20 Questions # 5 update [PSARC/2009/179 FastTrack timeout 03/25/2009]
Gary Winiger
gww at eng.sun.com
Wed Mar 18 11:52:53 PDT 2009
> > 5. Projects need to be aware of the overall security of the system and how
> > their components affect it. Which parts of this project are critical to
> > the security of the system to avoid such unintended consequences such
> > as unauthorized system entry, unauthorized access to or modification of
> > data, elevation of privilege, denial of service, ...? Does this project
> > - require elevated privilege?
> > + require elevated privilege? Does the project interact with or affect
> > + Solaris Trusted Extensions (TX)?
> >
>
> The question that comes to my mind is - would I know if my project affects TX?
> I've never run TX, and I imagine I'm not alone in that. Same for labeled
> security.
You could talk with the TX team. Just like you'd talk with any
other team. IIRC, part of the C-Team integration list is to
run tests that include TX tests. They are supposed to now be part
of standard Product Integration Testing.
Gary..
More information about the opensolaris-arc
mailing list