David Kovar <kovar @
NDA .
COM> wrote:
| My understanding is that SunOS 4.1.3_U1 contains that long list of
|patches, including the ones for sendmail. I will not swear to it,
|but it is worth checking out.
To the best of my understanding, SunOS 4.1.3_U1 does already contain a number
of patches for 4.1.3 - someone's got a list I remember seeing but don't seem to
have saved. However, there are still a couple of patches for 4.1.3_U1 that
are security related and probably desirable to the firewall builder. When
building a firewall recently using SunOS 4.1.3_U1, here are the
security-related SunOS 4.1.3_U1 patches I felt were needed:
101434-03 - lpd security
101436-02 - /bin/mail security
101440-01 - /usr/5bin/su path problems/security
101558-01 - libc patch / security
101579-01 - expreserve security hole
101587-01 - icmp, mbuff panic, security
101679-01 - modload security
For a total of 7 security-related patches (please don't ask me for a copy of
them). In fact, most of these aren't needed for a true administrative login-
only firewall - all of these except 101558-01 address a user getting root
access, not an outside user getting in and/or getting root access directly.
Note that I didn't use a couple of the more well-known patches, such as the
sendmail patch, simply because I don't use those utilities that need to be
patched (e.g., replacing Sun's buggy sendmail with Berkeley sendmail 8.6.9,
etc).
However, the original poster discussing the superiority of AIX because of
the "hundreds of patches that have to be applied to SunOS to be secure" and
"SunOS is soooo out of date", is simply mistaken concerning SunOS. From the
AIX administrators and AIX support people I know, I find the AIX statements
pretty counter to what they relate, also.
Randy Davis Email: randy @
megatek .
com
Corporate Network and System Administrator
Megatek Corporation, San Diego, California
|
|
