[geeks] Solaris resiliency to crashing w/full root partition?

velociraptor velociraptor at gmail.com
Sun Oct 2 12:14:01 CDT 2005


On 10/2/05, Charles Shannon Hendrix <shannon at widomaker.com> wrote:
> > They check for nothing later than Solaris 7, and apparently the
> > only Unices in the universe are Solaris, IRIX, AIX, and HP-UX.
> > We'd be perfectly happy to comply with, say, current CIS best
> > practices that take into account that you aren't putting a bare
> > server onto the internet.
>
> What do they do if you run it on a system and the script fails to run?
>
> This reminds me of the idiot I used to work for that wanted us to run
> Norton Antivirus on all Perl code we shipped out.

These guys ride the short bus, but I don't think I could convince
them that the script wouldn't run given that it uses "sh". :-)

That said, I was tempted to create some very crude host.allow/
host.deny files just to shut them up on "you don't run tcp wrappers".
Well, *duh*, nothing runs out of inetd.  But my ethics kicked in. So, I
provided a detailed explanation as to how that wouldn't help things,
&c.  Rowr, yet another RAF (risk acceptance form) to write.

Then our CSO wanted me to write up a similarly detailed explanation
on SUID/SGID files since I had stated that the IG's contention that
"having SUID/SGID files was a significant risk" was too broad to
address.  I was like, great, I have to explain to idjits how UNIX works...
Fortunately we found the previous RAF for it.   Yeah, a RAF for the
OS-installed SUID/SGID files!

=Nadine=



More information about the geeks mailing list