Public bug reported:

== Overview ==

Intel Thunderbolt userspace components provides components for using
Intel Thunderbolt controllers with security level features.
Thunderboltâ„¢ technology is a transformational high-speed, dual protocol
I/O that provides unmatched performance with up to 40Gbps bi-directional
transfer speeds. It provides flexibility and simplicity by supporting
both data (PCIe, USB3.1) and video (DisplayPort) on a single cable
connection that can daisy-chain up to six devices.

[ See https://github.com/intel/thunderbolt-software-user-space ]

== Answers to UbuntuMainInclusionRequirements ==

= Requirements =

1. Availability
   Package is in universe: 
https://launchpad.net/ubuntu/+source/thunderbolt-tools

2. Rationale
   Package a device enabler for users with Thunderbolt technology

3. Security:
   No security issues exposed so far. However, the tools have only been in 
Ubuntu since
   2017-12-09, so this currently is less than the 90 days threshold.

4. Quality assurance:
   * Manual is provided
   * No debconf questions higher than medium
   * No major outstanding bugs. I'm also helping Intel fix issues that I'm 
finding with
     static analysis tools such as scan-build, cppcheck and CoverityScan
     Bugs outstanding:
       #883857 please backport for stretch-backports
       #882525 thunderbolt-tools: FTBFS on kFreeBSD: 
_ZN5boost6system15system_categoryEv undefined
         - I can fix this, but it makes no sense to run on kFreeBSD
   * Exotic Hardware: Only Thunderbolt supported H/W is required, this is an 
industry standard
     and the support for the tools are in the 4.13+ kernels
   * No Test Suite shipped with the package
   * Does not rely on obsolete or demoted packages

5. UI standards:
   * This is a CLI tool. Tool has normal CLI style short help and man pages
   * No desktop file required as it is a CLI tool.

6. Binary Dependencies:
        libboost-dev                    (main)
        libboost-filesystem-dev         (main)
        libboost-program-options-dev    (main)
        udev                            (main)

7. Standards compliance:
   lintian clean and meets the FHS + Debian Policy standards to the best of my 
knowledge

8. Maintenance
   * Package owning team: The Ubuntu Kernel Team
   * Debian package maintained by Colin Ian King (myself from the Kernel Team)

9. Background Information
   The user-space components implement device approval support:

   a. Easier interaction with the kernel module for approving connected devices.
   b. ACL for auto-approving devices white-listed by the user.

   Tools provided by this package:

    tbtacl - triggered by udev (see the udev rules in tbtacl.rules). It
auto-approves devices that are found in ACL.

    tbtadm - user-facing CLI tool. It provides operations for device
approval, handling the ACL and more.

    The user-space components operate in coordination with the upstream
Thunderbolt kernel driver (found in v4.13) to provide the Thunderbolt
functionalities. These components are NOT compatible with the old out-
of-tree Thunderbolt kernel module.

= Security checks =

  http://cve.mitre.org/cve/cve.html: Search in the National Vulnerability 
Database using the package as a keyword
  * No CVEs found

  http://secunia.com/advisories/search/: search for the package as a keyword
  * No security advisories found

  Ubuntu CVE Tracker
    http://people.ubuntu.com/~ubuntu-security/cve/main.html
    * No
    http://people.ubuntu.com/~ubuntu-security/cve/universe.html
    * No
    http://people.ubuntu.com/~ubuntu-security/cve/partner.html
    * No

    Check for security relevant binaries. If any are present, this
    requires a more in-depth security review.

    Executables which have the suid or sgid bit set.
      * Not applicable

    Executables in /sbin, /usr/sbin.
      * None in these paths

    Packages which install daemons (/etc/init.d/*)
      * No

    Packages which open privileged ports (ports < 1024).
      * No

     Add-ons and plugins to security-sensitive software (filters,
     scanners, UI skins, etc)
      * This does exec tbtacl from udev with new udev rules, so this
        needs security checking

** Affects: linux (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748157

Title:
   [MIR] thunderbolt-tools

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748157/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to