The IBM General Parallel File System (IBM GPFS) is a high performance cluster file system powering some of the world's biggest super computers. Customers range from "Infiniti Red Bull Racing" to the "Bayrische Börse AG", as well as many universities around the globe. This makes it a prime target for attackers as not only the data stored in the file system is valuable, but also the machines running the GPFS are quite powerful, too. Besides presenting a detailed overview of the GPFS architecture and the flaws that come with it, we walk through the discovery and exploitation of a bug that looked simple at first but developed to a very special journey into the guts of GPFS.
Florian Grunow is a security analyst at ERNW. He holds a Master of Science degree in computer science with a focus on software engineering and medical devices.
Felix is a security researcher working for ERNW GmbH. His main interests are application security, reverse engineering and virtualization security. Felix has disclosed critical vulnerabilities in popular software such as Hyper-V, Xen, Typo3 or IBM GPFS and has presented his work at international conferences like PHDays, Hack in the Box, Infiltrate and Troopers.