>Yes - especially when it comes to things like marking stacks and data >sections non-executable and adding better linker flags and similar >cleanups. Previously those were applied to ON and then marketing >would tell people Solaris was more secure when it was really only the >20% of Solaris that comes from ON. I made some of the same changes to >X, and got CDE & JDS to do a few as well, but most have not propogated >to all Solaris. (Safe Default Permissions is one of the few that did, >since the W-Team got all the consolidations to do it, and Secure by >Default is doing the same - but most others consider ON to be good >enough, but it's not if you're claiming to improve all of Solaris.)
The save file permissions required coordination between all consolidations because so many directories are shipped in packages from many consolidations. The noexec statck/user did not because it first required the build environment to be a recent Solaris release. But it seems something we should push for now. Casper _______________________________________________ opensolaris-code mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/opensolaris-code
