Home > Solaris > Sun Secures Solaris with Kernel Rewrite, VeriSign Partnership Sun Secures Solaris with Kernel Rewrite, VeriSign Partnership Eugenia Loli 2004-02-10 Solaris 17 Comments Sun is rolling out a sweeping set of security enhancements to Solaris, punctuated by a kernel rewrite and a partnership with VeriSign. InfoWorld has an article too. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 17 Comments 2004-02-10 8:26 pm I wished that Sun would come up with a naming strategy and stay with it! First its Solaris Zones, then Containers, now N1 Grid Containers. Hopefully it will be in the February 2004 Solaris Express release, and it will be nice if you can configure it without using the Solaris Management Console. 2004-02-10 11:21 pm Can SCO say they own this? SCO can say and sue whoever they want. However, both Sun and IBM have non-revokable, perpetual Unix licenses (although SCO claims to have “revoked” IBM’s). 2004-02-10 11:23 pm “Comment is currently pending review” I was not trying to be abusive?! I wanted a simple answer. 2004-02-11 1:29 am Sun bought a license from Novell when they were selling the rights. THey made very clear that they wouldn’t be put in this position. They put a lot of cash down for it. They can’t release the System 5 code but they can do a lot more than usual. I remember reading an EWeek interview with one of the top Sun guys. 2004-02-11 1:56 am That is the kind of detail I am after, I just can’t remember what SUN said and what freedom they have. Also I seriously don’t understand why IBM, the powerhouse that it is didn’t purchase similar license as SUN, and HP (I think). 2004-02-11 1:59 am Sun acquires Kealia, Inc. http://www.eweek.com/article2/0,4149,1523839,00.asp I saw it on the breaking news section to the right, on that eweek link. I guess that is an important move for SUN and one that is trying to create a credibility in the market for using Opterons. 2004-02-11 3:03 am A secure Solaris only matters if for some reason Linux security turns out to be as bad as Windows. That does not seem to be the case. 2004-02-11 4:08 am “A secure Solaris only matters if for some reason Linux security turns out to be as bad as Windows. That does not seem to be the case.” No, then we use OpenBSD. Or if performance matters more than security, FreeBSD. 2004-02-11 4:15 am > No, then we use OpenBSD. Or if performance matters more than security, FreeBSD. May be, but only if you’re running a beaten up single processor machine. 2004-02-11 4:20 am “May be, but only if you’re running a beaten up single processor machine.” That’s where the “Or if performance matters more than security, FreeBSD” part comes in. 2004-02-11 7:04 am Most “Linux” security problems are not Linux specific but rather popular apps that are often run on Linux (like Apache, BIND, sendmail, openssl, etc) but also run on *BSD – would an exploit in Apache, which FreeBSD can run, constitute a FreeBSD security hole? No. Unfortunately, there had been some recent kernel exploits – but to say that the one or two (I don’t keep count) recent Linux kernel exploits is comparable to the dozens from Windows is silly; Most advertised Windows exploits are for the O.S. itself, not some app running on it as is often the case in a “Linux” exploit. OpenBSD recently had an issue that was announced, not exploitable, but nothing is perfect. Recent issues or not, I’d still much rather use Linux well before Windows. 2004-02-11 9:08 am this prooves that although sun will embrace other OS’s they are commited to their customer base oppose to HP who upgrades tru64 UNIX and openvms for pa-risc (not openvms for IA-64 now) just because they “have to” but they “dont want to” just to keep customers somewhat happy. I think the worst thing that HP did was kill the alpha. 2004-02-11 12:27 pm In the article: “”Among the biggest improvements is the addition of Solaris N1 Grid Containers, a technology that lets administrators create virtual instances of Solaris within running versions of the operating system.”” I am no expert so my knowledge with this is purely from reading. But this sounds like FreeBSD Jails? from here: http://www.onlamp.com/pub/a/bsd/2003/09/04/jails.html 2004-02-11 12:29 pm Yes, it is basically BSD jails – Sun admits as much. 🙂 2004-02-11 8:52 pm Anonymous writes A secure Solaris only matters if for some reason Linux security turns out to be as bad as Windows. That does not seem to be the case. <P>It’s code from Trusted Solaris, the military-security version of the OS. Similar to the NSA’s Security-Enhanced Linux, http://www.nsa.gov/selinux/ or Trusted BSD, http://www.trustedbsd.org/ <P>LeifD asked But this sounds like FreeBSD Jails? <P>Different from jails, although the descriptions sound rather similar. <P> VERY different from MS’s projects with “trusted” iin the title. Close to the diametrical opposite, in fact. 2004-02-11 9:01 pm Solaris Containers are considerably different from FreeBSD jails. Jails exist within a single kernel instance and have a number of limitations (i.e. only one IP address per jail, can’t run servers on the loopback interface, etc) Solaris Containers each contain a separate instance of the Solaris kernel and are thus not bound by such limitations. Also the management tools for Solaris Containers are significantly better. You can explicitly kill a Solaris Container, whereas if you have a FreeBSD system with stale JIDs there’s really nothing you can do. 2004-02-11 11:26 pm > But this sounds like FreeBSD Jails? Conceptually Solaris Zones are sort of like BSD jails, but only expanded to much higher degree with a whole resource and configuration management infrastructure around them making it easy and transparent to manage. Solaris 10 will be a VERY nice OS indeed, I don’t think any other OS out there will be able to at least match the new features in Solaris for some time.