[rescue] irix insecurity (was: Sparcstation 2 help! Please)
Dave McGuire
rescue at sunhelp.org
Sun Sep 23 18:18:52 CDT 2001
On September 23, Greg A. Woods wrote:
> > Well I don't run their mindset in on my network...I run the
> > software. Security problems I can fix (and so can you, and any other
> > sysadmin that's worth a damn).
>
> Fixing IRIX, properly, would damn near require replacing it entirely.
> Certainly you'd have to loose anything SGI wrote and which either has
> the setuid/setgid bits set, or are run in any privileged state and can
> be influenced by external input.
>
> My advice last time someone asked me about running IRIX out in full view
> of the public Internet without a firewall was that they'd better have
> 24x7 monitoring and static content that can be burned on a CD along with
> the OS so everything can run read-only! ;-)
Well, I've done it, on a fairly high-visibility network, with no
major problems. Granted it was about 4 years ago..
*sigh* One day I'll figure out why you and I have opposite experiences
with the same things. I'm beginning to think there's an
interdimensionsal rift between us or something.
-Dave
--
Dave McGuire
Laurel, MD
More information about the rescue
mailing list