> "Ian Murdock" <[EMAIL PROTECTED]> wrote: > > > If OpenSolaris/Indiana moves to an Ubuntu/MacOS X style "always log in > > as a normal user, prompt for the root password when a command needs > > root" (implemented using sudo on Ubuntu, not sure about MacOS X), > > does the root shell issue not become moot? I.e., the root shell > > Shruk..... Solaris is secure by default.
The opposite had been true until a few months ago. And I mean the previously intended behavior (all ports open / services running), I'm not talking about the telnet "backdoor", such a thing can always happen. No, but Solaris systems just had not been "secure by default". You always had to harden them manually, at post-install time. There had been a link to a document guiding you through hardening a fresh Solaris install, somewhere related to the BSM docs, I have to look it up. You couldn't (and still can't) select some predefined security-level-profile during installation. That's no big loss now, now that services like telnet or rlogin are not running by default (after default fresh initial install). But until a while ago it had been a potential security risk (i.e. careless admin). > Even if the autologin happens on behalf of an unprivileged user this > is a security risk. "autologin" ?? He said _always_, not auto. With password. I'm pretty sure Ian did not mean such a hazardous thing like having a default user logged without password after each boot, the latter is indeed pure horror to imagine. martin _______________________________________________ opensolaris-discuss mailing list [email protected]
