Hi Garrett, Sorry! My mistake. clisp need not install setuid programs. I'v e updated the proposal at http://cr.opensolaris.org/~zhenghe/arc/proposal.txt
Thanks -Charles He Garrett D'Amore ??: > You've indicated that clisp installs setuid programs. Why? Please > provide more detail. > > -- Garrett > > James Walker wrote: >> I'm sponsoring this familiarity case for Charles He. The requested >> release binding is minor. The man page has been posted in the >> materials directory. >> >> Template Version: @(#)sac_nextcase 1.68 02/23/09 SMI >> This information is Copyright 2009 Sun Microsystems >> 1. Introduction >> 1.1. Project/Component Working Name: >> clisp >> 1.2. Name of Document Author/Supplier: >> Author: Charles He >> 1.3 Date of This Document: >> 26 February, 2009 >> 4. Technical Description >> clisp Check List >> 1.0 Project Information >> 1.1 Name of project/component >> clisp >> >> 1.2 Author of document >> Zheng.he at Sun.COM >> >> 2.0 Project Summary >> 2.1 Project Description >> Common Lisp is a high-level, general-purpose, object-oriented, dynamic, >> functional programming language. >> >> CLISP is a Common Lisp implementation by Bruno Haible, then of Karlsruhe >> University, and Michael Stoll, then of Munich University, both in >> Germany. >> It implements the language described in the ANSI Common Lisp standard >> with >> many extensions. >> >> CLISP includes an interpreter, a compiler, a debugger, CLOS, MOP, a >> foreign >> language interface, i18n, POSIX and Perl regular expressions, a socket >> interface, fast bignums, arbitrary precision floats, and more. An X11 >> interface is available through CLX, Garnet and CLUE/CLIO. Command line >> editing is provided by readline. CLISP runs Maxima, ACL2 and many other >> Common Lisp packages. >> 2.2 Release binding >> What is is the release binding? >> (see http://opensolaris.org/os/community/arc/policies/release-taxonomy/) >> [ ] Major >> [*] Minor >> [ ] Patch or Micro >> [ ] Unknown -- ARC review required >> >> 2.3 Type of project >> Is this case a Linux Familiarity project? >> [*] Yes >> [ ] No >> >> 2.4 Originating Community >> 2.4.1 Community Name >> GNU CLISP 2.4.2 Community Involvement >> Indicate Sun's involvement in the community >> [ ] Maintainer >> [ ] Contributor >> [*] Monitoring >> Will the project team work with the upstream community to resolve >> architectural issues of interest to Sun? >> [*] Yes [ ] No - briefly explain >> Will we or are we forking from the community? >> [ ] Yes - ARC review required prior to forking >> [*] No >> 3.0 Technical Description >> 3.1 Installation & Sharable >> 3.1.1S Solaris Installation - section only required for Solaris Software >> (see >> http://opensolaris.org/os/community/arc/policies/install-locations/ >> for details) >> Does this project follow the Install Locations best practice? >> [*] Yes [ ] No - ARC review required >> Does this project install into /usr under >> [sbin|bin|lib|include|man|share]? >> [*] Yes >> [ ] No or N/A >> Does this project install into /opt? >> [ ] Yes - explain below >> [*] No or N/A >> Does this project install into a different directory structure? >> [ ] Yes - ARC review required >> [*] No or N/A >> Do any of the components of this project conflict with anything under >> /usr? >> (see http://opensolaris.org/os/community/arc/caselog/2007/047/ for >> details) >> [ ] Yes - explain below >> [*] No >> If conflicts exist then will this project install under /usr/gnu? >> [ ] Yes >> [ ] No - ARC review required >> [*] N/A >> Is this project installing into /usr/sfw? >> [ ] Yes - ARC review required >> [*] No >> 3.1.1W Windows Installation - section only required for Windows Software >> (see http://sac.sfbay/WSARC/2002/494 for details) >> Does this project install software into a <system drive>:\Program >> Files\Sun\<product> or <system drive>:\Sun\<product> >> directory? >> [ ] Yes >> [ ] No - ARC review required >> Does the project use the Windows registry? >> [ ] Yes >> [ ] No - ARC review required >> Does the project use HKEY_LOCAL_MACHINE\SOFTWARE\Sun >> Microsystems\<product>\<version> >> for the registry key? >> [ ] Yes >> [ ] No - ARC review required >> Is the project's stored location >> HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems\<product id>\<version >> id>\Path? >> [ ] Yes >> [ ] No - ARC review required >> 3.1.2 Share and Sharable >> Does the module include any components that are used or shared by >> other projects? >> [*] Yes >> [ ] No >> If yes are these components packaged to be shared with the other FOSS? >> [*] Yes >> [ ] No - ARC review required >> [ ] N/A >> Are these components already in the Solaris WOS? >> [ ] Yes >> [*] No - continue with next section (section 3.2) >> If yes are these newer versions being delivered? >> [ ] Yes >> [ ] No - ARC review required >> If yes are the newer versions replacing the existing versions? >> [ ] Yes >> [ ] No - ARC review required >> >> 3.2 Exported Libraries >> Are libraries being delivered by this project? >> [ ] Yes >> [*] No - continue with next section (section 3.3) >> Are 64-bit versions of the libraries being delivered? >> [ ] Yes >> [ ] No - ARC review required >> Are static versions of the libraries being delivered? >> [ ] Yes - ARC review required >> [ ] No 3.3 Services and the /etc Directory >> (see http://opensolaris.org/os/community/arc/policies/SMF-policy/) >> Does the project integrate anything into /etc/init.d or /etc/rc?.d? >> [ ] Yes - ARC review required >> [*] No >> Does the project integrate any new entries into /etc/inittab or >> /etc/inetd.conf? >> [ ] Yes - ARC review required >> [*] No >> Does the project integrate any private non-public files into >> /etc/default >> or /etc/ configuration files? >> [ ] Yes - ARC review required >> [*] No >> Does the service manifests method context grant rights above that >> of the noaccess user and basic privilege set? >> [ ] Yes - ARC review required >> [*] No >> 3.4 Security >> 3.4.1 Secure By Default (see >> http://opensolaris.org/os/community/arc/policies/secure-by-default/ >> for details) >> (see >> http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ for >> details) >> (see parts of >> http://opensolaris.org/os/community/arc/policies/SMF-policy/ for >> addtional details) >> Are there any network services provided by this project? >> [ ] Yes >> [*] No - continue with the next section (section 3.4.2) >> Are network services enabled by default? >> [ ] Yes - ARC review required >> [ ] No >> [ ] N/A >> Are network services automatically enabled by the project during >> installation? >> [ ] Yes - ARC review required >> [ ] No >> [ ] N/A >> Are inbound network communications denied by default? >> [ ] Yes >> [ ] No - ARC review required >> [ ] N/A >> Is inbound data checked to prevent content-based attacks? >> [ ] Yes >> [ ] No - ARC review required >> [ ] N/A >> Is the outbound receiver authenticated? >> [ ] Yes >> [ ] No - ARC review required >> [ ] N/A >> Is the receiver authenticated prior to receiving any sensitive >> outbound communication? >> [ ] Yes >> [ ] No - ARC review required >> [ ] N/A >> 3.4.2 Authorization >> (see >> http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and >> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ and >> http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ >> for details) >> Are there any setuid/setgid privileged binaries in the project? >> [*] Yes - ARC review required >> [ ] No - continue with next section (section 3.4.3) >> If yes then are the setuid/setgid privileges handled by the use of >> roles? >> [ ] Yes >> [ ] No - ARC review required >> >> 3.4.3 Auditing >> (see http://opensolaris.org/os/community/arc/policies/audit-policy/ >> for details) >> (see http://opensolaris.org/os/community/arc/caselog/2003/397 for >> details) >> Does this component contain administrative or security enforcing >> software? >> [ ] Yes - ARC review required >> [*] No - continue to next section (section 3.4.4) >> (see http://opensolaris.org/os/community/arc/caselog/2003/397 for >> details) >> Do the components create audit logs detailing what took place >> including what event >> took place, who was involved, when the event took place? >> [ ] Yes - ARC contract and Audit project team review required >> [ ] No - ARC review required >> 3.4.4 Authentication >> (see http://opensolaris.org/os/community/arc/policies/PAM/) >> Do the components contain any authentication code? >> [ ] Yes >> [*] No - continue to next section (section 3.4.5) >> If yes do the components use PAM (plugable authentication modules) >> for authentication? >> [ ] Yes >> [ ] No - ARC review required >> If yes is a single PAM session maintained during authentication? >> [ ] Yes >> [ ] No - ARC review required >> If yes are the components sufficiently privileged to allow the >> requested operations (authentication, password change, process >> credential manipulation, audit state initialization)? >> [ ] Yes - briefly describe below >> [ ] No - ARC review required >> 3.4.5 Passwords >> (see >> http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ and >> http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ >> for details) >> Do any of the components for the project deal with passwords? >> [ ] Yes >> [*] No - continue to next section (section 3.4.6) >> If yes are these passwords entered via the CLI or environment? >> [ ] Yes - ARC review required >> [ ] No >> Are passwords stored within the file system for the component? >> [ ] Yes >> [ ] No - continue to next section (section 3.4.6) >> If yes are the permissions on the file such to protect exposing the >> password(s)? >> [ ] Yes >> [ ] No - ARC review required >> 3.4.6 General Security Questions >> (see >> http://opensolaris.org/os/community/arc/bestpractices/security-questions/ >> for details) >> Are there any network protocols used by this project? >> [ ] Yes >> [*] No - continue with the next section (section 3.5) >> Do the components use standard network protocols? >> [ ] Yes >> [ ] No - ARC review required >> Do network services for the project make decisions based upon user, >> host or service identities? >> [ ] Yes - explain below >> [ ] No >> [ ] N/A >> Do the components make use of secret information during >> authentication and/or >> authorization? >> [ ] Yes - explain below >> [ ] No >> [ ] N/A >> 3.5 Networking >> Do the components access the network? >> [ ] Yes >> [*] No - continue with the next section (section 3.6) >> If yes do the components support IPv6? >> [ ] Yes [ ] No - ARC review required >> 3.6 Core Solaris Components >> Do the components of this project compete with or duplicate core >> Solaris components? >> [ ] Yes - ARC review required >> [*] No Examples of Core Solaris Components include but are not >> limited to: >> Secure By Default >> Authorizations >> PAM -- Plugable Authentication Module >> Privilege >> PRM -- Process Rights Management -- Privilege >> Audit >> xVm -- Virtualization >> zones / Solaris Containers >> PRM -- Process Rights Management >> RBAC -- Role Based Access Control >> TX / Trusted Extensions >> ZFS >> SMF -- Service Management Facility >> FMA -- Fault Management Architecture >> SCF -- Smart Card Facility >> IPsec >> 4.0 Interfaces >> (see >> http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ >> for details) >> 4.1 Exported Interfaces >> Interface Name Classification Comments >> --------------------------- ------------------- >> --------------------------- >> SUNWclisp Uncommitted Package /usr/bin/clisp Uncommitted Command >> /usr/lib/clisp/ Uncommitted Object Files >> /usr/share/clisp/ Uncommitted Emacs and Vim lisp support 4.2 Imported >> Interfaces >> Interface Name Classification Comments >> --------------------------- -------------------- >> -------------------------- >> readline (via SFW) Committed PSARC/2007/188 >> libsigsegv Uncommitted LSARC/2009/107 >> Appendix A - References >> 1. http://clisp.cons.org/ >> OSR ID# 10665 >> RFE ID# 6777585 >> >> >> 6. Resources and Schedule >> 6.4. Steering Committee requested information >> 6.4.1. Consolidation C-team Name: >> SFW >> 6.5. ARC review type: FastTrack >> 6.6. ARC Exposure: open >> >
