Security review:
* Hardening options enabled, but not with PIE. Builds without errors or
warnings. Lintian clean, no setuid, fscaps or privileged operations via
sudo/su/pkexec. No dbus, initscripts/upstart jobs or cron jobs. Simple C
program with a pam configuration file
* code audit of socket-sucker.c:
* handles environ fine
* does not check the return value of snprintf and may not be nul terminated.
Specifically, this:
snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path), "%s/%s", home,
".freerdp-socket");
Should be changed to:
if (snprintf(serv_addr.sun_path, sizeof(serv_addr.sun_path) - 1, "%s/%s", home,
".freerdp-socket") > sizeof(serv_addr.sun_path) - 1) {
return -1;
}
* not checking return code early enough for read() which could mean the write
call writes something unintended
* not checking return code of write() at all.
Tyler will comment on the pam configuration since he is looking at
libpam-freerdp. Otherwise, conditional ACK provided the above code
changes are made and it is compiled with PIE.
** Changed in: lightdm-remote-session-freerdp (Ubuntu)
Status: New => In Progress
** Changed in: lightdm-remote-session-freerdp (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Tyler Hicks (tyhicks)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1039636
Title:
[MIR] lightdm-remote-session-freerdp
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lightdm-remote-session-freerdp/+bug/1039636/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
