FW: FW: URGENT!!!! FW: NetApp Filer software versions 5.x: poten

[shannon.madison () NETAPP COM (Madison, Shannon)]

Forwarded per Radek:

-----Original Message-----
From: Radek Aster
Sent: Friday, February 12, 1999 11:20 AM
Subject: Re: FW: URGENT!!!! FW: NetApp Filer software versions 5.x:
potential har dware killer (fwd)



IMHO, this is a pile. Jason makes the statement that he can create a file
(of the appropriate size), fill it will garbage, and download it to disk
drives which will then become bricks.

Geez. How stupid does he think Seagate is? Don't answer that. :-)

Seriously, the firmware files have checksums embedded in them. As part of
the update process, the drive will verify the checksum before committing
the firmware to flash. If the checksum doesn't verify, the update is
cancelled. No harm, no foul. Pretty SOP with firmware downloads. Heck, one
could make the same "security" argument with any hardware component with
downloadable firmware. Why pick on drives?

Granted, he *could* get his hands on unqualified and/or bad firmware and
download it to the drives .... is this enough to cry "the sky is falling"?

If this is seem as a serious enough "security issue", we can always ship
*encrypted* files, and decrypt them ourselves before downloading, thereby
verifying the contents and identity of files we ship.

--Radek

Jason Downs downsj () downsj com <mailto:downsj () downsj com> writes:

Jason>          I was going through the documentation for version 5.2.1
Jason> (the latest) of the Network Appliance Filer operating system when I
Jason> stumbled upon this little gem: "Use the disk_fw_update command to
Jason> update out-of-date firmware on all disks or a specified disk on a
Jason> filer. Each filer is shipped with a /etc/disk_fw directory that
Jason> contains the latest firmware revisions."

Jason>          [...]

Jason>          "In the /etc/disk_fw directory, the firmware file name is
Jason> in the form of product_ID.revision.LOD. For example, if the firmware
Jason> file is for Seagate disks with product ID ST19171FC and the firmware
Jason> revision is FB37, the file name is ST19171FC.FB37.LOD. The revision
Jason> in the file name is the number against which the filer compares each
Jason> disk's existing firmware revision."

Jason>          [...]

Jason>          "Before Data ONTAP 5.2, the disk_fw_update command copied
Jason> firmware files from the /etc directory. In the /etc directory, the
Jason> name for the firmware file was in the form of product_ID.LOD. The
Jason> revision number was not included in the file name. Data ONTAP 5.2
Jason> continues to support firmware files in the /etc directory for
Jason> backward compatibility. That is, if you obtain a disk firmware file
Jason> and store it in the /etc directory, you can use the disk_fw_update
Jason> command to copy that firmware file to disks, unless there is also a
Jason> firmware file for the same product ID in the /etc/disk_fw directory.
Jason> The files in the /etc/disk_fw directory take precedence over the
Jason> files in the /etc directory."

Jason>          [...]


Jason>          Filer's typically have an "admin host" which can mount and
Jason> read/write to the filer root directory.  Without it, it's impossible
Jason> to do any sort of system maintenance on the filer.  If this host is
Jason> compromised it's obviously bad news for the filer.  But now,
Jason> apparently new with the 5.x revisions of the filer operating system,
Jason> a malicious individual can likely destroy the disk drive hardware
Jason> itself.  It is not known if any sort of sanity check is done on the
Jason> contents of the firmware files; it's likely there is none,
Jason> considering the type of code they contain.  Of course, it is trivial
Jason> to gain command line access to a filer once the admin host is
Jason> compromised.  They use what amounts to /etc/hosts.equiv for rsh
Jason> access.  It has always been important to make sure the "admin host"
Jason> of a filer is secure.  Now it seems Network Appliance has just
Jason> raised the stakes; not only can you lose your data, but you can also
Jason> potentially lose hundreds of thousands of dollars worth of hardware.

Jason>          -- Jason Downs downsj () downsj com <mailto:downsj () downsj com>