[geeks] Compuholics anonymous

Chris Byrne chris at chrisbyrne.com
Tue Apr 30 09:42:23 CDT 2002


As a security architect I can say quite firmly that SGI's have never, and
will never had any meaningful security. SGI as a company couldn't care less
about security. They tried to hire me a couple of years ago to write glowing
reports about the security of their products. I asked if they had changed
anything. They said no. I said no.

There are two types of boxes I will not allow a customer of mine to put our
on the interenet without a firewall in front of them for any purpose
whatsoever unless they WANT the machine to be compromised (or couldnt care
less) and those are any machine running any version of windows, and any
machine running any version of IRIX.

Sure you CAN secure IRIX. It's a UNIX just like any other and it can be
secured just like any other UNIX, but what's the point. In order to secure
IRIX you have to remove any of the applications and services that make it
useful as more than just a generic UNIX box. At that point you might as well
be running something that's easy to secure like a BSD.

Same thing goes for windows. Sure you can secure it, if you make it
completely inaccessible to anyone over the network. What's the point.

Chris Byrne



> -----Original Message-----
> From: geeks-admin at sunhelp.org [mailto:geeks-admin at sunhelp.org]On Behalf
> Of Kurt Mosiejczuk
> Sent: 30 April 2002 15:19
> To: geeks at sunhelp.org
> Subject: Re: [geeks] Compuholics anonymous
>
>
> On Mon, 29 Apr 2002, Bill Bradford wrote:
>
> > He hated SGIs *before* he worked there..
>
> I actually had a chat with my buddy who hates SGI.  It turns out that is
> the main difference, he hates SGI.  He thought the hardware was fairly
> sweet, but the people at SGI sucked.
>
> The setup there is pretty much the WORST for SGI machines.  All machines
> are directly on the net.  As in the internet.  No firewalls, nothing.
> That's the way they work.  Bad juju for IRIX.
>
> His favorite bug was the one where ANY user could remap your keymaps under
> X.  So, a user could remap, say 'M', to '\ncd\nrm -rf *\n'.  So the next
> time you hit M, your home directory disappears.  Hope you weren't root.
>
> And the SGI people wouldn't admit it was a bug.  And the salesdroid went
> so far as to insinuate that my friend didn't have any clue about adminning
> ANY kind of UNIX box.
>
> He also ran into the fun of finding security holes, reporting
> them and being
> told "Oh, that's fixed in 6.x" where x in this case was a release that
> didn't run on the Indys he had.  No consolidation relase yet.  So, it was
> "already fixed" so they wouldn't talk to him, but he couldn't USE the fix.
>
> And then there was the salesdroid who used SPEC results from a DIFFERENT
> MACHINE to try and get my buddy to buy Octanes instead of Ultra 10s.  The
> SPEC results were for a decked out Octane and they were trying to sell him
> a low end Octane.
>
> Then he told me they tried to sell him one of the big machines
> they trucked
> around the country (remember the SGI tractor trailers?) for a
> "small discount".
> Ugh.
>
> So, I feel at peace using SGI machines for my personal use, but I
> don't know
> that I'd ever want to be responsible for adminning a large number of them.
> Particularly where the user base needs to be considered hostile, like at a
> university.
>
> --Kurt
> _______________________________________________
> GEEKS:  http://www.sunhelp.org/mailman/listinfo/geeks



More information about the geeks mailing list