Solaris is an extremely feature rich, robust and thoroughly modern OS. These
features in some ways come at a cost; sometimes it is necessary to trade security for
features. While in some circles this is certainly acceptable, any user desiring to install
a Solaris machine in a networked environment, or on the Internet, needs to take
action to remedy these problems. With over 500 packages, and well in excess of
100 setuid programs, Solaris isn’t exactly as tight as a drum. One approach would
be to install the system, and then go through and decide just what setuid programs
belong, and which don’t. Sound painful? Not only is it time consuming, but binaries
which might seem harmless are installed which could later lead to security problems..
Only by starting with the smallest install footprint is it effective to spend time
locking down a machine.
Solaris is an extremely feature rich, robust and thoroughly modern OS. These
features in some ways come at a cost; sometimes it is necessary to trade security for
features. While in some circles this is certainly acceptable, any user desiring to install
a Solaris machine in a networked environment, or on the Internet, needs to take
action to remedy these problems. With over 500 packages, and well in excess of
100 setuid programs, Solaris isn’t exactly as tight as a drum. One approach would
be to install the system, and then go through and decide just what setuid programs
belong, and which don’t. Sound painful? Not only is it time consuming, but binaries
which might seem har