From: Sunitha Harish <sunithaharish04@gmail.com>
To: Patrick Williams <patrick@stwcx.xyz>
Cc: gmills@us.ibm.com, openbmc@lists.ozlabs.org, ed@tanous.net,
geissonator@yahoo.com
Subject: Re: File Manager Service in OpenBMC
Date: Wed, 14 Feb 2024 11:10:09 +0530 [thread overview]
Message-ID: <150b6256-3a2c-48dc-a806-186ad5a6b366@gmail.com> (raw)
In-Reply-To: <Zct-SbPMtzAAvU9O@heinlein.vulture-banana.ts.net>
[-- Attachment #1: Type: text/plain, Size: 1694 bytes --]
On 13/02/24 8:05 pm, Patrick Williams wrote:
> On Thu, Feb 08, 2024 at 12:52:11PM +0530, Sunitha Harish wrote:
>> This usecase is being re-designed, to stop
>> bmcweb from modifying and accessing BMC file system directly.
> Why? What motivated this?
This is being worked due to Ed's concern over the bmcweb design of IBM Management console APIs.
We will be removing the current bmcweb implementation and moving towards a dbus app based file
operations to make the design in-line with any other BMC features.
>> To achieve this, a dbus & backend application is needed. This should
>> provide APIs to Create, Update, Get and Delete a file. This application
>> should also take care of security aspects of the File upload usecases,
>> before letting the BMC file system updated. Please share your views on
>> adding this application.
> What are the "security aspects"? This is a very broad statement and
> feels a bit hand-wavy.
Security aspects include the storage path, size and the directory & file sizes, contents, permissions etc.
> I'm not really sure what views you expected anyone to give. There are
> basically 2 sentences of details here. My gut reaction is "this sounds
> like a CVE waiting to happen", but, if you want to write a design
> document proposal go ahead.
>
Agree, this app would allow the file uploads to the BMC. Thus a threat model and validations of the incoming data should be in place.
There is no DMTF schema available to do the file operations.
I have initiated a thread at DMTF athttps://redfishforum.com/thread/1014/file-collection-resource
Current plan is to retain IBM OEM REST path /ibm/v1; which will invoke the APIs provided by this file manager.
[-- Attachment #2: Type: text/html, Size: 2818 bytes --]
prev parent reply other threads:[~2024-02-14 5:41 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-08 7:22 File Manager Service in OpenBMC Sunitha Harish
2024-02-08 23:18 ` Andrew Jeffery
2024-02-09 5:53 ` Sunitha Harish
2024-02-11 22:15 ` Andrew Jeffery
2024-02-12 15:04 ` Sunitha Harish
2024-02-12 22:36 ` Andrew Jeffery
2024-02-13 6:44 ` Sunitha Harish
2024-02-13 14:32 ` Patrick Williams
2024-02-14 5:30 ` Sunitha Harish
2024-02-13 14:35 ` Patrick Williams
2024-02-14 5:40 ` Sunitha Harish [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=150b6256-3a2c-48dc-a806-186ad5a6b366@gmail.com \
--to=sunithaharish04@gmail.com \
--cc=ed@tanous.net \
--cc=geissonator@yahoo.com \
--cc=gmills@us.ibm.com \
--cc=openbmc@lists.ozlabs.org \
--cc=patrick@stwcx.xyz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).