Thanks for the explanation. I am not completely familiar with the background but this sheds some light on the issue that I was unaware of before.
Mausul. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of UNIX admin Sent: Friday, June 15, 2007 9:33 AM To: opensolaris-discuss@opensolaris.org Subject: [osol-discuss] Re: RE: Re: recommend the opensourceanti-virus foropensolaris? > Please don't get into the arrogant belief that just > because it is > Solaris or any other UNIX variant that anti-virus is > unnecessary. Virus > writers haven't targeted 'NIX but that doesn't mean > 'NIX is > invulnerable. It would appear that you're unfamiliar with the technical background of what is being written here. 1. SPARC (and nowdays AMD and intel) processors support a so-called "no execution stack" bit, and this bit is set to 1 by default; what that means is, you can't execute any malicious code that you put on the stack, the hardware won't allow it 2. the only vector of attack left is to do a buffer overrun, which, if successful, will give you the parent's shell; this shell used to be root's in the past, but nowdays most services on Solaris run under regular users, i.e. "technical users" that have no special rights; so even if the virus did do a successful buffer overrun and managed to get a parent process's shell, it'd still end up causing no harm because regular user can't touch the system. Finally, I've recently helped troubleshoot an issue where a process running as root as so artificially limited via RBAC, that he couldn't even read someone else's files. So, you can pretty much kiss viruses on UNIX, especially on Solaris, buh-bye. This message posted from opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
