Hi James, James Carlson wrote: > Garrett D'Amore writes: > >> I think this may warrant promotion to a fast track. >> > > Definitely. > > >> In particular, the interface that the LMS exports to the rest of the >> system (perhaps just acting as an HTTP proxy) warrants some basic review. >> >> The questions I'd like to see answered in a fasttrack are: >> >> 1) does LMS export any interface over the network? (If its a web >> proxy....) >> >> 2) what is the administrative interface to manage the LMS service? >> (SMF? properties for managing what port it binds to, etc?) >> >> 3) how does this fit within secure-by-default? Does the service >> listen only to IN_ADDR_ANY, or does it open up a port accessible to the >> entire network? >> > > More generally: have you looked at the security questionnaires? How > do you comply with them? > > http://www.opensolaris.org/os/community/arc/policies/ITS/ > http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ > > http://www.opensolaris.org/os/community/arc/bestpractices/security-questions/ > I think we are OK, since LMS only accepts connections from the local machine. See: http://openamt.org/wiki/LocalManageabilityService
> Are the port numbers involved registered with IANA? What security is > provided? > The ports are registered with IANA: 16992 and 16993. HTTP digest access authentication is required. > What privileges are required to talk with the kernel driver? What > does that kernel driver do? > The kernel driver requires root privileges. The driver just passes the HTTP requests down to the AMT firmware and passes the HTTP responses back up. > Would it be necessary for someone inside a non-global zone to access > that driver? If not, why not? If so, then how is that secured > How about inside an xVM instance? > > I'm going to let David answer to these questions. >
