An update for people keeping track of my current writing projects: I turned in the final chapter of Solaris for Dummies this morning! A definite weight off my shoulders, and this also means that I’ve written two totally dissimilar books in the same three month period. Ug. Never again!
I have to say that as I dug more into the administrative side of Solaris 9 for the last few chapters, I am aghast at some of the basic mistakes they have made in security and default configurations, not to mention how they’ve written some security utilities…
I think the one that most surprised me [warning, geeky content] was that I can add a line like:
hack::0:0: hacktheplanet :/:
to the /etc/passwd file, and the password file checking utilities don’t see it!. Try it yourself if you have a Solaris box. Add the line, then run pwck which ignores it (properly) and passwd -sa which simply stops scanning the password file when it sees the line that doesn’t match. That’s not just bad coding (c’mon, it should output an error message!) but it’s dangerous because a utility that ostensibly summarizes the conten of the password file doesn’t actually work as expected, allowing sysadmins to blindly leave backdoors in their password files. Not good.
The other thing that bugs me about the default Solaris 9 configuration is that they use inetd and that, by default, just about every service ever written for a Unix box is enabled. That’s completely brain-dead in my opinion. What’s the logic of enabling finger, for example, then in the comments within the config file saying “Finger should be disabled for security reasons.”? Just disable it and comment that “before reenabling finger, realize that it’s a significant security risk.”
In this sense, I think that Apple’s Mac OS X and the Linux community are far ahead of the game here; they disable just about everything by default, and allow the admin to enable specific services they desire for their system and network.
Sun, it’s time to catch up with the rest of the Unix / Linux community. These are rough edges on an operating system (Solaris) that should have long-ago become the showpiece of the entire Unix community. After all, there are more Unix inventors at Sun than any other company I can think of…
This commentary is not to say that the book “Solaris for Dummies” is full of rants and whinging. It’s definitely not. In fact, if I may say so, once I figured out how to work around some of these annoying glitches, I quite enjoyed the Solaris experience and believe that the end-product will be quite readable, informative, and enjoyable too!