I reviewed usbredir 0.6-2 as packaged in saucy. This should not be
considered a full security audit, but rather a quick gauge of code
cleanliness.
- usbredir provides a client/server mechanism using libusb to make USB devices
from a host available to a guest, or remote, operating system.
- Build-depends upon libusb; standard C networking
- Does not daemonize
- Listens on external interfaces
- Runs as invoking user
- No initscripts, no dbus, no setuid, one binary, no sudo
- No test suite run at build
- No warnings in build output
- No spawned processes
- Memory management looked safe
- Devices opened via libusb
- Safe logging
- No environment variable use
- No privileged code sections
- No encryption
- Network input looked sanitized
- No temporary files
- No webkit, JS
Most of usbredir looked pretty clean. There were a few points I believe I
should raise:
- There's no transmission-level security to provide authentication or privacy.
- There's no mechanism to specify exactly which IP address the server should
listen on -- getaddrinfo(3) is used with AI_PASSIVE, which asks for the
equivalent of INADDR_ANY and IN6ADDR_ANY_INIT addresses.
- There's no mechanism to specify ACLs on peer IP addresses.
- The use of select(2) in the main loop feels awkward when the libusb
framework is better prepared to use poll(2).
- Data is not normalized to network byte order; client and server must both
execute on same-endian devices.
With these missing features, usbredir is not safe to use in mixed-domain
security environments. In particular:
- Ethernet bridge devices should be created for each security domain of VM
guests, if usbredir will be used to provide services to VM guests.
- when the usbredir packets will traverse untrusted networking services, TLS
tunneling, IPsec, or VPN solutions must be used.
Security team ACK for promoting usbredir to main -- with the caveat that it
should not be used in security-critical infrastructure or environments without
appropriate measures.
Thanks
** Changed in: usbredir (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1126513
Title:
[MIR] usbredir-0.6-1
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/usbredir/+bug/1126513/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
