I reviewed gnome-snapshot 45.2+vendored-0ubuntu2 as checked into noble. This shouldn't be considered a full audit but rather a quick gauge of maintainability. Due to time constraints, this report only took into account the package itself, and not its significant number (244) of vendored libraries. Many of those should be removed as mentioned in https://gitlab.gnome.org/GNOME/snapshot/-/issues/137. However, none of the used ones are non-standard. For now, the following audit is only going to report findings in the source code of the Rust package gnome-snapshot.
gnome-snapshot is a camera application designed for GNOME environments, offering straightforward functionality for capturing photos and videos across various devices. It is a new package, and it serves as an updated replacement for older GNOME camera apps. - CVE History - None, package is new - Build-Depends - Many vendored libraries, some of them not needed (eg: https://gitlab.gnome.org/GNOME/snapshot/-/issues/137) - pre/post inst/rm scripts - None - init scripts - None - systemd units - None - dbus services - None - setuid binaries - None - binaries in PATH - None - sudo fragments - None - polkit files - None - udev rules - None - unit tests / autopkgtests - Unit tests ran during build - Absence of autopkgtests, already a recomended TODO by the MIR team - cron jobs - None - Build logs - No warnings / errors during build - Processes spawned - Does not interact with user input, thus not susceptible to any command injection attacks or unsafe arguments - Memory management - Mostly using Rust's memory safe features - "unsafe" stanzas look non-problematic - File IO - Nature of the package requires I/O interaction with local storage - Unsafe processing of user-owned files, already-existing in the system by calling open_with_system() in gallery.js, which does not filter file types, as mentioned in a TODO by the developers in line 301, and can result in the processing of untrusted files. However, given the threat model (user-owned files and user-owned machine), this is not concerning as even with filtering, the user could rename the files and process them - Logging - Safe, does not include user input - Environment variable usage - Can not be abused - Use of privileged functions - Only used for installing dependecies - Use of cryptography / random number sources etc - None, not needed due to the nature of the package - Use of temp files - None - Use of networking - None, only inter-process communication to respond to GUI events - Use of WebKit - None - Use of PolicyKit - None - Any significant cppcheck results - None - Any significant Coverity results - None - Any significant shellcheck results - None - Any significant bandit results - None - Any significant govulncheck results - None - Any significant Semgrep results - None Security team ACK for promoting gnome-snapshot to main. Overall, the package is well-written, and developed in a memory-safe language, something that makes us believe that it will be less susceptible to vulnerabilities in the future. Moreover, it is maintained by GNOME, leading us to trust that the code will be well-maintained and monitored for vulnerabilities in the future. When it comes to the code itself, along with the above-mentioned issue of processing local files without filtering, it contains many non-security related TODOs by the developers, which is due to the young age of the package. We believe and suggest that those will be resolved in the near future. ** Changed in: gnome-snapshot (Ubuntu) Status: Incomplete => In Progress ** Changed in: gnome-snapshot (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2052652 Title: [MIR] gnome-snapshot To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/gnome-snapshot/+bug/2052652/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
