Follow-up Comment #1, bug #67853 (group freeipmi): Hi, I can see how this feature can be useful under several circumstances. However, there is a security concern with it. (Side note: i only skimmed the patch, did not thoroughly review it yet.)
Since there is no security in this patch, I believe if a proxy is setup,
anyone can attach to it. That means if someone created an SOL session and
logged into the remote machine, any other user on the system could attach to
the proxy and get into the remote machine.
I brainstormed possible mitigations.
1) limit to localhost only and add some strongly worded documentation to say
"hey this is dangerous".
2) support this, but perhaps do not compile it into ipmiconsole by default.
Only developers who know what they are doing and accept the risk can turn it
on. (Side question, you added a "proxyaddr" option, because you needed it?)
3) support connections with something safe, like hypothetically a ssh-key
(could be passed in via command line option).
Side note, it does seem like you did some refactoring of ipmiconsole. If we
do want to move forward, it'd be nice to separate those refactorings out into
some separate commits, to make the code review easier.
thanks, plmk what your thoughts are.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?67853>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
