MainInclusionReportNut
2861
Comment: some more details
|
3959
|
Deletions are marked like this. | Additions are marked like this. |
Line 15: | Line 15: |
* Any source code review performed ? (The approver will do a quick and shallow check.) | * High level source code review performed by JamieStrandboge * confirmed that upsd and the ups drivers drop privileges in default installation. They do so in a sane way * upsmon is privilege separated in default installation, with the parent reading a single character from the child via a pipe. privilege separation and dropping of privileges done in a sane way * [https://bugs.launchpad.net/ubuntu/+source/nut/+bug/182790 bug #182790] has information on further securing nut * since the nut tools run with minimal privileges, and has a good security history, there are no huge concerns. That said, a thorough audit for format string vulnerabilities might prove enlightening. The following functions all take a 'fmt' as an argument: upslog_with_errno(), upslogx(), upsdebug_with_errno(), upsdebugx(), vfatal(), fatal_with_errno(), fatalx(). Performing the following will show how many places to start to look to verify 'fmt' is not user-manipulable (there are a lot): {{{ for i in vupslog upslog_with_errno upslogx upsdebug_with_errno upsdebugx vfatal fatal_with_errno fatalx; do echo $i ; grep -r -c $i ./* | grep -v ':0' | grep '\.c:'; done }}} |
Line 43: | Line 50: |
JamieStrandboge |
Main Inclusion Report for sourcepackage
Requirements
Availability: [http://archive.ubuntu.com/ubuntu/pool/universe/n/nut]; available for all supported architectures.
Rationale:
Security:
[http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=nut CVE entries]: none
[http://secunia.com/search/?search=PRODUCT_NAME Secunia history]: none
- Any binaries running as root or suid/sgid ? Any daemons ?
Restricted to the bare minimum. There are 3 daemons (upsd: data server ; upsmon: events notification and actions ; drivers) and a set of utils. Only 1 upsmon instances (on 2) run as root for being able to shutdown the system. Note that [http://svn.debian.org/wsvn/nut/trunk/docs/ideas.txt?op=file&rev=0&sc=0 a solution exists to completely avoid root privileges] (search for "Completely unprivileged upsmon").
- Network activity: does it open any port ? Does it handle incoming network data ?
- Yes. it's a client/server based set of tools. The port (3493) is IANA and /etc/servoces registered.
High level source code review performed by JamieStrandboge
- confirmed that upsd and the ups drivers drop privileges in default installation. They do so in a sane way
- upsmon is privilege separated in default installation, with the parent reading a single character from the child via a pipe. privilege separation and dropping of privileges done in a sane way
[https://bugs.launchpad.net/ubuntu/+source/nut/+bug/182790 bug #182790] has information on further securing nut
since the nut tools run with minimal privileges, and has a good security history, there are no huge concerns. That said, a thorough audit for format string vulnerabilities might prove enlightening. The following functions all take a 'fmt' as an argument: upslog_with_errno(), upslogx(), upsdebug_with_errno(), upsdebugx(), vfatal(), fatal_with_errno(), fatalx(). Performing the following will show how many places to start to look to verify 'fmt' is not user-manipulable (there are a lot):
for i in vupslog upslog_with_errno upslogx upsdebug_with_errno upsdebugx vfatal fatal_with_errno fatalx; do echo $i ; grep -r -c $i ./* | grep -v ':0' | grep '\.c:'; done
Quality assurance:
- In what situations does the package not work out of the box without configuration ?
Requires manual configuration as the external hw is not always autodetectable. Upstream [https://alioth.debian.org/pm/task.php?group_project_id=42&group_id=30602&func=browse has planned improvements] on that side.
- Does the package ask any debconf questions higher than priority 'medium' ?
yes but only if upgrading from versions < 2.2.0 for the core package and < 2.0.1 for the nut-cgi package.
[http://bugs.debian.org/src:nut Debian bugs]: Several bugs at different severities.
[http://packages.qa.debian.org/n/nut.html Maintenance in Debian] is very calm
[http://random.networkupstools.org/ Upstream] is active
- Hardware: Does this package deal with hardware and if so how exotic is it ?
- Yes. It deals with external UPS'es. Not extremely exotic. And a must have feature for servers.
- In what situations does the package not work out of the box without configuration ?
Standards compliance:
[http://www.pathname.com/fhs/ FHS], [http://www.de.debian.org/doc/debian-policy/ Debian Policy].
- Package looks FHS compliant, lintian complains on a bunch of things and the nut-dev package doesn't provide shared libraries (only static, but it's planned upstream).
- Packaging system (debhelper/cdbs/dbs) ? Patch system ? Any packaging oddities ?
- dpatch (on some versions).
Dependencies:
- Are these all in main ?
- Build-deps and Depends are all in main.
- Are these all in main ?
Reviewers
MIR bug: [https://bugs.launchpad.net/182790]
The author of this report should put their name here; reviewers will add comments etc. too
MainInclusionReportNut (last edited 2008-08-06 16:28:51 by localhost)