I was going through the documentation for version 5.2.1 (the latest) of the Network Appliance Filer operating system when I stumbled upon this little gem: "Use the disk_fw_update command to update out-of-date firmware on all disks or a specified disk on a filer. Each filer is shipped with a /etc/disk_fw directory that contains the latest firmware revisions." [...] "In the /etc/disk_fw directory, the firmware file name is in the form of product_ID.revision.LOD. For example, if the firmware file is for Seagate disks with product ID ST19171FC and the firmware revision is FB37, the file name is ST19171FC.FB37.LOD. The revision in the file name is the number against which the filer compares each disk's existing firmware revision." [...] "Before Data ONTAP 5.2, the disk_fw_update command copied firmware files from the /etc directory. In the /etc directory, the name for the firmware file was in the form of product_ID.LOD. The revision number was not included in the file name. Data ONTAP 5.2 continues to support firmware files in the /etc directory for backward compatibility. That is, if you obtain a disk firmware file and store it in the /etc directory, you can use the disk_fw_update command to copy that firmware file to disks, unless there is also a firmware file for the same product ID in the /etc/disk_fw directory. The files in the /etc/disk_fw directory take precedence over the files in the /etc directory." [...] Filer's typically have an "admin host" which can mount and read/write to the filer root directory. Without it, it's impossible to do any sort of system maintenance on the filer. If this host is compromised it's obviously bad news for the filer. But now, apparently new with the 5.x revisions of the filer operating system, a malicious individual can likely destroy the disk drive hardware itself. It is not known if any sort of sanity check is done on the contents of the firmware files; it's likely there is none, considering the type of code they contain. Of course, it is trivial to gain command line access to a filer once the admin host is compromised. They use what amounts to /etc/hosts.equiv for rsh access. It has always been important to make sure the "admin host" of a filer is secure. Now it seems Network Appliance has just raised the stakes; not only can you lose your data, but you can also potentially lose hundreds of thousands of dollars worth of hardware. -- Jason Downs downsjat_private Little. Yellow. Secure. http://www.openbsd.org/ Sending unsolicited commercial email to this address may be a violation of the Washington State Consumer Protection Act, chapter 19.86 RCW.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:33:43 PDT