0 open. Although typical rights for this file are rw------- > > There is also a discussion on what /dev/ipmi0 access rights should be: > > https://lists.us.dell.com/pipermail/linux-poweredge/2009-August/039914.html > > _______________________________________________ > Freeipmi-devel mailing list > Freeipmi-devel@gnu.org > https://lists.gnu.org/mailman/listinfo/freeipmi-devel -- Albert Chu ch...@llnl.gov Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory _______________________________________________ Freeipmi-devel mailing list Freeipmi-devel@gnu.org https://lists.gnu.org/mailman/listinfo/freeipmi-devel
