Hi, I support the idea of adding reduced privs to this stack to help customers reduce the security issues that these tools expose by nature. It's these kind of "value adds" that will differentiate our web stack. Another aspect would be management. It would be nice to a tool to manage a data center full of servers running this web stack that could be easily managed.
Octave --- Matt Ingenthron <[EMAIL PROTECTED]> wrote: > Stefan Teleman wrote: > > (snip...) > > > > I believe we should also Purify PHP. The problem is that Purify > > probably won't work on Nevada, but we could build PHP on a release > of > > S10 they support, and it will still catch buffer overflows, > ABR/ABW, > > UMR, stack corruption, double deletion, etc. We could then publish > > the results of the Coverity audit and of the Purify output, and we > > could forward them to php-security.org, along with patches. This > > would give the PHP community an objective base for requesting bug > and > > security fixes. > > > > > > While Nevada may not run Purify, it is possible to get a subset of > this > with umem debugging, which is in nevada and as Open Source has been > ported to Linux by an ISV. This sounds like an excellent thing to > get > going under the new OpenSolaris project! The upstream projects can > take > it into their codebases as well if they'd like to do so. > > Speaking of which, we haven't been set up yet, have we? > > It may also be interesting to see what, if anything, can be done > about > reducing privilege sets for this OpenSolaris Apache/PHP stack to at > least reduce the possibility of nefarious activities if (when?) there > is > a vulnerability. My colleague Alec Muffet may be able to lend some > thoughts there. > > - Matt > > -- > Matt Ingenthron - Web Infrastructure Solutions Architect > Sun Microsystems, Inc. - Client Solutions, Systems Practice > http://blogs.sun.com/mingenthron/ > email: [EMAIL PROTECTED] Phone: 310-242-6439 > > > > _______________________________________________ > opensolaris-discuss mailing list > opensolaris-discuss@opensolaris.org > *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* Octave J. Orgeron Solaris Systems Engineer http://www.opensolaris.org/os/community/sysadmin/ http://unixconsole.blogspot.com [EMAIL PROTECTED] *-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-* ____________________________________________________________________________________ TV dinner still cooling? Check out "Tonight's Picks" on Yahoo! TV. http://tv.yahoo.com/ _______________________________________________ opensolaris-discuss mailing list opensolaris-discuss@opensolaris.org
