I just wanted to complement the review with a few remarks. The recommendation I made about disabling the trace feature is more of a precaution than anything else. It is a feature I believe it is unnecessary to have in a production environment but I may be wrong. In the end, if disabling the feature turns out to be difficult for any reason I would not complain if we keep it as it is. The answer for the MIR would still be ACK.
The recommendation I made comes from the evaluation of a few context the library may be used in. A couple of examples: The first dangerous context that comes to my mind would be the case of a setuid binary linked against libva. If an unprivileged user were to specify a log file path, the library would happily obey. The consequences of this action largely depends on the content being written and the location chosen for the output file. As an example, imagine writing a file in /etc/cron.d. This would lead to privilege escalation if the written data were to contain a valid cron line. This scenario has been prevented by the usage of secure_getenv, introduced in version 2.20 of the library. Another possible context would be the following. Imagine a service that uses libva in the backend for processing images, videos and such. Imagine again the service provides "limited" configuration options in the form of environment variables to be passed to the backend. You may argue a service like this is badly designed and I definitely agree but I cannot exclude such a flawed system exists or will not exist in the future. I may not be able to currently provide any working exploit or any other plausible scenario but I prefer the safest assumption I am not being creative enough. In the end it is a library and as such it is difficult to predict the context it would be used in. Hence my the conclusion to disable the feature if it is not necessary. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2097800 Title: [MIR] libva To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libva/+bug/2097800/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
