On Thu, 2012-07-26 at 07:21 -0700, Andy Cress wrote: > Al, > > This is in the open session logic (once). > If the session requires a higher privilege level, it should request a > higher privilege level. > Either the firmware will allow the session open with the requested > privilege or it won't. > I don't understand your reference to 'random IPMI commands'.
Ohhh, you're right. It would be caught at the set session privilege level stage later on, I forgot about that. My "random IPMI commands" was in reference to the actual IPMI commands sent out later in the session, like Get Device ID or Get Sensor Reading or Get SEL Info. I'm mixing different issues in my head. Al > Is there really a use case where you would not want it to proceed, given > that there is a use case (ILO3 bug) where allowing it to go through is > better? > > Andy > > > Even if the privilege is detected wrong here, it should not abort, but > > proceed. > > If the privilege is wrong, the target firmware will reject it. > > I do a similar check/error out in FreeIPMI. I believe it's the right > thing to do to error out at the "authentication phase" and tell the user > they can't connect at the requested privilege level. Otherwise, random > IPMI commands will just fail with "privilege level not sufficient" later > on. > > Al > -- Albert Chu ch...@llnl.gov Computer Scientist High Performance Systems Division Lawrence Livermore National Laboratory ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Openipmi-developer mailing list Openipmi-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openipmi-developer