Security review: - No CVE history - two initscripts, neither are configured upon install: /etc/init.d/bmc-watchdog /etc/init.d/ipmidetectd When configured, ipmidetectd listens on a TCP and UDP port as root. bmc-watchdog does not listen on a network port - no dbus, setuid, fscaps, sudo, etc. No cron jobs - hardening options are enabled, but would be good to have PIE and BINDNOW for ipmidetectd - very shallow code review: - some strcpy() without bounds checking, but on stack so stack-protector should handle it - *alloc return codes are checked in all the places I looked - there is a lot of low level memory operations, but the code seems well coded and should be maintainable - there is /tmp file usage, though the sdr cache ones seem to be handled ok. ./libipmiconsole/ipmiconsole_debug.h:#define IPMICONSOLE_DEBUG_DIRECTORY "/tmp" ./libipmiconsole/ipmiconsole_debug.c: IPMICONSOLE_DEBUG_DIRECTORY, ./libipmiconsole/ipmiconsole_debug.h:#define IPMICONSOLE_DEBUG_DIRECTORY "/var/log/ipmiconsole" ./libipmiconsole/ipmiconsole_ctx.c: IPMICONSOLE_DEBUG_DIRECTORY, ipmiconsole_debug.c and ipmiconsole_ctx.c need to open these files with 'O_CREAT' and 'O_EXCL'
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1052056 Title: [FFe] [MIR] freeipmi To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/freeipmi/+bug/1052056/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
