January 13, 2001
Solaris is an extremely feature rich, robust and thoroughly modern OS. These features in some ways come at a cost; sometimes it is necessary to trade security for features. While in some circles this is certainly acceptable, any user desiring to install a Solaris machine in a networked environment, or on the Internet, needs to take action to remedy these problems. With over 500 packages, and well in excess of 100 setuid programs, Solaris isn't exactly as tight as a drum. One approach would be to install the system, and then go through and decide just what setuid programs belong, and which don't. Sound painful? Not only is it time consuming, but binaries which might seem harmless are installed which could later lead to security problems.. Only by starting with the smallest install footprint is it effective to spend time locking down a machine.