I reviewed util-linux 2.41-4ubuntu3 as checked into questing. This
shouldn't be considered a full audit but rather a quick gauge of
maintainability. Given "All packages currently in Universe should
remain in Universe", the packages bin:lastlog2, bin:libpam-lastlog2
and bin:util-linux-extra has been excluded from the review.
util-linux is a suite of essential utilities for any Linux system. It
contains many basic utilities used for setting up partitions and basic
system infrastructure on a Linux system.
- CVE History
- util-linux had 22 CVEs over 20 years, the last being from 2024.
The issues has been addressed properly and on time by upstream. No
concerns here.
- Build-Depends
- debhelper-compat
- dh-exec
- dh-package-notes
- dh-sequence-installsysusers
- dh-sequence-zz-debputy-rrr
- asciidoctor
- bc
- bison
- flex
- gettext
- libaudit-dev
- libcap-ng-dev
- libcrypt-dev
- libcryptsetup-dev
- libncurses-dev
- libpam0g-dev
- libreadline-dev
- libselinux1-dev
- libsqlite3-dev
- libsystemd-dev
- libtool
- libudev-dev
- netbase
- pkgconf
- po-debconf
- po4a
- socat
- systemd
- systemd-dev
- zlib1g-dev
- pre/post inst/rm scripts
- everything seems sound
- init scripts
- uuid-runtime installs /etc/init.d/uuidd
- systemd units
- util-linux installs the `fstrim` service
- uuid-runtime installs the `uidd` service
- dbus services
- none
- setuid binaries
- login: `/usr/bin/newgrp`
- mount: `/usr/bin/mount` and `/usr/bin/umount`
- util-linux: `/usr/bin/su`
- binaries in PATH
- bsdextrautils
- /usr/bin/col
- /usr/bin/colcrt
- /usr/bin/colrm
- /usr/bin/column
- /usr/bin/hexdump
- /usr/bin/look
- /usr/bin/ul
- /usr/bin/hd
- bsdutils
- /usr/bin/logger
- /usr/bin/renice
- /usr/bin/script
- /usr/bin/scriptlive
- /usr/bin/scriptreplay
- /usr/bin/wall
- eject
- /usr/bin/eject
- fdisk
- /usr/sbin/cfdisk
- /usr/sbin/fdisk
- /usr/sbin/sfdisk
- login
- /usr/bin/login
- /usr/bin/newgrp
- /usr/sbin/nologin
- /usr/bin/sg
- mount
- /usr/bin/mount
- /usr/bin/umount
- /usr/sbin/losetup
- /usr/sbin/swapoff
- /usr/sbin/swapon
- rfkill
- /usr/sbin/rfkill
- util-linux
- /usr/bin/choom
- /usr/bin/chrt
- /usr/bin/dmesg
- /usr/bin/fallocate
- /usr/bin/findmnt
- /usr/bin/flock
- /usr/bin/getopt
- /usr/bin/hardlink
- /usr/bin/ionice
- /usr/bin/ipcmk
- /usr/bin/ipcrm
- /usr/bin/ipcs
- /usr/bin/lsblk
- /usr/bin/lscpu
- /usr/bin/lsipc
- /usr/bin/lslocks
- /usr/bin/lslogins
- /usr/bin/lsmem
- /usr/bin/lsns
- /usr/bin/mcookie
- /usr/bin/more
- /usr/bin/mountpoint
- /usr/bin/namei
- /usr/bin/nsenter
- /usr/bin/partx
- /usr/bin/prlimit
- /usr/bin/rename.ul
- /usr/bin/rev
- /usr/bin/setarch
- /usr/bin/setpriv
- /usr/bin/setsid
- /usr/bin/setterm
- /usr/bin/su
- /usr/bin/taskset
- /usr/bin/uclampset
- /usr/bin/unshare
- /usr/bin/wdctl
- /usr/bin/whereis
- /usr/sbin/agetty
- /usr/sbin/blkdiscard
- /usr/sbin/blkid
- /usr/sbin/blkzone
- /usr/sbin/blockdev
- /usr/sbin/chcpu
- /usr/sbin/chmem
- /usr/sbin/findfs
- /usr/sbin/fsck
- /usr/sbin/fsfreeze
- /usr/sbin/fstrim
- /usr/sbin/isosize
- /usr/sbin/ldattach
- /usr/sbin/mkfs
- /usr/sbin/mkswap
- /usr/sbin/pivot_root
- /usr/sbin/readprofile
- /usr/sbin/rtcwake
- /usr/sbin/runuser
- /usr/sbin/sulogin
- /usr/sbin/swaplabel
- /usr/sbin/switch_root
- /usr/sbin/wipefs
- /usr/sbin/zramctl
- /usr/bin/i386
- /usr/bin/linux32
- /usr/bin/linux64
- /usr/bin/x86_64
- /usr/sbin/getty
- uuid-runtime
- /usr/bin/uuidgen
- /usr/bin/uuidparse
- /usr/sbin/uuidd
- sudo fragments
- None
- polkit files
- None
- udev rules
- None
- unit tests / autopkgtests
- util-linux does have unit tests and the build fails if those tests fail.
- the source package does have autopkgtests.
- cron jobs
- None
- Build logs
- Nothing to be reported
- Processes spawned
- A lot of binaries do spawn subprocesses to provide the features
they are supposed to.
- Here is a non-exaustive list of those:
- login
- sulogin
- script
- newgrp
- getty
- agetty
- su
- vipw
- eject
- fsck
- mkfs
- Memory management
- heavy use of memory related functions.
- some binaries use sprintf after allocating enough buffer space.
- most binaries make use of a set of wrapper functions for handling
string allocation.
- an exhaustive check of all the code is impractical. I limited the
manual code analysis to the most critical components and the most
suspicious findings. Everything seems to be done properly.
- File IO
- looks ok.
- Logging
- Looks ok. Format functions seem to be used properly. Destination
buffers are checked for overflow.
- Environment variable usage
- the package makes use of a lot of env variables. Some variable
like `HOME`, `USER`, `SHELL`, `LOGNAME`, etc, are set by utils
like `su`, `login` and `setpriv`. Some others, including the
already mentioned ones are read. Among those, the sensitive ones
like `CREDENTIALS_DIRECTORY` are accessed via the wrapper
`safe_getenv()` which uses `secure_getenv()`.
- Use of privileged functions
- heavy use of privileged functions from tools like `newgrp`,
`login`, `agetty`, `su`, `nsenter`, `setpriv`, etc. Their use is
expected and the code is written reasonably well.
- Use of cryptography / random number sources etc
- None
- Use of temp files
- None
- Use of networking
- uuidd: listens to unix socket
- agetty: listens to NETLINK socket for "reload" messages.
- Use of WebKit
- None
- Use of PolicyKit
- None
- Any significant cppcheck results
- false positives. most of them due to macros unknown to cppcheck.
- Any significant Coverity results
- Coverity reported more than 1800 findings. Most of them (~1600)
are Low severity findings due to the analyzer not being able to
model some structures.
- the vast majority of the Coverity results are false positives.
- Among the High severity findings, some are plain false positives
(Bad Free, Uninitialized pointer read), some (Resource Leak) are
not really issues (one shot cli programs, memory gets freed at
termination), others (Integer Overflows) do depend on data whose
tampering would already mean the system has already been
compromised.
- Among the Medium severity findings we are in front of a similar
scenario as for the High severity ones. Some are plain false
positives, other findings are related to test files or sample
code.
- Any significant shellcheck results
- only in tests
- Any significant Semgrep results
- suggests the usage of `strtok_r()` in place of `strtok()`. This is
safe to ignore, since the tools do not make use of concurrency.
Overall, the code seems to be readable and well written. On the
maintainability part, packaging is complex but the package is very
important for Debian too, for this reason we do not have any concern.
Security team ACK.
** Changed in: util-linux (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2113961
Title:
[MIR] util-linux
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/2113961/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
