MainInclusionReportLtspfs
Main Inclusion Report for ltspfs
Requirements
Availability: http://archive.ubuntu.com/ubuntu/pool/universe/l/ltspfs, available for all supported architectures
Rationale: Needed for LTSP localdevice support
Security:
No CVE entries.
No Secunia history.
- No binaries running as root or suid/sgid.
- Does open any port (client binary for ltspfsd).
- Source code review:
ltspfs.c: potential buffer overflow/arbitrary code execution with sprintf and popen (unchecked $DISPLAY), needs discussion about invocation and privilege boundaries
- UPDATE: this just got fixed
Quality assurance:
- Package works out of the box without configuration.
- Package does not ask any debconf questions higher than priority 'normal'.
- Not in debian yet (the ltsp people expressed interest to get it in though)
Active cvs only (see the text, upstream will move to LP once its in main).
No critical bugs in upstream bug tracker (upstream will move to LP)
- Does not deal with exotic hardware which we cannot support.
Standards compliance:
Meets the FHS, Debian Policy
- Standard debhelper packaging, no patch system, no libs.
Dependencies:
- All in main.
Reviewers
MartinPitt: approved
MainInclusionReportLtspfs (last edited 2008-08-06 16:22:39 by localhost)