On Tue, Apr 10, 2018 at 05:12:22AM -0000, Mario Limonciello wrote:
> > Did I get the interpretation of these rules correct?
> At a glance it looks like what you thought, but dig a little deeper.
> If it's not in the ACL it exits.
Ah! Thanks Mario!
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to thunderbolt-tools in Ubuntu.
Matching subscriptions: Kernel Packages
Status in thunderbolt-tools package in Ubuntu:
== Overview ==
Intel Thunderbolt userspace components provides components for using
Intel Thunderbolt controllers with security level features.
Thunderbolt™ technology is a transformational high-speed, dual
protocol I/O that provides unmatched performance with up to 40Gbps bi-
directional transfer speeds. It provides flexibility and simplicity by
supporting both data (PCIe, USB3.1) and video (DisplayPort) on a
single cable connection that can daisy-chain up to six devices.
[ See https://github.com/intel/thunderbolt-software-user-space ]
== Answers to UbuntuMainInclusionRequirements ==
= Requirements =
Package is in universe:
Package a device enabler for users with Thunderbolt technology
No security issues exposed so far. However, the tools have only been in
2017-12-09, so this currently is less than the 90 days threshold.
4. Quality assurance:
* Manual is provided
* No debconf questions higher than medium
* No major outstanding bugs. I'm also helping Intel fix issues that I'm
static analysis tools such as scan-build, cppcheck and CoverityScan
#883857 please backport for stretch-backports
#882525 thunderbolt-tools: FTBFS on kFreeBSD:
- I can fix this, but it makes no sense to run on kFreeBSD
* Exotic Hardware: Only Thunderbolt supported H/W is required, this is an
and the support for the tools are in the 4.13+ kernels
* No Test Suite shipped with the package
* Does not rely on obsolete or demoted packages
5. UI standards:
* This is a CLI tool. Tool has normal CLI style short help and man pages
* No desktop file required as it is a CLI tool.
6. Binary Dependencies:
7. Standards compliance:
lintian clean and meets the FHS + Debian Policy standards to the best of
* Package owning team: The Ubuntu Kernel Team
* Debian package maintained by Colin Ian King (myself from the Kernel Team)
9. Background Information
The user-space components implement device approval support:
a. Easier interaction with the kernel module for approving connected
b. ACL for auto-approving devices white-listed by the user.
Tools provided by this package:
tbtacl - triggered by udev (see the udev rules in tbtacl.rules).
It auto-approves devices that are found in ACL.
tbtadm - user-facing CLI tool. It provides operations for device
approval, handling the ACL and more.
The user-space components operate in coordination with the
upstream Thunderbolt kernel driver (found in v4.13) to provide the
Thunderbolt functionalities. These components are NOT compatible with
the old out-of-tree Thunderbolt kernel module.
= Security checks =
http://cve.mitre.org/cve/cve.html: Search in the National Vulnerability
Database using the package as a keyword
* No CVEs found
http://secunia.com/advisories/search/: search for the package as a keyword
* No security advisories found
Ubuntu CVE Tracker
Check for security relevant binaries. If any are present, this
requires a more in-depth security review.
Executables which have the suid or sgid bit set.
* Not applicable
Executables in /sbin, /usr/sbin.
* None in these paths
Packages which install daemons (/etc/init.d/*)
Packages which open privileged ports (ports < 1024).
Add-ons and plugins to security-sensitive software (filters,
scanners, UI skins, etc)
* This does exec tbtacl from udev with new udev rules, so this
needs security checking
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~kernel-packages
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp