Previewing the Next Solaris OS
Eric Boutilier writes "Amy Rich has written an excellent Solaris Express (Solaris 10) how-to and general overview. It covers how the program works, using the community web site, and what's new in Solaris Express." Among many new features, the TCP/IP stack has been redesigned, IPv6 support improved, and both NFSv4 and USB 2.0 support added.
The register has an old story about the new TCP/IP stack in Solaris 10, that is good reading.
A quick summary of the story:
The new stack has:
- Efficient at handling multiple NICs
- Low CPU usage (30% lower than Linux)
- Build for targeting 10/100 Gbps in the future. Has a new construction where it is possible to offload the cpu by routing packet to dedicated packet processing processors.
The last part seems like a preparation for the Sun hardware of tomorrow.
i try with solaris express and I find a cool feature called "ppriv" like this:
/usr/sbin/rpcbind
/etc/shadow /etc/shadow
gta3# ppriv $$
1124: bash
flags = 0x0
E: all
I: basic
P: all
L: all
Ok, so I am root I have all privileges I think
but now look at rpcbind, it is runnign as daemon but has less priviliges even than normal processes
gta3# ppriv 100182
100182:
flags = 0x2
E: net_privaddr,proc_fork,sys_nfs
I: none
P: net_privaddr,proc_fork,sys_nfs
L: all
see, it does not have privilege to do 'exec'... there are 30 or more privileges and it has only 3. So i guess this means some stack attack will not work against it like exec shell
also i can run and see privileges like thids
gta3$ ppriv -D -e cat
cat[100619]: missing privilege "file_dac_read" (euid = 77293, syscall = 225) needed at ufs_iaccess+0xd2
cat: cannot open
not sure what this means?
Anyone needing more than 8 CPU's ? Seriously, go to IBM/HP/Dell and then try to configure a system that has the same capacity as something from Sun. When you reach the same specs, you will most probably have the same price.
The only place where Sun is really threatened is in the real low-end, and for that space they also have now x86 based systems.
Is the Unisys/W2000 a contender with Sun in the 8-32 CPU space ? Not really, because all W2000 processes run in their own small protected space, whereas one application on Sun can take advantage of all CPU's on the system if necessary.
A happy Linux user, which happens to work with Solaris on his job.