I reviewed malcontent 0.10.0-2 as checked into impish. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
malcontent provides a library and application to manage "parental"
restrictions for users. It allows to define restrictions on what
applications should be presented to the user to be able to be launched,
as well as what kinds of applications (as defined by their OARS rating)
are allowed to be installed by the user via gnome-software or similar.
Currently this is limited to flatpak application IDs so if this was
intended to support snaps Ubuntu would have to patch malcontent (as well
as potentially gnome-shell and gnome-software/snap-store etc) to support
snaps.
It does not perform any enforcement itself, instead it provides a means
for configuring the policy via a GUI and an library which would then be
used by gnome-shell / gnome-software etc and these applications would
then do the actual enforcement by filtering their results accordingly.
malcontent also includes a PAM plugin to check session time limits and
only allow a user to log in if they have not exceeded their allocated
time.
By design, malcontent states that it is not a security boundary as it's
restrictions can potentially be circumvented by simply using
applications to launch/install software that do not integrate with the
malcontent system. As such, installing or launching applications via the
command-line directly would appear to circumvent the malcontent
restrictions. As such I do not feel malcontent requires a full security
audit as part of the MIR process, however the following is provided as a
high-level summary nonetheless.
- No CVE History
- Interesting Build-Depends:
- policykit-1
- pre/post inst/rm scripts
- libpam-malcontent:
- postinst script registers the pam plugin
- prerm script removes the pam plugin
- malcontent
- postinst script restarts the accounts-daemon service
- postrm scripts restarts the accounts-daemon service
- No init scripts
- No systemd units
- No dbus services
- No setuid binaries
- binaries in PATH:
- malcontent:
- -rwxr-xr-x root/root 23077 2020-12-10 03:23
./usr/bin/malcontent-client
- malcontent-gui:
- -rwxr-xr-x root/root 63792 2021-02-10 00:41
./usr/bin/malcontent-control
- No sudo fragments
- polkit files
- malcontent:
-rw-r--r-- root/root 39834 2021-02-10 00:41
./usr/share/polkit-1/actions/com.endlessm.ParentalControls.policy
-rw-r--r-- root/root 1517 2021-02-10 00:41
./usr/share/polkit-1/rules.d/com.endlessm.ParentalControls.rules
-rw-r--r-- root/root 393 2021-02-10 00:41
./var/lib/polkit-1/localauthority/10-vendor.d/com.endlessm.ParentalControls.pkla
- configures policykit to ensure only admins can modify policies but allows
users to introspect their own restrictions.
- No udev rules
- No autopkgtests
- Unit tests run during the build
- No cron jobs
- Build logs are relatively clean
- Processes spawned
- GUI supports spawning gnome-control-center to show the user accounts
page - this looks safe from command-injection etc.
- Memory management
- Is written in C but uses glib/gobject APIs and appears quite defensive.
- No obvious File IO
- Logging is via glib macros and appears careful to avoid overflows /
string format vulns etc.
- No environment variable usage
- No use of privileged functions
- No use of cryptography / random number sources etc
- No use of temp files
- No use of networking
- No use of WebKit
- Uses PolicyKit to authorise changes to the various restrictions that can
be performed via libmalcontent but this is done solely via installing
policykit policies for the various actions
- No significant cppcheck results
- No significant Coverity results
Security team ACK for promoting malcontent to main.
** Tags added: security-review-done
** Changed in: malcontent (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Desktop Bugs, which is subscribed to malcontent in Ubuntu.
https://bugs.launchpad.net/bugs/1892456
Title:
[MIR] malcontent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/malcontent/+bug/1892456/+subscriptions
--
desktop-bugs mailing list
desktop-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/desktop-bugs
