Its been a while since I looked at sudo (brain long since rewired to
pfexec), but IIRC sudo had some kind of support for kerberos. I don't
see any compilation of kerberos in the flags below. Can you provide a
one-or-two sentence description of rationale and impact? (I *suspect* I
know what the reasonable answers are, but I'd like the answers from the
project team directly, and I think it would be good to have the record
in the case log.)
Second, I notice that the package SUNWsudo is Committed, while
everything else is Uncommitted. This may be ignorance on my part, but
if the entire contents of the package are Uncommitted, then what value
is there in having the package itself be Committed?
Third, given that this project lacks Solaris auditing features, I'd
really like to see an explicit statement of this limitation in the
versions of the man pages we ship, perhaps with a recommendation.
Something like: "sudo(1M) does not audit activities. Sites that
require auditing information might consider using pfexec(1)."
Finally, how will an unconfigured sudo installation behave? (More to
the point, will the "default" installation of sudo create a hole in the
auditing infrastructure, for sites that care to have auditing
information preserved?)
- Garrett
PS: The case largely looks good to me. I don't think any of the answers
to the questions above will be surprises, but I do think it is important
to capture the information the case log.
Darren J Moffat wrote:
> Template Version: @(#)sac_nextcase 1.66 04/17/08 SMI
> This information is Copyright 2008 Sun Microsystems
> 1. Introduction
> 1.1. Project/Component Working Name:
> sudo
> 1.2. Name of Document Author/Supplier:
> Author: Joep Vesseur
> 1.3 Date of This Document:
> 10 June, 2008
> 4. Technical Description
>
> Release binding: minor
>
> Target Consolidation: SFW
>
>
> 1. Summary
>
> sudo(1) is a popular, cross platform administrative
> utility that allows an organization to define adminis-
> trative tasks and assign them to specific (groups) of
> users while defining the context the tasks will operate
> with. The purpose of sudo(1) is much like the purpose
> of RBAC.
>
> This case proposes to integrate the current stable ver-
> sion of sudo(1) in Solaris (at the time of writing,
> this is 1.6.9p16).
>
>
> 2. Details
>
> While, from a Solaris perspective, there are a number
> of features that sudo(1) lacks, this case proposes to
> integrate it anyway. The main reason to provide sudo(1)
> on Solaris is to enable administrators to adopt Solaris
> more easily and bring it under control of the heteroge-
> neous environment they are currently maintaining using
> sudo(1) on other platforms.
>
>
> For this case, we propose to integrate the current ver-
> sion of sudo as is. We acknowledge that Solaris spe-
> cific additions to sudo(1) would make sudo(1) a better
> Solaris citizen, but we defer those additions to future
> projects based on the willingness of the community to
> invest in Solaris specific features.
>
>
> 2.1. Auditing
>
> sudo(1) currently does not use any of the Solaris
> Auditing functionality. For this case, we do not pro-
> pose to add this functionality, based on our believe
> that the current demand for sudo(1) is from users with-
> out any auditing infrastructure (in the Solaris Audit-
> ing sense).
>
> sudo(1) will be explicitly left out of the CC evalua-
> tion target.
>
> We will engage with the community to see if they are
> willing to develop/accept Solaris specific auditing
> changes in the future, but we believe the current
> project is complete without these additions. We there-
> fore refer any auditing enhancements to a possible
> future project.
>
>
> 2.2. Extending sudoers with privilege specifications
>
> Another Solaris-specific extension to sudo(1) would be
> to allow it to use privilege specifications inside its
> sudoers-file. This would allow one to specify addi-
> tional privileges for some administrative tasks,
> instead of assigning the full root privileges, much
> like we allow for in exec_attr(4).
>
> Again, we will engage with the community to see if they
> are willing to accept this kind of Solaris specific
> changes upstream, but for now, we believe this case is
> complete without this additional Solaris-ism.
>
>
> 2.3. Merging sudo/RBAC
>
> In the long run, based on a "runs best on
> Solaris"-principle, we would like to merge the benefits
> from sudo(1) and RBAC allowing sudo(1) users to benefit
> from the RBAC framework, and allowing RBAC users to
> benefit from sudo-specific features. That is not this
> case, however.
>
>
> 3. Compilation options
>
> sudo(1) will be configured with the following options
>
> --with-CC=cc --prefix=/usr --with-ldap --with-project
> --with-privileges --with-pam
>
> These options will allow administrators to make use of
> Solaris-specific project features (part of standard
> sudo), and to store the sudoers(4) configuration in an
> LDAP database if they wish to do so. Since the LDAP
> schema to use differs from LDAP server to LDAP server,
> we intend to deliver example schema files for OpenLDAP
> based servers and SunONE based servers in
> /usr/share/doc, together with a conversion utility to
> create ldif files. These extra files are part of the
> normal sudo-package, but normally only available in the
> source package.
>
> 4. Interface table
>
> This case delivers the following files
>
> +---------------------------------------------------------------+
> |Exported Interfaces Classification|
> |---------------------------------------------------------------|
> |SUNWsudo Committed |
> |/etc/sudoers Uncommitted |
> |/usr/bin/sudo Uncommitted |
> |/usr/bin/sudoedit Uncommitted |
> |/usr/lib/sudo_noexec.so Project Private |
> |/usr/lib/sparcv9/sudo_noexec.so Project Private |
> |/usr/lib/amd64/sudo_noexec.so Project Private |
> |/usr/sbin/visudo Uncommitted |
> |/usr/share/doc/sudo-<version>/ Uncommitted |
> |/usr/share/doc/sudo-<version>/BUGS Uncommitted |
> |/usr/share/doc/sudo-<version>/CHANGES Uncommitted |
> |/usr/share/doc/sudo-<version>/HISTORY Uncommitted |
> |/usr/share/doc/sudo-<version>/LICENSE Uncommitted |
> |/usr/share/doc/sudo-<version>/README Uncommitted |
> |/usr/share/doc/sudo-<version>/README.LDAP Uncommitted |
> |/usr/share/doc/sudo-<version>/TROUBLESHOOTING Uncommitted |
> |/usr/share/doc/sudo-<version>/UPGRADE Uncommitted |
> |/usr/share/doc/sudo-<version>/sample.sudoers Uncommitted |
> |/usr/share/doc/sudo-<version>/sample.syslog.conf Uncommitted |
> |/usr/share/lib/ldif/sudo-schema.OpenLDAP Uncommitted |
> |/usr/share/lib/ldif/sudo-schema.iPlanet Uncommitted |
> |/usr/share/lib/ldif/sudoers2ldif Uncommitted |
> |/usr/share/man/man1m/sudo.1m Uncommitted |
> |/usr/share/man/man1m/sudoedit.1m Uncommitted |
> |/usr/share/man/man1m/visudo.1m Uncommitted |
> |/usr/share/man/man4/sudoers.4 Uncommitted |
> +---------------------------------------------------------------+
>
> 6. Resources and Schedule
> 6.4. Steering Committee requested information
> 6.4.1. Consolidation C-team Name:
> SFW
> 6.5. ARC review type: FastTrack
> 6.6. ARC Exposure: open
>
>
