Re: Tough question for oracle DBAs/Solaris Admins. Log shipping.

jKILLSPAM.schipper_at_math.uu.nl writes:

>OpenBSD does not allow loading of kernel modules once the securelevel
>has been raised above 0; this typically happens as part of the boot
>procedure. This aspect of securelevels is actually quite useful.

It is somewhat problematic for a kernel as Solaris where everything is rather dynamic; not being able to load the device driver for the PCI device you've just hotplugged is a bit awkward.

Having the user immutability (which you can switch off) is useful in itself because it prevents accidental deletion and modification.

In order to support hard immutability you can think of mechanisms like file signatures; as long as you load only pre-configured trusted modules, that is fine.

>This design actually makes a lot of sense; surely, modules can save a
>small amount of memory, but it is usually not very significant. And it's
>a rare occurence that even a Linux system loads a module once the system
>is 'really up'.

Not so on Solaris.

>Finally, note the aforementioned problem with immutable files - you can
>always mount another file system over the parent directory (in OpenBSD,
>obviously).

Sounds like a bug.

>This is not to say that root can't do truly nasty stuff; trojaning all
>binaries and rm'ing the rest is pretty bad, for instance, and messing
>with the bootloader is always good fun... (although securelevel 2 would
>prevent that, but very few systems run at securelevel 2, as quite a few
>things - notably, parts of the firewall subsystem like ftp-proxy - have
>difficulty working. Plus, it isn't the default.)

A lot of stuff becomes a lot harder when you can't change anything; for one, administration without endangering uptime.

Casper

-- 
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.