>Finally, I am not beefing about SSH or other tech implementation.
>Ya'll do whatever you like. I am, however, concerned about the "We
>work at Sun and we know what's best" attitude. Solaris 10 _may_ be
>the best operating system in the world, but if people don't use it
>(for whatever reason, however misguided), then it will be just a
>footnote in the History of Computing.
I don't think it's fair to accuse either me or Darren of a "we work at
Sun and we know what's best" attitude.
If our attempts to share our experience in developing Solaris come
across in that manner, then rest assured that was purely unintentional.
We do try to explain what the bigger picture looks like from where we
are sitting.
To cite one of many examples: there are those who feel that whenever a
remotely exploitable security vulnerability is fixed, that you should
make the code syslog() a message if an attempt to do so is ever detected.
syslog("Barbarians Thwarted at the Moat").
I was once in that camp but I now firmly believe it is a *very*, *very*
wrong thing to do. The reason for my change of position is fairly simple:
- whatever the turn of phrase used, some customers will always
think they've been hacked
- most systems will see this message at one point or other anyway
- the message is alarming and unhelpful
- the message can be triggered when nothing is wrong
- you can't track down the culprit anyway
(That for Sun this also translates into service calls is another matter)
Adding the message turns out to have no benefit at all and at a
considerable cost. (Not to Sun in particular, but to the users)
And this is not about "blissful ignorance"; the system wasn't broken into,
period. And we all know that people or systems will continuously try to do so,
and setting of the alarm is inappropriate.
Similarly, we get reports from "vulnerability scanners" about software
solely because we fix bugs differently in certain cases (or because they
don't bother to weed out false positives)
The computer security profession is the realm of con-artists and snake-oil
salesmen. And much of the rest is not science, but the practice of
religious rituals of some cult. Except that it's not "honor the sabbat"
but rather "do not reveal thy OS version".
What's worse, accounting firms, who we all know are not even up to doing
their proper jobs, are really awful at security auditing; generally they
come with pre-cooked checklists which we all known contains bullets that
are provably *wrong*. (There was never a "sys:coredumpsize" variable in
Solaris, ever)
So for some it may seem perfectly reasonable to change the SSH banner
string in Solaris, but from our perspective it's "no gain, considerable
pain".
Knobs that essentially have two settings "systems works", "systems works
some of the time" are just wrong, especially considering staff turnover,
remote vs. local behaviour, unpredictability, (it works just fine on this
Solaris box, but not on that one)
And think of it this way:
- if they know the exact version of your OS, they use only the
exploits for that single OS
- if they don't, they use all exploits they have
Do you rather have 10 or 1000s of exploits coming your way?
Casper
_______________________________________________
opensolaris-discuss mailing list
opensolaris-discuss@opensolaris.org
