ProSphere UNIX Host Discovery is Insecure!!!

Many steps have been taken to improve the security of Unix host discovery, but there is one last major issue... Pushing/copying the 'inq' program/script to the directory in /tmp/nl_dwd and then allowing it to be run as root is a huge security hole!

ProSphere creates the /tmp/nl_dwd directory with drwxrwxrwx (777) permissions so anyone can replace the file and then have it run as root (via the sudoers setup) the next time ProSphere discovery is run.

Please change ProSphere's use of the inq utility to match what was done for fcinfo, powermt, etc.... let the Unix admin copy the program onto the host, in the directory of their choosing, so it can be assured to not be compromised! Most of the Unix hosts (if not all) with SAN storage have inq installed already anyway.

I have pointed out this issue a few times over the last year and 6 months, but it has not been fully addressed as of yet.

If someone in ProSphere development could address this issue, it would be appreciated.

Responses(2)

umichklewis

1.2K Posts

0

February 28th, 2014 10:00

You're not the first customer to raise this issue, but I doubt you'll get much response from the forum in this fashion. The EMCers who reply on the Support site are generally Support people or Marketing, not Product Development.

You'll want to raise a Request For Enhancement request with EMC. That creates a trackable request that can be followed up on. Doing so ensures that you can query for status and make sure someone is not ignoring it.

To do this, go to http://powerlink.emc.com (not the EMC Support Site), and select Support > Request Support > Request Product Enhancement.

The more customers who submit RFEs, the sooner EMC will address this glaring issue.

Karl

Michael_Roney

14 Posts

0

February 28th, 2014 10:00

Thanks for the information on the RFE. I am trying to submit one, but I am not finding ECC, ProSphere or SRM in the list of products.

View All

No Events found!