[tech] SGI Security and r00tability

Paul Marinceu elixxir at ucc.asn.au
Wed Nov 19 18:57:15 WST 2003

So, I was going to do this since before the all-too-well-known event...
Unfortunately, I was busy. Now, I've told some of you about it but here is
what I'm planning:

In order to be _really_ paranoid about ucc's security, we also have to
secure the sgis, seeing that they now make up quite a big slice of the ucc
user machines and Irix in itself is quite powerful when r00ted (although
the only licensed compiler is on Adrian's machine). I think James(?)
remarked the security issue, or lack thereof, as well.

If you look at my machine, you'll see what I mean about
paranoia. All I have is dropbear which I hacked for sgi. It still doesn't
work 100%, but I'll make it fully portable and get Matt to patch his
official version as well. Then I'll install it on all sgis (Adrian's

Unless people want special services enabled, I plan to have all services
disabled and/or firewalled. Most currently running are useless anyway,
except for nfs.

How does the above sound?
Please, no flames people, I know wheel's had a hard time, but try and be

And remember, try to have fun!

 Paul Marinceu

More information about the tech mailing list