Thoughts on Systems

Emil Sit

Oct 24, 2006 - 2 minute read - Rants security

Nexenta insecure by default

The concept of providing operating systems that are secure by default should be second nature to OS vendors. All major operating systems vendors have been affected by exploits that allow remote attackers to take over the computer and have realized that it is a bad thing: much better to reduce the possible avenues of attack as much as possible without relying on the user to do the right thing. This practice has been adopted by vendors of operating systems from Apple to Debian. Even Microsoft has a secure by default story called SD3+C. Unfortunately, the Nexenta GNU Solaris developers don’t pay as much attention to security.

In May, I submitted a high priority ticket indicating that it is possible to remotely log in to the Nexenta VMWare image without a password, using ssh or telnet. This seemed especially risky to me given the prevalence of attacks aimed at ssh. Ignored for five months, it was recently closed and marked as “wontfix”.

This reflects poorly on Nexenta. Though I’m excited about the possibility of a DTrace-enabled system with Debian-style package maintenance, I am skeptical of development team that lets a a security bug submitted as high priority sit for 5 months and then summarily dismisses it.

A simple solution would be to simply disable SSH and telnet by default in all installs of Nexenta. Further, ssh could be configured to disallow root logins and passwordless logins. Now, if only I could figure out how to append a comment to my ticket…