I reviewed trust-store version 0.0.1+14.10.20140626.1-0ubuntu1 as checked
into Utopic. This isn't a complete security audit, rather a quick gauge of
code quality.
- trust-store provides a dbus interface for trusted helpers to store
access control decisions from a trusted prompting service.
- Build-deps on cmake, debhelper, doxygen, google-mock, gcovr,
graphviz, libboost-system-dev, libdbus-cpp-dev, libdbus-1-dev,
libgtest-dev, libprocess-cpp-dev, libsqlite3-dev, pkg-config,
- required gcovr from universe
- No cryptography
- No networking
- Sqlite3 and libdbus-cpp runtime dependencies
- Started via dbus, no daemonization code
- No pre,post inst,rm scripts
- No initscripts
- No setuid
- No sudo fragments
- No udev rules
- Good tests run at build time
- No cronjobs
- Reasonably clean build log, documentation and similar warnings
- Subprocesses spawning looked safe and careful (in a merge proposal)
- Memory management looked idiomatic C++
- The files that are written are using sqlite3 interfaces
- Directory creation used mode 0777; probably umask will convert this to
0755, but 0755 should be chosen explicitly. 0700 would hide 'allowed'
choices from other users on the system, but 'denied' choices may be
logged to system-visible locations making it feel useless to hide this
directory from other users. We should discuss this further.
- Logging functions looked safe
- Environment handling looked safe
- There are no privileged portions of code
- No cryptography
- No networking
- No temporary files
- No webkit
- Does not use qtjsbackend
- Uses QML
- Clean cppcheck
- No policykit
trust-store is high-quality, idiomatic C++ code; careful use of type-safe
tools are used throughout, errors are checked, and tests are good.
I have a few questions:
- data/system.conf had wide-open dbus config
I don't know if this is an issue or not -- I suspect it is fine, but I
wanted to make sure it was raised all the same
- handle_add_query() thread-unsafe
This may also be fine, but I felt it ought to be mentioned
- Directory() is created mode 0777
This should change to 0755; perhaps 0700.
Security team ACK for promoting to main once Directory() is changed to
0755 or tighter.
Thanks
** Changed in: trust-store (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1338587
Title:
[MIR] trust-store
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/trust-store/+bug/1338587/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
