On 2009-11-18 07:20, Adam Nielsen wrote: >>> Maybe this was to discourage us from flashing our own code? Who knows. >>> If anyone from Dell is listening, you really don't have to bother doing >>> that :-) >> Since the firmware shell was based on busybox, GPL compels them to >> publish source for at least part of the firmware. Theoretically, they >> should be publishing it in the same place as the binary, but this is not >> too bad. I'm not sure how long they've been publishing source, but I >> couldn't find it when I looked around a couple of years ago. > > Sorry, I think you misunderstood what I meant. I was just saying that > Dell needn't bother ripping out "secret" parts of the non-GPL'd source > before publishing it, because unless there's a backdoor or something in > there nothing bad will come of it. If we can reflash our own firmware > and get full control of the hardware, what does it matter if we find a > few debugging commands in racadm?
You may have misunderstood me as well. I'm saying Dell should have been providing source all along. In fact, I reported them to the busybox maintainers a couple of years ago, so that may be why you're finally seeing source now. What matters more is if we find vulnerabilities. And, since I've been able to get a root shell on a DRAC in the past without access to the source, I'm fairly confident they're there. Dell's firmware and supporting code are *not* securely written. A word of advice: don't install the virtual media and remote console plugins in a browser you use for other things. _______________________________________________ Linux-PowerEdge mailing list [email protected] https://lists.us.dell.com/mailman/listinfo/linux-poweredge Please read the FAQ at http://lists.us.dell.com/faq
