I reviewed thin-provisioning-tools 0.7.6-2.1ubuntu1 as checked
into eoan. This shouldn't be considered a full audit but rather a
quick gauge of maintainability.
thin-provisioning-tools is a set of tools for managing meta-data for
the Linux kernel's device-mapper thin target. It is not entirely clear
what the threat model is here, in that this is a series of command line
tools to manage thin dm volumes, and is expected to be run by an
administrator (no setuid, no calls to sudo). Orchestration tools might
wrap thin-provisioning-tools would want to take care to sanitize input
that is eventually passed on to these tools, but that is out of the
scope of this audit.
- CVE History: No CVEs found.
- thin-provisioning-tools buiild depends on libaio-dev, libexpat1-dev,
and libboost-dev
- libexpat1 is both good and bad, as it has had a less than
stellar security history, but is better than rolling one's own
XML implementation.
- pre/post inst/rm scripts?
- The postinst triggers update-initramfs. There is no postrm,
so does not do this, but probably should.
- No init scripts or systemd units.
- No dbus services.
- No setuid binaries.
- thin-provisioning-tools provides one primary binary
/usr/sbin/pdata_tools that is invoked in different ways by symlinked
entries in /usr/sbin. Man pages are provided for every symlink.
- No sudo fragments.
- No udev rules.
- Unit tests are run during the build. It's unclear how much coverage
this provides, but it's a non-trivial amount.
- No autopkgtests are performed. Functional tests are provided in the
upstream, but not used by autopkgtests. This is likely due to
dependencies on chezscheme (in archive) and thunderchez (not
packaged); the latter could possibly be vendor packaged, as the
functional tests run successfully if they are available
(with CHEZSCHEMELIBDIRS="PATH/TO/thunderchez/:$PWD/functional-tests" make
test)
These tests may or may not be able to run at build time, but for sure
in an autopkgtest environment. Unclear how much coverage is provided,
but they do at least minimally appear to exercise all of the command
variations.
- No cron jobs.
- Build logs:
- Some dh provided configure options ignored
- 3 compiler warnings issued, 1 potential uninitialized value, and two
warnings about explicitly using braces to avoid ambiguous ‘else’
situations. Mostly clean build.
- No lintian failures, no significant lintian warnings, mostly just
indications of lack of packager(s) attention.
- Does not appear to spawn external processes (except for debugging
and in testsuites).
- Memory management is generally performed okay. Errors values returned
by copying/writing operations are not always checked.
- For file handling, generally, the tools take the dm device to
operate on as a command line argument.
- Configuration information for import is in an XML format.
- One possible issue is that the file_utils::open_file() which
underlies the block file open/creation interface defaults to
mode 0666 without any way to override it.
- Generally uses cout for logging output errors.
- No use of environment variables.
- Only privileged function used is ioctl, which makes sense given that
it does device-mapper metadata organization. These calls are mostly
abstracted away into a library of functions.
- Does not do any crypto.
- No use of temp files outside of tests and build/install utilities.
- Does not appear to do any networking.
- No use of WebKit.
- No use of PolicyKit.
- The only cppcheck warnings were of a double-free and a use-after-free
in the functional-testing library
- Coverity discovered some uninitialized values, a couple of
use-after-frees, and resource leaks. I'm attaching the coverity report
and it would be ince to get the issues it found in the non
functional-testing portion of the code.
Source code is mostly C++ with some embedded C (and at least one unused
ruby file). Unit tests are in C++, while functional tests are written in
Scheme. The C++ code makes a fair amount of use of C++ templates.
There are a fair number of FIXMEs in the non-testing code.
Security team ACK for promoting thin-provisioning-tools to main.
** Attachment added: "coverity report"
https://bugs.launchpad.net/ubuntu/+source/thin-provisioning-tools/+bug/1828887/+attachment/5287044/+files/coverity.txt
** Changed in: thin-provisioning-tools (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1828887
Title:
[MIR] thin-provisioning-tools
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/thin-provisioning-tools/+bug/1828887/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
