Subject: Re: Xen, VT, and RAID
To: Thor Lancelot Simon <>
From: Manuel Bouyer <>
List: port-xen
Date: 12/25/2006 19:01:20
On Sun, Dec 24, 2006 at 10:15:53PM -0500, Thor Lancelot Simon wrote:
> On Sat, Dec 23, 2006 at 10:12:19AM -0500, Steven M. Bellovin wrote:
> >
> > Hmm -- ok.  There's a fair chance I'm going to stick with the fdisk
> > partition anyway, to let me boot FreeBSD in native mode, but I'll see.
> > (FreeBSD has better IPMI support; if I need to get at it at that level,
> > I'd need FreeBSD.  Hmm -- I wonder.  I can assign the PCI ports to the
> > FreeBSD domU; maybe that would work.  Hmm...  (The right solution is
> > for me to port the FreeBSD driver to NetBSD, but I'm not sure I'll have
> > time to do that before putting the machine into production.))
> I've said it before, and I'll say it again: the right solution, as
> regards IPMI, is to *not use it*.  The litany of security holes in IPMI
> implementations has been truly scary and I expect to see more as it is
> used more.

Well, it can be used safely if the administrator is carefull (e.g make sure
the native vlan of IPMI-enabled network interfaces is truely private and
non-routed). IPMI has mostly the same issues as other network-enabled
naive devices and protocols (e.g. SNMP)

Manuel Bouyer <>
     NetBSD: 26 ans d'experience feront toujours la difference