Jason Downs <downsjat_private> writes: > If this host is compromised it's obviously bad news for the filer. > But now, apparently new with the 5.x revisions of the filer operating > system, a malicious individual can likely destroy the disk drive > hardware itself. How is this different from any host (Unix, Windows, DOS, network equipment) that has one or more components with upgradeable firmware? > It is not known if any sort of sanity check is done on the contents of > the firmware files; it's likely there is none, considering the type of > code they contain. That's an interesting logical leap. I asked NetApp quite a few questions about this before I upgraded our F630 FC disk firmware -- according to them, it's nearly impossible to turn disks into expensive bricks. If I recall correctly, the procedure goes something like this: after the new firmware has completed uploading, the checksum is verified and/or it is tested in other ways (there is room for both the old and new copies, I guess), and only then will the disk switch over to the new firmware using some atomic operation. So it may be true that someone could construct an evil firmware that also passes muster (it may be difficult to do this -- I don't know), and upon gaining root access to your filer, instead of zeroing all of your disks, they turn your disks into bricks. If they can't construct an evil firmware, I guess they could downgrade your firmware version at the very least. To be honest, I don't know how irrecoverable today's disks are when a bad firmware is uploaded. I suppose that if the prospect of having all your disks zeroed wasn't enough for you to secure your filer(s), maybe this would be enough to scare you. However, I'm not sure why you'd keep your data on a $100,000 RAID if that was the case. - Dan
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:34:06 PDT