OpenOffice.org "Badbunny" worm hops across operating systems

Scott (angrykeyboarder) geekboy at angrykeyboarder.com
Thu Jun 21 09:53:04 BST 2007 

David Gerard spake thusly on 06/21/2007 12:45 AM:
> On 20/06/07, Scott (angrykeyboarder) <geekboy at angrykeyboarder.com> wrote:
> 
>> Speaking of poor security. I was beyond shocked when I tried out Solaris
>> (Solaris 10) a few days ago.
>> Not only do you start off with just a root account, you don't even have
>> a root home directory (i.e. "/root").
>> Once your desktop appears, (and you open a terminal) you will find you
>> are at "/". You then have to create the root user directory (e.g.
>> "/root" - which I didn't find out till I'd done all kinds of stuff that
>> I assume created "junk" hidden sub directories under "/". I've not gone
>> back to it as of yet - I installed Solaris in a VM).  It was bad enough
>> that Solaris doesn't make you create a user account at setup, but the
>> fact that the root user account initially begins at "/" with no warning
>> (unless I missed something) is absurd to say the least.
>> Considering how much Sun has bragged about how wonderful Solaris
>> supposedly is, I was quite surprised by this, to say the least...
> 
> 
> To be fair, Solaris isn't really meant for users at all

Considering I don't recall seeing any option for anything but a JDS or
CDE desktop during install (no vanilla console) I find that odd.  I'm
sure there are a number of sites with all workstations running Solaris.

I frankly found it odd that you could so easily set up X from the start.
I would have guessed that you'd wind up with nothing but a console at
the beginning.

> - just try
> doing anything at the command line and you'll see what I mean.

Yup after about 4 entries (at "#" by default, of course...) my 5th entry
was "bash". ;)

I suppose I should learn the Korn shell on general principles, though.
This is why I'm running Solaris, cuz I'm not just a geek, but I figure
knowing at least some of it might come in handy (at a geeky job I might
land in someday...).

After all, Ian Murdock works for Sun now.

> Its audience is sysadmins running servers, and it's a damn fine server OS.

I don't argue that it's a damn fine server OS. But if it's supposedly
intended to be *just* a server OS, why did the default install start up
with (and continue with) X?

I thought Solaris was also popular on "high end" workstations which
would explain X, but in that event, throwing you at a root prompt with
no   "/root" directory by default (initially) seems very insecure. I
don't see any advantage to it from a sysadmin standpoint (but then, I'm
not a sysadmin). I wonder what the logic for not setting up a "/root"
directory (with root-only privileges) by default is?

I've heard Linux people preach that you should *never* run X with root
privileges (even briefly).  What Solaris does contradicts that in a big
way to say the least.  Yes, Solaris isn't Linux, but what difference
does it make in this case?

> So anyone who is installing and setting up a Solaris box will be
> expected to know enough not to shoot their foot off. Solaris is just
> about *never* plonked down in front of a nontechnical owner-user the
> way Windows, Mac OS X and Ubuntu are.

FreeBSD is also thought of as mainly a server OS. But A) unlike Solaris
the install is (not surprisingly) console based (no X to be had) and B)
does the installer not set up a "/root" directory by default for root?

BTW, this is why I finally decided to give Solaris a try. I finally
decided to play with Virtual Machines. So I could likely bork the heck
out of it (I haven't had time to do that yet. ;>) and then just quickly
zap it and start over. :)

Major geeky fun.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
Url : https://lists.ubuntu.com/archives/sounder/attachments/20070621/eca23f5e/attachment.pgp

More information about the sounder mailing list