The concept of providing operating systems that are secure by default should be second nature to OS vendors. All major operating systems vendors have been affected by exploits that allow remote attackers to take over the computer and have realized that it is a bad thing: much better to reduce the possible avenues of attack as much as possible without relying on the user to do the right thing. This practice has been adopted by vendors of operating systems from Apple to Debian. Even Microsoft has a secure by default story called SD3+C. Unfortunately, the Nexenta GNU Solaris developers don’t pay as much attention to security.
In May, I submitted a high priority ticket indicating that it is possible to remotely log in to the Nexenta VMWare image without a password, using ssh or telnet. This seemed especially risky to me given the prevalence of attacks aimed at ssh. Ignored for five months, it was recently closed and marked as “wontfix”.
This reflects poorly on Nexenta. Though I’m excited about the possibility of a DTrace-enabled system with Debian-style package maintenance, I am skeptical of development team that lets a a security bug submitted as high priority sit for 5 months and then summarily dismisses it.
A simple solution would be to simply disable SSH and telnet by default in all installs of Nexenta. Further, ssh could be configured to disallow root logins and passwordless logins. Now, if only I could figure out how to append a comment to my ticket…
.
2 Comments
Let me comment on why I closed the bug. Reasons: a) VMWware image is not InstallCD and more like LiveCD exists only for learning purposes; b) telnet service has been disabled in Alpha6; c) Solaris 10 also enables SSH by default.
Thanks for commenting: I think it is a concern for VMWare images especially. Not having a lot of hardware at my disposal, if I wanted to deploy any new OS today to play with (or use), I would by extremely inclined to use a pre-installed VMWare image (”appliance”) and leave it running on the network. While I personally would set a root password and configure ssh almost immediately, I think it is unwise to leave it open in general. A LiveCD I would have to reboot my machine and hence would be less likely to leave online for any long periods.
My recollection is that the LiveCD does come with a password set for root and guest. Couldn’t the VMWare image as well? And configuring sshd by default to “PermitEmptyPasswords no” should be easy (which I don’t believe the VMWare image had set, though I don’t have it available to check at the moment).