ProSphere UNIX Host Discovery is Insecure!!!

Many steps have been taken to improve the security of Unix host discovery, but there is one last major issue... Pushing/copying the 'inq' program/script to the directory in /tmp/nl_dwd and then allowing it to be run as root is a huge security hole!

ProSphere creates the /tmp/nl_dwd directory with drwxrwxrwx (777) permissions so anyone can replace the file and then have it run as root (via the sudoers setup) the next time ProSphere discovery is run.

Please change ProSphere's use of the inq utility to match what was done for fcinfo, powermt, etc.... let the Unix admin copy the program onto the host, in the directory of their choosing, so it can be assured to not be compromised!  Most of the Unix hosts (if not all) with SAN storage have inq installed already anyway.

I have pointed out this issue a few times over the last year and 6 months, but it has not been fully addressed as of yet.

If someone in ProSphere development could address this issue, it would be appreciated.