I reviewed libnss-myhostname version 0.3-4 from the Raring archives.
This shouldn't be considered a full security audit, rather an indicator of
maintainability.
- libnss-myhostname adds a new nss module that can be added to nsswitch to
always provide local hostname<->IP lookups regardless the contents of
/etc/hosts
- No encryption
- No off-machine networking; will change results of nss-based lookups
- Relies upon netlink to retrieve address information for interfaces
- Does not run as a daemon; it is linked into every process that performs
nss lookups
- No PIE (library, fine), no Fortify (no functions used, fine), no
immediate biding (as dynamicly loaded library with few deps, fine)
- Stack protection, read-only relocations
- No initscripts, no dbus services, no setuid, no sudo fragments
- No spawned processes
- Careful memory management
- Careful data handling
- Warnings in build from autotools
- Warnings in build from failed inlining
It'd be nice to have the warnings fixed at some point, but this does not
block main inclusion.
ACK
** Changed in: libnss-myhostname (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => MIR approval team (ubuntu-mir)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1162478
Title:
[FFe] [MIR] libnss-myhostname
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-myhostname/+bug/1162478/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
