[rescue] New acquisition... (AIX)
mike at blackhairy.demon.co.uk
Fri Apr 2 13:55:02 CST 2004
On Fri, 2 Apr 2004 12:01:20 -0600, Jonathan C. Patschke wrote:
> Let me put it this way: I've never had that much trouble with Windows
Ah! You're secret's out ... you're really a Microsofty aren't you ? :)
> And that's the same argument I use against Linux.
Linux security? Just the same as Solaris/IRIX/FreeBSD/AIX/HP-UX ... turn
off everything you don't need, remove everything you don't need and keep
the remainder patched.
> OpenBSD? Largely secure by default. Consider turning off SSH access
That's definitely a feature.
> (optionally) in the kernel. You really have to stay abreast of what
> shiny new toy the developers tossed in there and make sure you don't
> accidentally turn it on.
If you have that much finger trouble, you can always go through the
kernel config twice. Things (in my experience) don't just turn
> Oh, and hope they don't change the firewall
> paradigm AGAIN, if you need to filter packets.
If I wanted to, I believe I could still use ipfwadm scripts to control a
netfilter packet filter. Yes it sucks that it changes so much, but at
least there are compatibility modules.
> > 50 MBytes? Are you looking at 2.7.56 or something ? 2.6.4 is around
> Okay, so I was roughly 20% off. 40MB is still pornographically huge
> for a compressed kernel distribution, whether I'm going to use that
> code or not. That's an AWFULLY large amount of code for people to
Well I certainly wouldn't want the job of maintaining it!
But if it ain't running, you can't exploit it, lets have a look at
leprosy# uname -a
Linux leprosy 2.4.25 #1 SMP Fri Mar 5 23:45:57 GMT 2004 i686 Pentium III
(Coppermine) GenuineIntel GNU/Linux
leprosy# ls -hl /boot/bzImage-2.4.25-smp
-rw-r--r-- 1 root root 1.3M Mar 6 09:06 /boot/bzImage-2.4.25-smp
That's a compressed kernel, so if I inflate that by 30% I'll get
influenza# ls -hl /kernel
-r-xr-xr-x 1 root wheel 4M Oct 27 17:51 /kernel
I've been a little unfair in that I haven't listed the size of the Linux
modules that are loaded (but they don't add up to that much), and I
haven't rebuilt the FreeBSD kernel.
> > Actually they only half do it (which is probably good enough). If
> > you have two hme's in a Sun box, they're 'hme0' and 'hme1'.
> But you'll never have them switch places on you because that
"which is probably enough". Ok that's now "which is enough".
More information about the rescue