Subject: Re: Xen, VT, and RAID
To: Thor Lancelot Simon <tls@rek.tjls.com>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: port-xen
Date: 12/25/2006 19:01:20
On Sun, Dec 24, 2006 at 10:15:53PM -0500, Thor Lancelot Simon wrote:
> On Sat, Dec 23, 2006 at 10:12:19AM -0500, Steven M. Bellovin wrote:
> >
> > Hmm -- ok. There's a fair chance I'm going to stick with the fdisk
> > partition anyway, to let me boot FreeBSD in native mode, but I'll see.
> > (FreeBSD has better IPMI support; if I need to get at it at that level,
> > I'd need FreeBSD. Hmm -- I wonder. I can assign the PCI ports to the
> > FreeBSD domU; maybe that would work. Hmm... (The right solution is
> > for me to port the FreeBSD driver to NetBSD, but I'm not sure I'll have
> > time to do that before putting the machine into production.))
>
> I've said it before, and I'll say it again: the right solution, as
> regards IPMI, is to *not use it*. The litany of security holes in IPMI
> implementations has been truly scary and I expect to see more as it is
> used more.
Well, it can be used safely if the administrator is carefull (e.g make sure
the native vlan of IPMI-enabled network interfaces is truely private and
non-routed). IPMI has mostly the same issues as other network-enabled
naive devices and protocols (e.g. SNMP)
--
Manuel Bouyer <bouyer@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--