7

We bring in hard drives from un-trusted sources and would like to ensure that they will not contain any harmful content.

What kind of risk is there for Solaris? As in, if Solaris is running, and I attach a drive, I would run format and then check there is only one fdisk partition and it covers the whole drive, then I would run verify in format in order to erase all the data (and test the drive). Is this foolproof? (short of an actual computer inside the hard drive)

I know on Windows there are or have been all kinds of vulnerabilities or auto-run functions. I want to know if I can use Solaris in order to eliminate this problem entirely.

AviD
  • 72,138
  • 22
  • 136
  • 218
700 Software
  • 13,807
  • 3
  • 52
  • 82
  • 1
    A coherent review of the risk in this case would require many hours of work. Given that the threat is unknown and the exposure is unknown, I don't think anyone will do the work to completely analyze the vulnerabilities. Providing the thread and exposure might provide the scope on the vulnerabilites that you are likely to face. Without a good analysis the answer for untrusted components is that they are unsafe. – this.josh Jul 19 '11 at 01:55
  • +1 for "malicious harddrive". I really hope this is a harddrive with teeth that slowly eats the contents of your pc case. – Sirex Jul 20 '11 at 09:58

3 Answers3

6

An adversary who is aware of your procedure could manipulate the hardware to exploit the tools you are using. The filesystem driver itself and any automatically executed programs after mounting the drive can be attractive candidates for this.

However, this would be a rather obscure attack. Since you only look at the partition table and the format tool likely also considers inconsistent drive data, your risk is probably rather low. As long as you don't mount partitions from unknown sources, there should be no problem.

Another even more obscure attack would be to manipulate the hard drive such that it uses DMA to compromise your system. This is even less likely and probably what you mean by "computer inside the hard drive".

pepe
  • 3,536
  • 14
  • 14
6

I agree the risks should be low, for the reasons @pepe mentions in his answer, but do not believe the solution is "foolproof".

A better solution for cleaning media safely may be to run a Live CD without any local storage (no non-volatile storage) or connectivity (network or shared resources) to other systems. In theory, you can reboot the host post-cleaning and restore to the known good state.

lew
  • 1,536
  • 8
  • 11
5

Use a special purpose live CD GParted Live CD

Seriously, if you are worried about custom hacking kit hidden inside your second hand hard drives, then go and buy them new from a legitimate verified source.

But embedded hacker chips in hard drives is actually feasible, and a pretty good idea for a project, gotta get me an ebay account LOL. The trouble would be making them actually work as hard drives.

Andrew Russell
  • 3,633
  • 1
  • 20
  • 29