Richard L. Hamilton wrote: > [...] >>>> sudo(1) will be explicitly left out of the >> CC evalua- >>> tion target. >>>> >>> I probably should know what this means... Help me >> Mr. Wizard... >> >> Common Criteria evaluation. sudo will be outside of >> the Target of >> Evaluation. >> > > Is there documentation or meta-packaging (to be updated for such as this) > which will collect such disclaimers or constraints, so that sites may > replicate > an evaluated configuration, or at any rate limit themselves to packages that > were part of an evaluated configuration? Preferably in a single place, not > spread across a multitude of man pages...
That is what the Target of Evaluation document describes. The ToE documents and certificates as well as any other needed information (such as patch lists) are published here: http://www.sun.com/software/security/securitycert/ It is also published on the common criteria evaluation website for the appropriate product, for example for Solaris 10. http://www.commoncriteriaportal.org/files/epfiles/solaris10-sec-e.pdf -- Darren J Moffat
