I find this all rather amusing.
IF somebody really wants to screw us up and IF they can crack our firewall and IF they can crack the root password of our admin host and IF they care to upgrade the firmware on our filer and IF they know how to do it and IF it breaks the filer beyond usablility
THEN
that's whay we have backups and that's why we buy hardware support.
Frankly I think the chances of all those IF's above happening are very, very, small - and worth the trade-off to be able to upgrade the firmware on the disks. Stupid command? I think not.
My guess is that someone that cracked the root password of our system would have far bigger fish to fry.
Graham
Jason Downs wrote:
In message 199921122746541@ix.netcom.com, sirbruce@ix.netcom.com writes:
This simply isn't true; there's many sorts of system maintenance that can be done on the console without an admin host, and even moreso now with Web-based administation. One doesn't even have to have a permanent admin host... you could just briefly export the root directory for a quick update, then unexport it from the filer console.
So you're saying that having a Java runtime on the filer is an improvement in security? That's insane.
This isn't new; a malicious individual could potentially effect firmware in previous versions. This is potentially the case in almost any OS... although I admit, 5.x makes it a little "easier" to do so. Firmware also isn't hardwar e, although bad firmware could theoretically lead to physical damage of the disk drive hardware mechanism.
It doesn't make it easier. It makes it trivial.
Wrong. People keep thinking the admin host is some mythical authoritative host. It isn't. It's nothing. Forget the term. You *can*, if you like, allow one or more hosts to telnet into the filer, rsh into it without a password, or mount it's root partitions. These are no more or no less a factor in the filer than in any other system, and you are perfectly capable of *not* allowing a host to do any of the above. The filer will continue to work.
And you will be unable to update it's /etc/passwd, /etc/quotas, etc. You must not run a filer in an environment that changes often.
Now it seems Network Appliance has just raised the stakes; not only can you lose your data, but you can also potentially lose hundreds of thousands of dollars worth of hardware.
This isn't true, and no one should be doing risk-analysis assuming that a user accessing a system through software can't do damange to the hardware underneath.
It is true. Perhaps you should pull your head out of the sand for a minute and stop blindly defending the existance a stupid command.
-- Jason Downs downsj@downsj.com
Little. Yellow. Secure. http://www.openbsd.org/
Sending unsolicited commercial email to this address may be a violation of the Washington State Consumer Protection Act, chapter 19.86 RCW.