Firewalls: Re: Tightening up SunOS 5.4 (was Re: Hardened OS)

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Tightening up SunOS 5.4 (was Re: Hardened OS)
From:	"Martin Cooper" <mjc @ quark . foobar . co . uk>
Date:	Fri, 3 Nov 1995 17:40:23 +0000 (GMT)
To:	smith @ sctc . com (Rick Smith)
Cc:	firewalls @ greatcircle . com
In-reply-to:	<199511031718 . LAA09560 @ shade . sctc . com> from "Rick Smith" at Nov 3, 95 11:18:54 am

> > No, but then you can hardly eliminate root can you? ;)
> 
> That's what we did on Sidewinder. It's a liability in a highly secure
> system, not a benefit.  Nobody, not even root, can bypass the
> mandatory aspects of the security mechanisms while the system is in
> normal operation and on the Net.


Oh, ok. I thought it wasn't possible.

I'm happy that root is just a name for uid 0, but what about
processes that need to be started at boot time? Will it be
possible to run these at boot time without an entry for root in
the password file, and without the setuid bits on executable
binaries?

If it is, then this seems like a fine security measure for a
bastion host.


Martin
-- 
Martin Cooper    http://www.foobar.co.uk/~mjc/  mjc @
 foobar .
 co .
 uk
Foobar Internet  http://www.foobar.co.uk/     sales @
 foobar .
 co .
 uk
Phone: +44 (0)116 2330033                Fax: +44 (0)116 2330035
The Magazine Business Centre, Newarke Street, LEICESTER, LE1 5SS

Follow-Ups:

Re: Tightening up SunOS 5.4 (was Re: Hardened OS)
From: Jim McBride <jim @ basic . net>
Re: Tightening up SunOS 5.4 (was Re: Hardened OS)
From: Rick Smith <smith @ sctc . com>

Indexed By Date	Previous:	Re: Java From: Mike Shaver <shaver @ neon . ingenia . com>
Indexed By Date	Next:	Re: Java From: Adam Jack <ajack @ corp . micrognosis . com>
Indexed By Thread	Previous:	Re: Tightening up SunOS 5.4 (was Re: Hardened OS) From: Wolfram Schmidt <Wolfram . Schmidt @ iao . fhg . de>
Indexed By Thread	Next:	Re: Tightening up SunOS 5.4 (was Re: Hardened OS) From: Rick Smith <smith @ sctc . com>