Mayuresh Nirhali writes: > Does the project integrate any private non-public files into > /etc/default > or /etc/ configuration files? > [X] Yes - ARC review required > [ ] No
I thought all of the project's configuration files were public, not private. I don't see any private files in /etc listed in the interface table. What private bits are shipped via /etc? (Note that "uncommitted" is a public stability level.) > Are there any setuid/setgid privileged binaries in the project? > [X] Yes - ARC review required > [ ] No - continue with next section (section 3.4.3) The previous response said that there weren't any setuid or setgid binaries. I'm confused. If you deliver RBAC bits (such as exec_attr) and/or an SMF manifest, then the binary itself often isn't setuid. > Do the components create audit logs detailing what took place including > what event > took place, who was involved, when the event took place? > [ ] Yes - ARC contract and Audit project team review required > [X] No - ARC review required The audit folks (such as Gary Winiger) should look at this. My guess would be that it's probably ok for this to go without auditing, but that it should have a warning label on it so that those who care about auditing are aware that access actions taken by the daemon aren't logged. > If yes are these passwords entered via the CLI or environment? > [X] Yes - ARC review required > [ ] No > > passwords are entered via CLI. The current policy restricts this. (But, of course, open source projects tend not to listen ... leading to the need for warnings about passwords escaping through 'ps'.) > Are passwords stored within the file system for the component? > [ ] Yes > [X] No - continue to next section (section 3.4.6) I thought it was possible to include user names and passwords in the configuration files, if you configure without PAM. -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
