[tech] SGI Security and r00tability

Paul Marinceu elixxir at ucc.asn.au
Wed Nov 19 18:57:15 WST 2003


So, I was going to do this since before the all-too-well-known event...
Unfortunately, I was busy. Now, I've told some of you about it but here is
what I'm planning:

In order to be _really_ paranoid about ucc's security, we also have to
secure the sgis, seeing that they now make up quite a big slice of the ucc
user machines and Irix in itself is quite powerful when r00ted (although
the only licensed compiler is on Adrian's machine). I think James(?)
remarked the security issue, or lack thereof, as well.

If you look at my machine, you'll see what I mean about
paranoia. All I have is dropbear which I hacked for sgi. It still doesn't
work 100%, but I'll make it fully portable and get Matt to patch his
official version as well. Then I'll install it on all sgis (Adrian's
excepted).

Unless people want special services enabled, I plan to have all services
disabled and/or firewalled. Most currently running are useless anyway,
except for nfs.

How does the above sound?
Please, no flames people, I know wheel's had a hard time, but try and be
constructive.

And remember, try to have fun!

-- 
 Paul Marinceu
 http://elixxir.ucc.asn.au


More information about the tech mailing list