Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / phosphor-host-ipmid / 6ba8d31525130dbb5ef5b60336993ef7b50a8f51
commit6ba8d31525130dbb5ef5b60336993ef7b50a8f51[log] [tgz]
authorRichard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>Fri Apr 10 23:52:50 2020 +0530
committerVernon Mauery <vernon.mauery@linux.intel.com>Wed Apr 15 19:58:09 2020 +0000
tree1b70707cf02aa67fa96b9c27354c0b53d6ff2b5a
parentb265455a2518ece7c004b43c144199ec980fc620 [diff]
[Fix]: Restrict password file permissions to 600

pam-ipmi is already updated restrict file permission of /etc/key_file
& /etc/ipmi_pass to 600 during creation. But this won't affect when firmware
is updated with nv section preserved or without user credentials getting
changed. This commit will check the file permission on every boot and update
both the files to 600.

Tested:
1. Verified that RMCP+ connection still works after this change
2. Manually set file permission to 777 and restrating ipmid or BMC
will fix the same.

Change-Id: Icfe8af5af918792412fb42e8114fcf859848e1a8
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>
2 files changed
tree: 1b70707cf02aa67fa96b9c27354c0b53d6ff2b5a
  1. app/
  2. docs/
  3. include/
  4. libipmid/
  5. libipmid-host/
  6. scripts/
  7. softoff/
  8. test/
  9. user_channel/
  10. xyz/
  11. .build.sh
  12. .clang-format
  13. .gitignore
  14. .travis.yml
  15. apphandler.cpp
  16. apphandler.hpp
  17. bootstrap.sh
  18. chassishandler.cpp
  19. chassishandler.hpp
  20. configure.ac
  21. dcmihandler.cpp
  22. dcmihandler.hpp
  23. elog-errors.hpp
  24. entity_map_json.cpp
  25. entity_map_json.hpp
  26. error-HostEvent.hpp
  27. fruread.hpp
  28. generate_whitelist.sh
  29. globalhandler.cpp
  30. globalhandler.hpp
  31. groupext.cpp
  32. host-cmd-manager.cpp
  33. host-cmd-manager.hpp
  34. host-interface.cpp
  35. host-interface.hpp
  36. host-ipmid-whitelist.conf
  37. ipmi_fru_info_area.cpp
  38. ipmi_fru_info_area.hpp
  39. ipmid-new.cpp
  40. ipmisensor.cpp
  41. ipmiwhitelist.hpp
  42. LICENSE
  43. MAINTAINERS
  44. Makefile.am
  45. read_fru_data.cpp
  46. read_fru_data.hpp
  47. README.md
  48. sample.cpp
  49. sample.h
  50. selutility.cpp
  51. selutility.hpp
  52. sensordatahandler.cpp
  53. sensordatahandler.hpp
  54. sensorhandler.cpp
  55. sensorhandler.hpp
  56. settings.cpp
  57. settings.hpp
  58. storageaddsel.cpp
  59. storageaddsel.hpp
  60. storagehandler.cpp
  61. storagehandler.hpp
  62. sys_info_param.cpp
  63. sys_info_param.hpp
  64. systemintfcmds.cpp
  65. systemintfcmds.hpp
  66. testaddsel.cpp
  67. testit.cpp
  68. transporthandler.cpp
  69. whitelist-filter.cpp
README.md

To build this package, do the following steps:

1. ./bootstrap.sh
2. ./configure ${CONFIGURE_FLAGS}
3. make

To clean the repository run ./bootstrap.sh clean.