Solaris 11 is a bit Twilight Zone

["Dave Aitel" <dave.aitel () gmail com>]

So I saw this talk a couple days ago by Glenn Brunette from Sun. There are
some cool things in Solaris 11 (and OpenSolaris). I guess the coolest thing
is how open the whole process is of developing Solaris now. It's almost like
Linux! :>

My favorite things in his talk on Solaris security were the Elf object
signing and the default of not having every port open under the sun.

On the other hand, he also did this nutty demo where he had a:

int main()
{
char stackbuffer[5000];
strcpy(stackbuffer,shellcode);
(void())stackbuffer();
}

And he compiled it once normally and it worked ("Hey, /bin/sh!") and then he
compiled it with --non-exec-stack=True and it failed. "Hey segfault - we
must be secure!"

It was the most 1992AD thing I've seen this year! To top it off, Solaris has
developed the world's most complex security infrastructure the planet has
ever seen - it's slightly more complex than Windows Vista even. Zones,
Roles, Permissions, blah blah. No one in their right mind is going to use
this. The people who I talked to were all looking for a way to move to Linux
but needed realtime kernel support, which is coming soon, I think.

Horizon's paper on how to not be so 1992AD is here:
http://packetstormsecurity.org/9903-exploits/defeat.solaris.nonexec.stack.txt

-dave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave