Re: Sun M-class hardware denial of service

Not really - what I am not doing is trying to beat up a firmware
problem that whilst being quite bad can be mitigated by using native
features of Solaris. Too bad if OpenBSD cannot do the same - I am not
really sure about the benefits of OpenBSD on that scale of hardware
anyway considering the lack of kernel threading and the parlous state
of userland threading.

I don't think you get it. OpenBSD doesn't care a whit about
this. They stumbled upon it as the result of bringing up OpenBSD on
such a machine. No - currently I wouldn't run OpenBSD on an M-class
box either, other than for development purposes. but that's not really
the point is it. Nobody except you is saying this problem has anything
to do with running OpenBSD on a machine.

The point is anyone with a black hat with sufficient clue enough to
ignore this sort of ass-covering nonsense and write a kernel module,
and go look at what the OpenBSD kernel *does* to wedge the zone, and
make a solaris kernel module that does the same. At which point, at a
minimum, the same wedging becomes possible from solaris, so yes, this
is breaking separation.

You're saying "well golly gee, but it's still separation if you don't
let the attacker load kernel modules." good on you. have fun with your
attacker, may you meet one of competence level greater than a script
kiddie someday. I have, they're nice guys. and smart. smarter than me
in a lot of things :) Personally if I'm buying gear to drink the whole
virtualization kool-aid - the kool-aid has to work - meaning stuff done
in the guest OS should never be able to do stuff like this.

-Bob










Relevant Pages

  • Re: [a little advocacy] Selling point of SPARC vs. Intel or AMD
    ... If so, then aside from the older Solaris versions, you can also ... Except that the ISO of OpenBSD is not downloadable -- only the ... can build a very nice firewall with some old Sun box, ... resolution) and put it on a VGA switchbox to select which system sees ...
    (comp.sys.sun.hardware)
  • Re: Rant, please ignore
    ... Non-passing software ... Unix (NetBSD, OpenBSD, FreeBSD, Linux, Solaris, ...
    (comp.os.linux.misc)
  • Re: Free Solaris[sm]: Solaris9 only?
    ... Dave Uhring wrote: ... Especially interesting the part about NFS which runs faster on Solaris (well you ... Now about that OpenBSD story, can you tell me more about it? ... We are using OpenBSD 3.3 with it's Packet Filter and are quite ...
    (comp.unix.solaris)
  • Re: Most Secure Operating System
    ... > Of all the operating systems available, OpenBSD and Solaris 10 seem to be ... > the most secure, but which is more secure out of the two? ... > OpenBSD has a better past record of security than Solaris due to it's ...
    (alt.computer.security)
  • Re: "Best" BSD for Linux users?
    ... openbsd and netbsd had poor/crappy tools for basic system setup ... Solaris isn't high on my list of things to worry about. ... I'm sure the OpenBSD fans will appreciate that comment. ...
    (comp.unix.bsd.misc)
Quantcast