I reviewed usbredir 0.6-2 as packaged in saucy. This should not be considered a full security audit, but rather a quick gauge of code cleanliness.
- usbredir provides a client/server mechanism using libusb to make USB devices from a host available to a guest, or remote, operating system. - Build-depends upon libusb; standard C networking - Does not daemonize - Listens on external interfaces - Runs as invoking user - No initscripts, no dbus, no setuid, one binary, no sudo - No test suite run at build - No warnings in build output - No spawned processes - Memory management looked safe - Devices opened via libusb - Safe logging - No environment variable use - No privileged code sections - No encryption - Network input looked sanitized - No temporary files - No webkit, JS Most of usbredir looked pretty clean. There were a few points I believe I should raise: - There's no transmission-level security to provide authentication or privacy. - There's no mechanism to specify exactly which IP address the server should listen on -- getaddrinfo(3) is used with AI_PASSIVE, which asks for the equivalent of INADDR_ANY and IN6ADDR_ANY_INIT addresses. - There's no mechanism to specify ACLs on peer IP addresses. - The use of select(2) in the main loop feels awkward when the libusb framework is better prepared to use poll(2). - Data is not normalized to network byte order; client and server must both execute on same-endian devices. With these missing features, usbredir is not safe to use in mixed-domain security environments. In particular: - Ethernet bridge devices should be created for each security domain of VM guests, if usbredir will be used to provide services to VM guests. - when the usbredir packets will traverse untrusted networking services, TLS tunneling, IPsec, or VPN solutions must be used. Security team ACK for promoting usbredir to main -- with the caveat that it should not be used in security-critical infrastructure or environments without appropriate measures. Thanks ** Changed in: usbredir (Ubuntu) Assignee: Seth Arnold (seth-arnold) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1126513 Title: [MIR] usbredir-0.6-1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/usbredir/+bug/1126513/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs