Click on our Sponsors to help Support SunWorld
Letters to the Editor

Readers speak out:
March Letters to the Editor

March  1997
[Next story]
[Table of Contents]
Subscribe to SunWorld, it's free!

Mail this
article to
a friend

Readers speak out:
March Letters to the Editor

Object and source code question for encryption

Please tell me the difference between object code and source code and what 40, 56, and 128 bit refers to. Even if you can achieve high quality encryption, what about stray radiation (Tempest Hazard)?

Jerry Hodges

Solaris x86 site

I maintain an FTP site for Solaris x86. It is a very active site, and I thought I would suggest it be added to your page. At last count I had about 250 programs compiled for the x86 archive. The site is updated continually as I add programs for the x86 machines for the computer science department at Duke University. We update packages based on minor revisions, so the latest software is available, gcc- for example. I also keep an HTML file for the packages at the site. The URL is:

The archive is located at:

Joe Shamblin
Systems Administrator
Department of Computer Science
Duke University

Kudos for the Webmaster

For Chuck Musciano:

You have done a great job on SunWorld! I enjoyed every article.

I work in custom Web hosting division of AT&T. I read books whenever I can, but short articles like these are best suited for me.

Sunitha Reddy

Looking for the right tools

For Peter Galvin:

I am a Naval Reservist who is playing catchup/further self-education on Unix (and in particular Sun Solaris) (A)IS Security (the Navy appends an A at the front for "automated" [is there any other kind?]) in part through your column in SunWorld. By and large, I'm pleased with what I've read, and the way you put it: succinct and simple.

My question comes from a particular system that I have been tasked to help with (please forgive the dangling modifier!). Its architects allow local configuration changes (once planned for and tested locally) for security enhancements that are: 1) "non-intrusive;" and 2) "do not significantly affect the performance, function or approved functionalities of the system." My problem is that while the approved functionalities and functions for this system have been defined, the performance parameters and the idea of "significant affectation" of them has not been defined numerically or any other measurable way.

Reasonably, the configuration management approach spelled out for this system includes a paper analysis of the expected affects of changes before proposed changes can be tested. Since this system does not currently have any security auditing/tracking capability (except ASET and the audit command set) I would like to look into and consider other tools (especially network ones like tcp_wrapper, "intrusion detection alerting systems," router packet filtering, etc.). But I am having trouble finding any documentation on how such tools measurably affect/could affect a system they are installed on.

Are there books/manuals that I should be looking at for the various tools that you've mentioned in your articles? I've found out more about tcp_wrapper from InfoSeek searches than I could from the ftp site that I found with this program. Why don't security tools have more documentation on how they could affect performance (whether absolute, ratio measures, or formulae for figuring this out)?

Name and affiliation withheld upon request

Peter Galvin responds:

Most packages don't include analysis because the folks who wrote them were either too busy or don't know how. It's a good point, though. The best book for you is probably Practical Unix & Internet Security from O'Reilly and Associates. Otherwise you'll need to get advice from people who have implemented in terms of how invasive each tool is and how it affects performance. But generally the performance impact is low. Otherwise the tool wouldn't get used.


More on the missing C compiler

The guy who just found out that Solaris doesn't come with a compiler, after being a Sun sysadmin for five years, should have withheld his name by request. I certainly would assume that anyone who hasn't figured this out after both Solaris and reasonably easy-to-install Gnu compilers for Solaris being out for nearly FOUR YEARS is a little clue-impaired.

Stop perpetuating this tired old topic. People who whine about Solaris not having a C compiler are usually just cheapskates; they are likely to complain in the same breath about what a crime it is that support isn't free either. Besides, there are a lot more important things really wrong with Solaris that are more worthy of bitching about.

Wiley Sanders

C you at GCC

In response to the complaint about the "unbundled" C compiler in Solaris, I'd like to point out that GCC, a free C, C++, and Objective-C compiler from GNU, is very popular in the Sun community for precisely this reason.

It is fairly simple to compile GCC yourself, although it is a bit of a chicken and egg situation, since you will need a C compiler (perhaps an older version of GCC, or you can always download a 30-day free trial of Sun's C compiler from their Web site first. ;-)

If you'd like a commercially supported version of GCC, contact Cygnus Solutions at They do support Solaris, although I couldn't find any pricing information on their Web site.

Another option I highly recommend is the Summertime CD available from EIS Computer ( for Solaris/SPARC and Solaris x86. It includes precompiled binaries of hundreds of useful free programs, including GCC, Emacs, Mosaic, pine (an e-mail client), amanda (a tape backup program), etc. Although $69 might seem a bit expensive for what is essentially free software, I'm certain that it will cost at least twice as much to pay your Unix system administrator to sit around and compile even a few of these programs him/herself.

With all of these choices, I hope Mr. Holtz doesn't abandon Sun simply because he didn't know about GCC.

A good place to find precompiled binaries of GCC and other essential GNU software is SunSite -- visit Binaries for SPARC and x86 are in the SPARC and i86PC directories. Information on SunSites throughout the world (and a link to more locations for Solaris/SPARC freeware) is available at the SunSite home page

A 30-day trial copy of Sun's development software is available through the try-and-buy program at:

Jake Hamby

Answers for flow control and C compilers,
plus a question about porting from Unix to the PC

Please tell Ken Sembach that he must set hardware flow control on to the serial device over which the modem runs. I don't know how to set this under the SPARC, however (I primarily use Linux on a PC). If he is getting ~5 BPS over what should be a 38400 BPS, then it is likely that the machine is performing software flow control.

Please tell Kevin Holtz that the wonderful folks at GNU have a wonderful compiler for Solaris, it is free, and it is good. I have used GNU's gcc & g++ for years, and find them superior to most vendors' offerings. Best of all, you can find binaries for Solaris (both x86 & SPARC) at your nearest GNU ftp mirror.

I am looking to do a simple port of my X & Motif application from Unix (AIX, SunOS, Solaris, Linux) to a PC running Windows. Are there any decent Motif distributions for Windows (95, NT, and/or 3.1)? I currently compile my application using gcc; it is my best bet under the PC to use DJGCC (a limited port of gcc to DOS), or can/should I be looking at something like Visual C++?

Dan Kirkpatrick

Thanks, Dan, for your responses to Kevin and Ken and participating in this dialogue. Maybe one of our other readers can help you as well.
--The Editors

Tracking article dates

It would be very helpful for Web surfers if online articles contained references to their date and where (and when) they were published in paper.

Given the rapid changes in technology, it's easy to get mislead by old articles. If the date is given, one can judge better which parts of the article are likely to still be valid.

Peter Roosen-Runge


You are correct about the dates; we are currently working on that very issue. We have a "Last Updated" date at the bottom of each article and all news stories carry a dateline with the date. However, we are discussing the possibility of adding a "First Published" date as well, so stories that build over time will be able to provide a start date, as well as a current date, for changes. As for the "where" in your question, we do that already. Above the navigation bar to the right of the headline, we identify stories as news, features, or columns.

Do you, or any of our other readers, have any other suggestions on how we might handle dates? You are correct that the fluidity of the 'Net makes dating stories important, but even more important is finding the most efficient and effective way so that there is no confusion while we continue to provide useful information.
--The Editors

Using setuid

For Peter Galvin:

I am working in Sun Solaris 2.3 Version and doing system administration and security maintenance. I have a shell script to add/modify/delete/view Sun Unix user information. Now I am executing this script from root login. I want to give a access to one or more users to execute this script.

Please give me your suggestions to change the permissions (owner/group) of this shell script to make it executable by other users (Restricted).

Sprint Healthcare Inc.

Peter Galvin responds Ramesh:

The most simple way is to make the script owned by root and owner set-uid. The program will then run as root. Unfortunately, there are serious security holes in setuid-root shell scripts. If security is at all a concern, don't make a setuid shell script. Instead, write the equivalent in Perl and use the Perl tools to compile the program and make is secure.


Unix tips and tricks

Just wanted to say that I don't often read SunWorld...but I just read your Unix 101 - Beginning vi article and it was great! I'm a (relatively) novice Unix sysadmin desperately trying to control 100 machines on my, I'm grateful for the refresher stuff. Thanks.

Name and affiliation withheld on request

Answer on XDM


Last month, Syed A Ali asked a question about XDM. Here is John Batzel's response.

For Syed A Ali:

You might want to check out the man pages for xinit, and the other X startup-related man pages.

One thing we do here to get the proper environment variables for the .xinitrc/.xsession scripts is to make sure they begin by specifying which interpreter they want to use. For instance, my .xinitrc begins with `#! /usr/bin/ksh', and following that declares the environment variables I need.

The man page for xinit includes the following block of text:

 Sites that want to create a common startup environment could
     simply create a default .xinitrc that references a site-wide
     startup file:

             . /usr/local/lib/site.xinitrc

Which is what Syed A Ali asked about in the February issue of SunWorld.

John Batzel

Looking for a hardware benchmark

For Rick Cook:

I'm looking for benchmark information that can help me make a sound decision on a hardware platform. Please let me know if you know where I can find it.

Paul Hayes

Rick Cook responds:


This is a tough question, tougher than you might imagine. The benchmark data itself is hard to come by. I'd suggest trying Sun's Web site or some of the Solaris Web sites mentioned in the resource list of the story, "Sun injects Solaris X86 with new life as it makes its way to 64 bits" (

However the real kicker is trying to convert that benchmark data into something that is meaningful in your situation. Benchmarking is, to put it kindly, an imprecise business and meaningful benchmarking is more art than science.

I can suggest a couple of things to you, however. First, Solaris x86 is going to outperform NT on any platform. That's partially because Solaris is more developed than NT and partially because of the fundamental differences between Unix and NT.

Second, a benchmark difference of as much as 20 percent isn't worth worrying about. Both of these statements need a lot of qualification to be exactly true, of course. For example, while Solaris x86 may be faster than NT, applications may show the opposite effect, especially desktop type applications that use a lot of graphics. Similarly, if the benchmark in question happens to exactly reflect what you're going to be doing with the computer, then a benchmark difference of even five percent might be significant.

The ideal, if you can do it, is to narrow your choice to two or three systems and then try them with your applications and your data to see what happens. But that's not always practical.

There is one other factor I would suggest that deserves more weight than a 20 percent difference on benchmarks. That is the level of support you can expect from the vendor and manufacturer. That is worth a lot in the real world, and it's a factor that is almost never realistically accounted for in reviews and such.

Good luck in your search.

Rick Cook



If you have technical problems with this magazine, contact

Last modified:

Click on our Sponsors to help Support SunWorld

What did you think of this article?
-Very worth reading
-Worth reading
-Not worth reading
-Too long
-Just right
-Too short
-Too technical
-Just right
-Not technical enough

[Table of Contents]
Subscribe to SunWorld, it's free!
[Next story]
Sun's Site

[(c) Copyright  Web Publishing Inc., and IDG Communication company]

If you have technical problems with this magazine, contact

Last modified: