FCL--FOSS Check List 1.0 Project Information 1.1 Name of project/component SUNWcmake 1.2 Author of document Faramarz Jalalian 2.0 Project Summary 2.1 Project Description Cmake is a cross-platform, open-source Makefile generator, to be included into SFW consolidation. 2.2 Release binding What is is the release binding? (see http://opensolaris.org/os/community/arc/policies/release-taxonomy/) [ ] Major [ ] Minor [X] Patch or Micro [ ] Unknown -- ARC review required 2.3 Type of project Is this case a Linux Familiarity project? [ ] Yes [X] No 2.4 Originating Community 2.4.1 Community Name Kitware 2.4.2 Community Involvement Indicate Sun's involvement in the community [X] Maintainer [ ] Contributor [ ] Monitoring Will the project team work with the upstream community to resolve architectural issues of interest to Sun? [X] Yes [ ] No - briefly explain Will we or are we forking from the community? [ ] Yes - ARC review required prior to forking [X] No 3.0 Technical Description 3.1 Installation & Sharable 3.1.1S Solaris Installation - section only required for Solaris Software (see http://opensolaris.org/os/community/arc/policies/install-locations/ for details) Does this project follow the Install Locations best practice? [X] Yes [ ] No - ARC review required Does this project install into /usr under [sbin|bin|lib|include|man|share]? [X] Yes [ ] No or N/A Does this project install into /opt? [ ] Yes - explain below [X] No or N/A Does this project install into a different directory structure? [ ] Yes - ARC review required [X] No or N/A Do any of the components of this project conflict with anything under /usr? (see http://opensolaris.org/os/community/arc/caselog/2007/047/ for details) [ ] Yes - explain below [X] No If conflicts exist then will this project install under /usr/gnu? [ ] Yes [ ] No - ARC review required [X] N/A Is this project installing into /usr/sfw? [ ] Yes - ARC review required [X] No 3.1.1W Windows Installation - section only required for Windows Software (see http://sac.sfbay/WSARC/2002/494 for details) Does this project install software into a :\Program Files\Sun\ or :\Sun\ directory? [ ] Yes [ ] No - ARC review required Does the project use the Windows registry? [ ] Yes [ ] No - ARC review required Does the project use HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems\\ for the registry key? [ ] Yes [ ] No - ARC review required Is the project's stored location HKEY_LOCAL_MACHINE\SOFTWARE\Sun Microsystems\\\Path? [ ] Yes [ ] No - ARC review required 3.1.2 Share and Sharable Does the module include any components that are used or shared by other projects? [X] Yes [ ] No If yes are these components packaged to be shared with the other FOSS? [X] Yes [ ] No - ARC review required [ ] N/A Are these components already in the Solaris WOS? [ ] Yes [X] No - continue with next section (section 3.2) If yes are these newer versions being delivered? [ ] Yes [ ] No - ARC review required If yes are the newer versions replacing the existing versions? [ ] Yes [ ] No - ARC review required 3.2 Exported Libraries Are libraries being delivered by this project? [ ] Yes [X] No - continue with next section (section 3.3) Are 64-bit versions of the libraries being delivered? [ ] Yes [ ] No - ARC review required Are static versions of the libraries being delivered? [ ] Yes - ARC review required [ ] No 3.3 Services and the /etc Directory (see http://opensolaris.org/os/community/arc/policies/SMF-policy/) Does the project integrate anything into /etc/init.d or /etc/rc?.d? [ ] Yes - ARC review required [X] No Does the project integrate any new entries into /etc/inittab or /etc/inetd.conf? [ ] Yes - ARC review required [X] No Does the project integrate any private non-public files into /etc/default or /etc/ configuration files? [ ] Yes - ARC review required [X] No Does the service manifests method context grant rights above that of the noaccess user and basic privilege set? [ ] Yes - ARC review required [X] No 3.4 Security 3.4.1 Secure By Default (see http://opensolaris.org/os/community/arc/policies/secure-by-default/ for details) (see http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ for details) (see parts of http://opensolaris.org/os/community/arc/policies/SMF-policy/ for addtional details) Are there any network services provided by this project? [ ] Yes [X] No - continue with the next section (section 3.4.2) Are network services enabled by default? [ ] Yes - ARC review required [ ] No [ ] N/A Are network services automatically enabled by the project during installation? [ ] Yes - ARC review required [ ] No [ ] N/A Are inbound network communications denied by default? [ ] Yes [ ] No - ARC review required [ ] N/A Is inbound data checked to prevent content-based attacks? [ ] Yes [ ] No - ARC review required [ ] N/A Is the outbound receiver authenticated? [ ] Yes [ ] No - ARC review required [ ] N/A Is the receiver authenticated prior to receiving any sensitive outbound communication? [ ] Yes [ ] No - ARC review required [ ] N/A 3.4.2 Authorization (see http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ and http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ for details) Are there any setuid/setgid privileged binaries in the project? [ ] Yes - ARC review required [X] No - continue with next section (section 3.4.3) If yes then are the setuid/setgid privileges handled by the use of roles? [ ] Yes [ ] No - ARC review required 3.4.3 Auditing (see http://opensolaris.org/os/community/arc/policies/audit-policy/ for details) (see http://opensolaris.org/os/community/arc/caselog/2003/397 for details) Does this component contain administrative or security enforcing software? [ ] Yes - ARC review required [X] No - continue to next section (section 3.4.4) (see http://opensolaris.org/os/community/arc/caselog/2003/397 for details) Do the components create audit logs detailing what took place including what event took place, who was involved, when the event took place? [ ] Yes - ARC contract and Audit project team review required [ ] No - ARC review required 3.4.4 Authentication (see http://opensolaris.org/os/community/arc/policies/PAM/) Do the components contain any authentication code? [ ] Yes [X] No - continue to next section (section 3.4.5) If yes do the components use PAM (plugable authentication modules) for authentication? [ ] Yes [ ] No - ARC review required If yes is a single PAM session maintained during authentication? [ ] Yes [ ] No - ARC review required If yes are the components sufficiently privileged to allow the requested operations (authentication, password change, process credential manipulation, audit state initialization)? [ ] Yes - briefly describe below [ ] No - ARC review required 3.4.5 Passwords (see http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ and http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ for details) Do any of the components for the project deal with passwords? [ ] Yes [X] No - continue to next section (section 3.4.6) If yes are these passwords entered via the CLI or environment? [ ] Yes - ARC review required [ ] No Are passwords stored within the file system for the component? [ ] Yes [ ] No - continue to next section (section 3.4.6) If yes are the permissions on the file such to protect exposing the password(s)? [ ] Yes [ ] No - ARC review required 3.4.6 General Security Questions (see http://opensolaris.org/os/community/arc/bestpractices/security-questions/ for details) Are there any network protocols used by this project? [ ] Yes [X] No - continue with the next section (section 3.5) Do the components use standard network protocols? [ ] Yes [ ] No - ARC review required Do network services for the project make decisions based upon user, host or service identities? [ ] Yes - explain below [ ] No [ ] N/A Do the components make use of secret information during authentication and/or authorization? [ ] Yes - explain below [ ] No [ ] N/A 3.5 Networking Do the components access the network? [ ] Yes [X] No - continue with the next section (section 3.6) If yes do the components support IPv6? [ ] Yes [ ] No - ARC review required 3.6 Core Solaris Components Do the components of this project compete with or duplicate core Solaris components? [ ] Yes - ARC review required [X] No Examples of Core Solaris Components include but are not limited to: Secure By Default Authorizations PAM -- Plugable Authentication Module Privilege PRM -- Process Rights Management -- Privilege Audit xVm -- Virtualization zones / Solaris Containers PRM -- Process Rights Management RBAC -- Role Based Access Control TX / Trusted Extensions ZFS SMF -- Service Management Facility FMA -- Fault Management Architecture SCF -- Smart Card Facility IPsec 4.0 Interfaces (see http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ for details) 4.1 Exported Interfaces Interface Name Classification Comments --------------------------- ------------------- --------------------------- /usr/bin/cmake uncommitted Makefile generator command /usr/bin/ccmake uncommitted Curses interface for cmake /usr/bin/ctest uncommitted cmake test driver program /usr/bin/cpack uncommitted cmake package generator /usr/share/cmake-2.6/Templates uncommitted platform template files and /usr/share/cmake-2.6/Modules /usr/share/man/man1 uncommitted man pages for (ctest, cpack, ccmake, cmake, cmakecommands, cmakecompat, cmakeprops, cmakepolicies, cmakevars, cmakemodules) /usr/share/cmake-2.6/doc uncommitted more in-depth documentation 4.2 Imported Interfaces Interface Name Classification Comments --------------------------- -------------------- -------------------------- Brief Interface Classifications - See Appendix C for definitions Volatile - interfaces are fluid and will follow a rapidly changing community Uncommitted - interfaces are still evolving in the community and might follow the community Committed - interfaces are stable in the community Project Private - no review required, just document in table Contracted (interface modifier) - further review required Appendix A - References 1. Solaris Installation Locations Policy http://opensolaris.org/os/community/arc/policies/install-locations/ 2. /usr/gnu Installation ARC case http://opensolaris.org/os/community/arc/caselog/2007/047/ 3. Secure By Default Policy http://opensolaris.org/os/community/arc/policies/secure-by-default/ 4. Network Install Time Securityuy Policy http://www.opensolaris.org/os/community/arc/policies/NITS-policy/ 5. Adding RBAC Authorizations Policy http://opensolaris.org/os/community/arc/bestpractices/rbac-auths/ 6. When to use setuid -vs- RBAC roles and profiles http://opensolaris.org/os/community/arc/bestpractices/rbac-intro/ and 7. Building RBAC Rights Profiles http://opensolaris.org/os/community/arc/bestpractices/rbac-profiles/ 8. Solaris Audit Policy http://opensolaris.org/os/community/arc/policies/audit-policy/ 9. Security questionaire http://opensolaris.org/os/community/arc/bestpractices/security-questions/ 10. Interface Taxonomy http://www.opensolaris.org/os/community/arc/policies/interface-taxonomy/ 11. Plugable Authentication Modules -- PAM http://opensolaris.org/os/community/arc/policies/PAM/ 12. Reusable Passwords In Command Line Arguments and Environment Variables http://opensolaris.org/os/community/arc/bestpractices/passwords-cli/ 13. Storing Reusable Passwords on a Filesystem http://opensolaris.org/os/community/arc/bestpractices/passwords-files/ 14. Release Taxonomy http://opensolaris.org/os/community/arc/policies/release-taxonomy/ 15. Service Management Facility (SMF) usage http://opensolaris.org/os/community/arc/policies/SMF-policy/ Appendix B - Suggested case materials 1. cmake man pages are attached as a in the separate cmake-man-pages.txt.gz file. ---------------------------------------------------------