Steve Norton <steve @
>On Tue, 26 Jul 1994, Brent Chapman wrote:
>> It's clear that SunOS 4.1.x is much more widely used (in general, not
>> just for firewalls) than any version of AIX. That means a lot more
>> people have had a good look at it, and have taken a crack at
>> discovering whatever security holes are there. That makes me feel
>> much more confident that what holes are there have been found by now.
>I have to disagree -- AIX is better choice solely because SunOS 4.1.X is
>sooo far out of date. It takes hundreds of patches, and replacement of
>most system utilities, to bring a SunOS box up to anything close to a
>secure state. I'm no great fan of IBM, but at least they dont ship
>systems with the sendmail debug hole.
No, but all otehr sendmail hoels are in place, including teh -d hole.
SunOS 4.1.x doesn't have the debug hole either.
The statement that ``AIX has had all standard Unix holes fixed''
surprised me greatly. It had all the Unix bugs we know and love,
including rdist and sendmail.
And a number of other worse bugs as well.
And AIX was also hit by the ``this is a neat program but it doesn't
seem to work for normal users, let's ship it set-uid root'' craze
that seems to be going around like a wild fire among Unix vendors.
SunOS 4.1.3_U1 doesn't seem to be needing that many security patches,
at least not ones to plug *gaping* holes as AIX does.