The Sun Microsystems Security Strategic Working Group (SWG) has developed a set of security questions for products that are to run on Solaris (attached). These address how a product will use the core security capabilities found in Solaris. These questions are intended to be used in the ARC review process as a supplement to the "20 Questions."
Please review and provide any comments that you may have to the discussion lists to which this email is addressed by COB Friday, 30-Mar-2007. Thank you. Tom Tahan Chair, Sun Microsystems, Inc. Security SWG This message posted from opensolaris.org -------------- next part -------------- Security SWG - Solaris Security Questions The following questions have been developed to better understand how a product intends to leverage the core security capabilities found in the Solaris Operating System. It is intended that architectural review committees discuss the replies with each project team in order to ensure that each project is adequately using the security features and capabilities at their disposal. In this way, projects can more completely and consistently implement security recommended practices improving the overall quality of Sun products delivered on the Solaris OS. Questions: 1. Is this project compliant with the SAC Secure by Default policy? http://www.opensolaris.org/os/community/arc/policies/secure-by-default/ 2. Has all of the C source code delivered by the project been verified to be lint clean using the -errsecurity=core (default) setting? For additional information, see: Sun Studio 9 New Features and Enhancements: Lint Security Checks http://docs.sun.com/source/819-0488/2.html#81723 Sun Secure Programming: Lint Security Checking http://secprog.sfbay/lint/ 3. Have all of the binary programs delivered by the project been compiled to have a non-executable stack? For additional information, see contents of: /usr/lib/ld/map.noexstk 4. Have all of the software package dependencies been properly documented for customers wishing to deploy reduced or minimal operating system images? For additional information, see: Support for Minimized Systems (INFODOC #86177) http://sunsolve.central/search/document.do?assetkey=1-9-86177-1 Solaris Minimization Support Policy https://iccreate.central/portal.cfm?page=info/viewInfo&id=271664 5. Have all services delivered by this project been integrated with the Service Management Facility (SMF)? If so, is this project compliant with the SAC SMF Usage Policy: http://www.opensolaris.org/os/community/arc/policies/SMF-policy/ For additional information, see: Restricting Service Administration in the Solaris 10 OS http://www.sun.com/blueprints/0605/819-2887.pdf 6. If SMF is used by this project, have all SMF methods been configured to operate with only those privileges that are needed (through the use of execution contexts or privilege aware programs)? For additional information, see: Privilege Debugging in the Solaris 10 OS http://www.sun.com/blueprints/0206/819-5507.pdf Limiting Service Privileges in the Solaris 10 OS http://www.sun.com/blueprints/0505/819-2680.pdf 7. Is it possible to install this project on a Solaris sparse-root zone? If yes, must any non-default privileges be granted to the sparse-root zone? For additional information, see: PSARC/2006/124 Configurable Privileges for Zones http://www.opensolaris.org/os/community/arc/caselog/2006/124/ 8. Will this project install and operate on a system enabled for Solaris Trusted Extensions? For additional information, see: OpenSolaris Trusted Extensions Project http://www.opensolaris.org/os/community/security/projects/tx/ Internal Trusted Extensions Project http://rampart.eng/twiki/bin/view 9. Does the project run [correctly] at multiple single labels when Trusted Extensions is enabled? 10. Does the project run multi-level when Trusted Extensions in enabled? If yes, is the project label aware? * If yes does it provide an upgrade/downgrade facility? * If yes does it audit? * Is it label aware for local files? * Is it a lable aware network service? 11. Does the project need to interact with the Trusted Path when Trusted Extensions is enabled? [or must it run only in the Solaris global zone]? 12. Have all set-uid command-line programs delivered by this project been configured for least privilege (i.e., drop privileges that are not needed and bracket use of privilege where appropriate)? For additional information, see: Privilege Bracketing in the Solaris 10 OS http://www.sun.com/blueprints/0406/819-6320.pdf 13. Is this project compliant with the SAC Pluggable Authentication Mechanism Policy: http://www.opensolaris.org/os/community/arc/policies/PAM/ 14. Does this project provide or consume cryptographic services? If so, does it integrate with the Solaris Cryptographic Framework? For additional information, see: OpenSolaris Cryptographic Framework Project http://www.opensolaris.org/os/community/security/projects/ef/ Internal Cryptographic Framework Project http://ecf.sfbay.sun.com/wiki/index.php/Main_Page BigAdmin XPert Session: Solaris Cryptographic Framework http://www.sun.com/bigadmin/xperts/sessions/12_crypt/ 15. Does this project provide or consume cryptographic keys? If so, does it integrate with the Solaris Key Management Framework? For additional information, see: OpenSolaris Key Management Framework Project http://www.opensolaris.org/os/project/kmf/ Internal Key Management Project http://kmf.sfbay/index.php/Main_Page 16. Is this project compliant with the SAC Solaris Audit Policy? http://www.opensolaris.org/os/community/arc/policies/audit-policy/ For additional information, see: OpenSolaris Audit Project http://opensolaris.org/os/project/audit/
