I reviewed adcli 0.9.0-1 as checked into groovy. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
adcli is a command-line utility to join computers to Active Directory
domains, integrating with kerberos as well.
- CVE History:
- No CVE history
- Build-Depends
- libsasl2-dev, libkrb5-dev, libldap2-dev
- No pre/post inst/rm scripts
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH
- /usr/sbin/adcli
- No sudo fragments
- No polkit files
- No udev rules
- No cron jobs
- Library unit tests are run during the build - these test both data
structure implementations as well as utility functions like calling out
to external programs, and more featured tests like kerberos
authentication etc.
- No autopkgtests
- Build logs are pretty clean - only thing of note is that during linking
of adcli itself (and some of the unit tests) the following is emitted:
/usr/bin/ld: warning: libkrb5.so.26, needed by /usr/lib/x86_64-linux-
gnu/libgssapi.so.3, may conflict with libkrb5.so.3
- Spawns an external process to call out to samba to get samba data - but
this needs to be specified as a command-line argument so cannot be used
to cross a security boundary.
- Involves a large amount of dynamic memory management via malloc() /
calloc() / asprintf() etc - this appears to be quite defensive and
appropriately checks bounds and errors etc.
- File IO is used when setting up a temporary kerberos configuration - file
paths are generated sanely and using mkdtemp(). umask is used to restrict
access to only the owner as well.
- Logging is done via warnx() etc - no obvious instances of format string
vulnerabilities or similar.
- Environment variables used:
- KRB5_CONFIG - used to specify an existing kerberos configuration when
generating a local temporary kerberos configuration
- TMPDIR - used to determine where to locate the temporary kerberos
configuration
- ADCLI_STRICT - used to abort() early during failures of precondition
checks - this is not set by default but is used during
development.
- No use of privileged functions
- Uses kerberos for cryptography / random numbers etc
- Uses of temp files via TMPDIR and mkdtemp() to ensure names are not
predictable etc.
- No direct use of networking - is done via libkrb / libldap2 etc
- No use of WebKit
- No use of PolicyKit
- No significant cppcheck results
- 3 issues found but all in the unit tests
- No significant Coverity results
- There are a few minor memory leaks but for a cli util which is not
long-lived this is neglibigle. There are a few use-after-free issues
but these are all in the unit tests and would occur only during test
failure so again no need to worry about.
adcli appears well written and contains no glaring issues from a security
perspective. The maintenance history is perhaps a bit concerning but
assuming upstream are responsive to any possible security issues this
should be ok.
Security team ACK for promoting adcli to main.
** Changed in: adcli (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
** Tags added: security-review-done
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1868159
Title:
[MIR] adcli
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/adcli/+bug/1868159/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
