[Bug 1617067] Re: [MIR] PolicyKit Unity8
Override component to main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety: universe/gnome -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety amd64: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety arm64: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety armhf: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety i386: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety powerpc: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety ppc64el: universe/gnome/optional/100% -> main policykit-unity8 0.1+16.10.20160829-0ubuntu1 in yakkety s390x: universe/gnome/optional/100% -> main 8 publications overridden. ** Changed in: policykit-unity8 (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
** Changed in: policykit-unity8 (Ubuntu) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
Thanks Ted; I'm also curious about other typical failure cases: - User just blindly hits enter - User holds down the spacebar for five minutes - User is a three year old child left unattended for five minutes :) Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1617067] Re: [MIR] PolicyKit Unity8
Thanks for the review! On Thu, 2016-09-22 at 07:40 +, Seth Arnold wrote: > Please add -- or document here -- negative tests that exercise > failure > and 'cancel' pathways. If they don't yet exist, please have them > checked > into yakkety before release. For the user hitting the cancel button the test is in the authentication dialog tests: http://bazaar.launchpad.net/~unity-api-team/policykit-unity8/16.04/view /head:/tests/authentication-test.cpp#L200 For the agent cancelling: http://bazaar.launchpad.net/~unity-api-team/policykit-unity8/16.04/view /head:/tests/agent-test.cpp#L257 To ensure that we cancel on shutdown and free'ing of the internal objects: http://bazaar.launchpad.net/~unity-api-team/policykit-unity8/16.04/view /head:/tests/agent-test.cpp#L320 A cancel at the auth manager level (not really from outside, but more checking internal logic): http://bazaar.launchpad.net/~unity-api-team/policykit-unity8/16.04/view /head:/tests/auth-manager-test.cpp#L203 I think that covers most of the pathways in question, please note if there's others you think we should cover. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
I reviewed policykit-unity8 version 0.1+16.10.20160829-0ubuntu1 as checked into yakkety. This should not be considered a full security audit; in fact, this code deserves a much closer inspection. - policykit-unity8 provides a policykit agent for unity8, to integrate dialogs from polkit into the unity8 interface. - Build-Depends: astyle, clang-format | clang-format-3.4, click-dev, cmake, cmake-extras, dbus, dbus-test-runner, debhelper (>= 9), google-mock, libdbustest1-dev, libglib2.0-dev, libgtest-dev, libnotify-dev, libproperties-cpp-dev, libpolkit-agent-1-dev, python3-dbusmock - Does not use encryption - Does not use networking - Does not provide a daemon - Does not listen on an external interface - Runs as user - No pre/post inst/rm scripts - No init scripts - No dbus service files, extensive dbus use - No setuid files - No binaries in the PATH - No sudo fragments - No udev rules - Does run three tests during the build -- I did not spot any authentication failure tests, however - No cron jobs - Clean build logs - No subprocesses spawned - Memory management looked careful - Only file IO was to /dev/rfkill - Logging looked careful - Only uses URFKILL_NO_SYSLOG environment variable - Does not perform privileged operations - Does not perform cryptography - Does not perform networking - No privileged portions of code - No temporary files - No WebKit - No javascript - clean cppcheck and shellcheck - Uses polkit, including polkit_unix_session_new_for_process_sync() How is this API safe to use? pids are not a reliable process identifier, they are subject to race conditions. I did not see any polkit *session* APIs that would use a safe process identifier. This is complicated code, using complicated APIs, and I did not inspect it as closely as it deserves. The 'small' picture looks good: errors are checked, the coding looked professional, logs and static analysis look good. I'm less clear about the larger picture. I'm concerned that the polkit_unix_session_new_for_process_sync() API may be unsuitable for use and yet not clearly documented as such; I'm concerned that extensive use of threading to implement and dbus to communicate security policy is racy and may allow confusing users or software alike. I'm concerned that polkit is too generic to be useful and yet may not be flexible enough to fully interact with PAM. Please add -- or document here -- negative tests that exercise failure and 'cancel' pathways. If they don't yet exist, please have them checked into yakkety before release. Security team ACK for promoting policykit-unity8 to main. Thanks ** Changed in: policykit-unity8 (Ubuntu) Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
** Changed in: policykit-unity8 (Ubuntu) Status: Incomplete => New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
The test suite is now fixed with the landing of this MR: https://code.launchpad.net/~ted/policykit-unity8/testsuite- fix/+merge/304284 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1617067] Re: [MIR] PolicyKit Unity8
On Fri, 2016-08-26 at 13:55 +, Michael Terry wrote: > - You say "This package has a test suite." Sure... but the suite is > explicitly disabled with -Denable_tests=OFF in debian/rules. We > should > be running tests during build (or in autopkgtests) if we can. Uhg, I didn't realize that. I will fix it. > - Is there a team bug subscriber in [1] that fits and could be > subscribed? (mentally add phablet-team, unity-ui-team, and unity-api- > team to that list) > The indicator-applet-developers team is subscribed. Not sure there's a better/worse team to add, we really need to do an LP team cleanup again :-( -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1617067] Re: [MIR] PolicyKit Unity8
- You say "This package has a test suite." Sure... but the suite is explicitly disabled with -Denable_tests=OFF in debian/rules. We should be running tests during build (or in autopkgtests) if we can. - Is there a team bug subscriber in [1] that fits and could be subscribed? (mentally add phablet-team, unity-ui-team, and unity-api- team to that list) - Assigning to ubuntu-security for a looksee. [1] http://bazaar.launchpad.net/~ubuntu-archive/ubuntu-archive- tools/trunk/view/head:/package-subscribers#L107 ** Changed in: policykit-unity8 (Ubuntu) Status: New => Incomplete ** Changed in: policykit-unity8 (Ubuntu) Assignee: (unassigned) => Ubuntu Security Team (ubuntu-security) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1617067 Title: [MIR] PolicyKit Unity8 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/policykit-unity8/+bug/1617067/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
