On Wed, Feb 27, 2002 at 08:04:26AM +1100, Catie Flick wrote:
> On 26 Feb, Tony Green wrote:
>
> > The security issue you are talking about, in my opinion, is not a real issue
> > but a 'management issue'. They don't understand that the security through
> > obscurity which MS is pushing is not the way to go.
>
> But there *are* security issues with Solaris (recently a rather
> intriguing exploit for login of all things), and the attitude of hushing
> up security issues by Sun is quite silly, and completely
In what way does Sun hush up security issues? The login hole you refer to
was very widely advertised by them, including warnings on the www.sun.com{.au}
homepage, large warnings on the sun support homepage (http://sunsolve.sun.com)
mail to the Sun security mailing list,
(http://sunsolve.sun.com/pub-cgi/show.pl?target=security/sec ), to bugtraq,
phone calls to customers, etc, etc, etc.
Similar (although not quite as widespread) advice was given for the more
recent snmp problems.
Sure Sun has security problems - what multiuser OS doesn't!!
(For what it's worth, I'm fairly certain that disabling execution of code
on the stack by putting "set noexec_user_stack=1" in /etc/system stops any
of the exploits for either the login or snmp bugs in their tracks)
Scott
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://lists.slug.org.au/listinfo/slug
