I reviewed iucode-tool version 1.1.1-1 as checked into vivid. This should not be considered a full security audit but rather a quick gauge of maintainability.
- iucode-tool manages and loads firmware for Intel CPUs - Build-Depends: debhelper, autotools-dev, automake, autoconf - No cryptography - No networking - Does not daemonize - No pre/post inst/rm - No initscripts - No dbus services - No setuid - One binary, iucode_tool, and symlink iucode-tool - No sudo fragments - No udev rules - No cronjobs - No test suite, not really a surprise - Clean build logs - No subprocesses spawned - Memory management is careful - File names are given by the platform - Logging looks safe - No environment variables used - No cryptography - No networking - No privileged portions of code - No temporary files - No WebKit - No PolicyKit - No JavaScript - Clean cppcheck iucode-tool is short and sweet: careful, methodical, some nice helper routines, good comments. Security team ACK for promoting to restricted or main as appropriate. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1388889 Title: [MIR] intel-microcode & iucode-tool (multiverse -> restricted) To manage notifications about this bug go to: https://bugs.launchpad.net/intel/+bug/1388889/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
