In message 199921122746541@ix.netcom.com, sirbruce@ix.netcom.com writes:
This simply isn't true; there's many sorts of system maintenance that can be done on the console without an admin host, and even moreso now with Web-based administation. One doesn't even have to have a permanent admin host... you could just briefly export the root directory for a quick update, then unexport it from the filer console.
So you're saying that having a Java runtime on the filer is an improvement in security? That's insane.
This isn't new; a malicious individual could potentially effect firmware in previous versions. This is potentially the case in almost any OS... although I admit, 5.x makes it a little "easier" to do so. Firmware also isn't hardwar e, although bad firmware could theoretically lead to physical damage of the disk drive hardware mechanism.
It doesn't make it easier. It makes it trivial.
Wrong. People keep thinking the admin host is some mythical authoritative host. It isn't. It's nothing. Forget the term. You *can*, if you like, allow one or more hosts to telnet into the filer, rsh into it without a password, or mount it's root partitions. These are no more or no less a factor in the filer than in any other system, and you are perfectly capable of *not* allowing a host to do any of the above. The filer will continue to work.
And you will be unable to update it's /etc/passwd, /etc/quotas, etc. You must not run a filer in an environment that changes often.
Now it seems Network Appliance has just raised the stakes; not only can you lose your data, but you can also potentially lose hundreds of thousands of dollars worth of hardware.
This isn't true, and no one should be doing risk-analysis assuming that a user accessing a system through software can't do damange to the hardware underneath.
It is true. Perhaps you should pull your head out of the sand for a minute and stop blindly defending the existance a stupid command.
-- Jason Downs downsj@downsj.com
Little. Yellow. Secure. http://www.openbsd.org/
Sending unsolicited commercial email to this address may be a violation of the Washington State Consumer Protection Act, chapter 19.86 RCW.