Remote install of solaris on a 220R

• Previous message: Remote install of solaris on a 220R
• Next message: Remote install of solaris on a 220R CORRECTIONS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting Hal Pomeranz (hal at deer-run.com):
...
> CY> Then you get to build tools and make packages.  Unless you trust
> CY> other people.
> 
> www.sunfreeware.com is your friend.  I just wished they used PGP
> signatures on their packages.

And that they didn't make binaries owned by bin, or change
/usr/local/bin/ owned by bin.  It's easier to become bin than
it is to become root, hole history has shown.  When sun used
to make /etc/ a bin owned directory, a bad (shipped)
/etc/hosts.equiv meant that getting into (my own) company's
servers and get root took just a few minutes.  My point was
finally made and a firewall put in and access to unaudited
machines deeply restricted from the WAN.


I'll also peeve, because I make /usr/ and /usr/local readonly
and /usr/local is exported, that config files go into /etc.
/etc/local is acceptable, but the only things that really
WANTS configs on shared media is sudo.

> I also support the OpenSSH packages at ftp.cisecurity.org, which I
> think are better than the ones at sunfreeware.com, albeit mine are
> only 32-bit binaries for backwards compatibility.

I'll also note that OpenSSH from the source has a contrib/ script
that makes a Sun package.  Of all things you likely want to self
compile....

And Hal, the deer in my yard say hello and mock you for leaving
their hills.

• Previous message: Remote install of solaris on a 220R
• Next message: Remote install of solaris on a 220R CORRECTIONS
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]