Last Modified: May 29, 2024
Affected Product(s):
F5OS F5OS
Fixed In:
F5OS-C 1.6.0, F5OS-A 1.7.0
Opened: Jul 27, 2022 Severity: 3-Major
When performing a USB install, F5OS creates the ISO file used for installation under /var/import/staging. Under certain conditions, this newly created ISO file is missing the immutable bit, allowing the file to be potentially modified or deleted while it is in use.
New ISO file is missing the immutable bit (should show up as an 'i' in the chattr output). [root@appliance-1 ~]# lsattr /var/import/staging/ -------------e-- /var/import/staging/F5OS-A-1.1.0-7645.R5R10.iso This results in risk of the ISO file being deleted or modified while in use.
Perform a USB install of F5OS.
If the imported ISO file is still present in /var/import/staging, set the immutable bit on it, for example: chattr +i /var/import/staging/R5R10.1.1.1-9159.iso If the imported ISO file is missing, that is, because it was deleted or renamed: 1. Put a copy of the ISO file on the rSeries appliance named precisely the same as the original file was, for example: Copy the ISO file to the rSeries appliance, but name it "R5R10.1.1.1-9159.iso" and put it in /var/import/staging/ 2. Set the immutable bit on the file: chattr +i /var/import/staging/R5R10.1.1.1-9159.iso 3. Reboot the device.
N/A