On Sun, Dec 24, 2006 at 10:15:53PM -0500, Thor Lancelot
Simon wrote:
> On Sat, Dec 23, 2006 at 10:12:19AM -0500, Steven M.
Bellovin wrote:
> >
> > Hmm -- ok. There's a fair chance I'm going to
stick with the fdisk
> > partition anyway, to let me boot FreeBSD in native
mode, but I'll see.
> > (FreeBSD has better IPMI support; if I need to get
at it at that level,
> > I'd need FreeBSD. Hmm -- I wonder. I can assign
the PCI ports to the
> > FreeBSD domU; maybe that would work. Hmm... (The
right solution is
> > for me to port the FreeBSD driver to NetBSD, but
I'm not sure I'll have
> > time to do that before putting the machine into
production.))
>
> I've said it before, and I'll say it again: the right
solution, as
> regards IPMI, is to *not use it*. The litany of
security holes in IPMI
> implementations has been truly scary and I expect to
see more as it is
> used more.
Well, it can be used safely if the administrator is carefull
(e.g make sure
the native vlan of IPMI-enabled network interfaces is truely
private and
non-routed). IPMI has mostly the same issues as other
network-enabled
naive devices and protocols (e.g. SNMP)
--
Manuel Bouyer <bouyer antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la
difference
--
|