Solaris

Tim Foster had sent an email to IOSUG mailing list yesterday, that tomorrow, at 7pm, Roch Bourbonnais will present a tech talk on ZFS Performance.

Here's the announcement:

So, amazingly short notice here, but we're going to hold a talk on ZFS Performance this Wednesday.

Roch Bourbonnais, an expert on kernel performance is visiting Dublin on Wednesday and we thought we'd take the opportunity to hear more about ZFS internals & performance from him.

Roch has been examining ZFS in great detail during it's development with a view to it's characteristics on real-world workloads. If you're interested in ZFS, or have heard about it but want to know more, you really should come along on Wednesday.

More information on Roch's background and experiences with ZFS so far at http://blogs.sun.com/roch/

Again, our apologies for the short notice.

All the details are on the official IOSUG8 invitation page.

Yesterday I received an email from Tim Foster, announcing the upcoming IOSUG #7 meeting:

Topic An Introduction to OpenSolaris
Date Tuesday 27th Mar 2007
Time 6:30pm onwards
Location Swift Theatre, Arts Block – TCD, courtesy of Netsoc
http://www.tcd.ie/Maps/tcd_west.html

A linkable version of this announcement:
http://www.opensolaris.org/os/community/os_user_groups/ie-osug/iosug-7/

This month, we're going to hold a presentation on a topic that's
probably a bit overdue for us, but better late than never:

An Introduction to OpenSolaris.

Tim's going to present:

- Why OpenSolaris was started
- How the project is organised
- A short history of the project to date

Fintan Ryan will be presenting:

- Building & installing your own OpenSolaris bits
- How you can start contributing

So, if you're interested in learning more about OpenSolaris, as well as
how to get started hacking on the code, you should definitely come
along.

We also have a have a slot for our monthly run-down of OpenSolaris
highlights since our last meeting in February, however, we don't yet
have someone to present this.

It doesn't take long to put together these highlights, and it should
only take about 5 minutes to present to the group – if you're interested
in doing this, please let us know, volunteers are always welcome!

Feel free to forward this announcement. As always, if you've ideas for
future talks, or feel like presenting something yourself, we're open to
all suggestions, just send us email.

At last, I see some real progress with available translations of excellent Solaris docs!

For instance, ZFS administration guide in Russian was posted on the OpenSolaris/G11 (Globalization) Consolidation page just a few days ago.

It really is great to see great translations like this completed. Well done, guys!

Last Tuesday, the 6th meeting of Irish Open Solaris User Group was held, and it's a real shame I couldn't come. Obviously, I don't regret this just because of the free beers and pizza (but this was a GREAT idea, Tim!), it's just that I always like the great presentations you get to see at such meetings.

So far, there are only slides with OpenSolaris news for February'07, made by Tim Foster himself. Tim has done it again: he improved his presentations! Now every piece of news has a link for you to follow and read more on the subject. Thanks a lot, Tim!

John Rice presented a talk on Java-GNOME bindings, but there are no slides for this yet. As soon as they are ready - wait for a message on Tim's blog or on the official IOSUG page.

Last weekend, a telnet vulnerability in Solaris 10 was found. Within hours, the fix was integrated into OpenSolaris, and on Monday we saw the first patches available and a Sun document on how to fix it.

Attention: this vulnerability is indeed very serious. It allows remote systems gain root access to Solaris 10 box under certain circumstances.

The keywords in this sentence are "vulnerability - very serious" and "under certain circumstances". While I've seen many posts and articles focusing readers' attention on the seriousness of this vulnerability, I would like to draw your attention to few facts describing the "under certain circumstances" bit of this warning:

1) This vulnerability affects certain releases of Solaris 10 (s10u1 and s10u2) and OpenSolaris/Nevada only. Solaris 9 and older Solaris releases are not affected. Solaris 10 Update 3 is not affected (it has only SSH enabled by default, so telnet service is disabled in default installation)
2) This vulnerability will not allow remote root logins using telnet in your typical out-of-box Solaris installation. What I'm saying is that this exploit will not help hackers gain root access to your system, even if you have telnet enabled on your Solaris 10 box, unless you have implicitly commented out the
line in your /etc/default/login file.
UPDATE: unfortunately, this does not mean hackers can't use other accounts to access your system without password. Using this vulnerability, the will be able to successfully log into your system as bin, adm, sys or lp. Surely, they're not as dangerous as remote root logins, but still harmful enough.

Possible ways for you to fix this problem:
1. Disable telnet to root for non CONSOLE logins (if that was for some reason enabled by commenting the line out)
2. Disable telnet service

3. Apply relevant patch:
T-Patch (ISR) is found here: http://sunsolve.sun.com/tpatches
alternatively, just patch the in.telnetd:
Patch for SPARC: 120068-02.
Patch for x86: 120069-02.


Interesting info on how this vulnerability was fixed by Sun:

Alan Hargreaves gives a full history of events in his the in.telnetd vulnerability exploit post.

Dan McDonald explains how he had learned about the vulnerability and how the fix was written and put back into the OpenSolaris source tree: How OpenSolaris Did Its Job