Ubuntu
trust-store package

[MIR] trust-store

Bug #1338587 reported by Thomas Voß
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gcovr (Ubuntu)
Won't Fix
Undecided
Unassigned
qtquick1-opensource-src (Ubuntu)
Won't Fix
Undecided
Unassigned
trust-store (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

The trust-store is one of the fundamental building blocks of Ubuntu's security and privacy model. For that, it is required in main, ready for consumption by system-services and system configuration tools.

I carefully checked the MIR requirements in preparation for filing this bug.

Related branches

lp:~thomas-voss/trust-store/fix-mir-comments
Seth Arnold (community): Approve
PS Jenkins bot: Approve (continuous-integration)
Ubuntu Phablet Team: Pending requested
Diff: 135 lines (+3/-80)
5 files modified
data/session.conf (+0/-42)
data/system.conf (+0/-23)
src/core/trust/impl/sqlite3/store.cpp (+3/-1)
tests/CMakeLists.txt (+0/-4)
tests/remote_trust_store_test.cpp (+0/-10)
lp:ubuntu/utopic-proposed/trust-store
Revision history for this message
Michael Terry (mterry) wrote :

Does anything in main actually need this yet?

affects: trust-store → trust-store (Ubuntu)
Changed in trust-store (Ubuntu):
status: New → Incomplete
Revision history for this message
Thomas Voß (thomas-voss) wrote :

Not yet, the location service will be its first consumer.

Revision history for this message
Michael Terry (mterry) wrote :

Packaging itself looks fine. Runs its tests, has a symbols file, etc. Two things:
1) Needs a team bug subscriber for whichever team will look after this in Ubuntu
2) Based on the subject matter, I'd like a quick look from the security team

Changed in trust-store (Ubuntu):
assignee: nobody → Ubuntu Security Team (ubuntu-security)
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Seth will be auditing this. Assigning.

Changed in trust-store (Ubuntu):
assignee: Ubuntu Security Team (ubuntu-security) → Seth Arnold (seth-arnold)
Revision history for this message
Seth Arnold (seth-arnold) wrote :

I reviewed trust-store version 0.0.1+14.10.20140626.1-0ubuntu1 as checked
into Utopic. This isn't a complete security audit, rather a quick gauge of
code quality.

- trust-store provides a dbus interface for trusted helpers to store
  access control decisions from a trusted prompting service.
- Build-deps on cmake, debhelper, doxygen, google-mock, gcovr,
  graphviz, libboost-system-dev, libdbus-cpp-dev, libdbus-1-dev,
  libgtest-dev, libprocess-cpp-dev, libsqlite3-dev, pkg-config,
- required gcovr from universe
- No cryptography
- No networking
- Sqlite3 and libdbus-cpp runtime dependencies
- Started via dbus, no daemonization code
- No pre,post inst,rm scripts
- No initscripts
- No setuid
- No sudo fragments
- No udev rules
- Good tests run at build time
- No cronjobs
- Reasonably clean build log, documentation and similar warnings
- Subprocesses spawning looked safe and careful (in a merge proposal)
- Memory management looked idiomatic C++
- The files that are written are using sqlite3 interfaces
- Directory creation used mode 0777; probably umask will convert this to
  0755, but 0755 should be chosen explicitly. 0700 would hide 'allowed'
  choices from other users on the system, but 'denied' choices may be
  logged to system-visible locations making it feel useless to hide this
  directory from other users. We should discuss this further.
- Logging functions looked safe
- Environment handling looked safe
- There are no privileged portions of code
- No cryptography
- No networking
- No temporary files
- No webkit
- Does not use qtjsbackend
- Uses QML
- Clean cppcheck
- No policykit

trust-store is high-quality, idiomatic C++ code; careful use of type-safe
tools are used throughout, errors are checked, and tests are good.

I have a few questions:

- data/system.conf had wide-open dbus config
  I don't know if this is an issue or not -- I suspect it is fine, but I
  wanted to make sure it was raised all the same
- handle_add_query() thread-unsafe
  This may also be fine, but I felt it ought to be mentioned
- Directory() is created mode 0777
  This should change to 0755; perhaps 0700.

Security team ACK for promoting to main once Directory() is changed to
0755 or tighter.

Thanks

Changed in trust-store (Ubuntu):
assignee: Seth Arnold (seth-arnold) → nobody
Revision history for this message
Thomas Voß (thomas-voss) wrote :

Thanks for the review. Please see my comments inline.

- data/system.conf had wide-open dbus config
  I don't know if this is an issue or not -- I suspect it is fine, but I
  wanted to make sure it was raised all the same

The file was used in testing before dbus-cpp offered a complete testing solution including sane fixtures for setting up bus instances for testing purposes. Removed both configuration files.

- handle_add_query() thread-unsafe
  This may also be fine, but I felt it ought to be mentioned

Good catch, but not an issue right now as the underlying reactor is executed on a single thread and requests are handled in a serial manner.

- Directory() is created mode 0777
  This should change to 0755; perhaps 0700.

Fixed.

Revision history for this message
Michael Terry (mterry) wrote :

Note that we still need a team bug subscriber for this package to Ubuntu bugs.

Revision history for this message
Thomas Voß (thomas-voss) wrote :

Subscribed ubuntu-phablet-team under trust-store-bugs.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package trust-store - 0.0.1+14.10.20140717.1-0ubuntu1

---------------
trust-store (0.0.1+14.10.20140717.1-0ubuntu1) utopic; urgency=low

  [ thomas-voss ]
  * Remove obsolete data/session.conf and data/system.conf files. Adjust
    directory creation default mode to 0755. (LP: #1338587)

  [ Ubuntu daily release ]
  * New rebuild forced
 -- Ubuntu daily release <email address hidden> Thu, 17 Jul 2014 08:52:11 +0000

Changed in trust-store (Ubuntu):
status: Incomplete → Fix Released
Revision history for this message
Michael Terry (mterry) wrote :

Approved, thanks!

Changed in trust-store (Ubuntu):
status: Fix Released → Fix Committed
Revision history for this message
Matthias Klose (doko) wrote :

qtquick1-opensource-src and gcovr are build dependencies of truststore

Changed in qtquick1-opensource-src (Ubuntu):
status: New → Incomplete
Changed in gcovr (Ubuntu):
status: New → Incomplete
Revision history for this message
Matthias Klose (doko) wrote :

additional build dependencies were removed

Changed in gcovr (Ubuntu):
status: Incomplete → Won't Fix
Changed in qtquick1-opensource-src (Ubuntu):
status: Incomplete → Won't Fix
Revision history for this message
Matthias Klose (doko) wrote :
Download full text (3.2 KiB)

Override component to main
trust-store 1.0.0+14.10.20140807-0ubuntu1 in utopic: universe/libs -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic amd64: universe/libdevel/optional/100% -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic arm64: universe/libdevel/optional/100% -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic armhf: universe/libdevel/optional/100% -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic i386: universe/libdevel/optional/100% -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic powerpc: universe/libdevel/optional/100% -> main
libtrust-store-dev 1.0.0+14.10.20140807-0ubuntu1 in utopic ppc64el: universe/libdevel/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic amd64: universe/doc/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic arm64: universe/doc/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic armhf: universe/doc/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic i386: universe/doc/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic powerpc: universe/doc/optional/100% -> main
libtrust-store-doc 1.0.0+14.10.20140807-0ubuntu1 in utopic ppc64el: universe/doc/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic amd64: universe/libs/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic arm64: universe/libs/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic armhf: universe/libs/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic i386: universe/libs/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic powerpc: universe/libs/optional/100% -> main
libtrust-store1 1.0.0+14.10.20140807-0ubuntu1 in utopic ppc64el: universe/libs/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic amd64: universe/devel/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic arm64: universe/devel/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic armhf: universe/devel/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic i386: universe/devel/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic powerpc: universe/devel/optional/100% -> main
trust-store-bin 1.0.0+14.10.20140807-0ubuntu1 in utopic ppc64el: universe/devel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic amd64: universe/libdevel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic arm64: universe/libdevel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic armhf: universe/libdevel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic i386: universe/libdevel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic powerpc: universe/libdevel/optional/100% -> main
trust-store-tests 1.0.0+14.10.20140807-0ubuntu1 in utopic ppc64el: universe/libdevel/optional...

Read more...

Changed in trust-store (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Michael Terry (mterry) wrote :

I took a quick look at gcovr -- looks good. We're now in sync with Debian and the packaging is fine. Just a build-time tool anyway. It has plenty of tests, and the Debian maintainer is aware that they should be turned on, but they rely on a python module that isnt packaged yet. So we'll not worry about that.

The only blocker is that it needs a team bug subscriber for whomever will look after gcovr in Ubuntu.

Changed in gcovr (Ubuntu):
status: Won't Fix → Incomplete
Revision history for this message
Michael Terry (mterry) wrote :

Oh hah, OK :)

Changed in gcovr (Ubuntu):
status: Incomplete → Won't Fix
Revision history for this message
Tiago Stürmer Daitx (tdaitx) wrote :

pulseaudio 1:6.0-0ubuntu11 (in main) now depends on trust-store as well for its new pulseaudio-module-trust-store package.

Is it ok to continue the MIR here or should I open a new one?

Revision history for this message
Seth Arnold (seth-arnold) wrote :

Tiago, comment #13 looks like trust-store was already moved to main: https://bugs.launchpad.net/ubuntu/+source/trust-store/+bug/1338587/comments/13

There is something funny going on though, the usual tool the security team uses to determine if a package is in main or universe is reporting that trust-store is in universe for vivid:

$ umt search trust-store
Running search command.

Ubuntu packages:

vivid: 1.1.0+15.04.20150213-0ubuntu1, Pocket: release, Component: universe
vivid/stable-phone-overlay: 1.1.0+15.04.20150820-0ubuntu1, Pocket: release, Component: main
wily: 2.0.0+15.10.20150831.3-0ubuntu1, Pocket: release, Component: main

Why does vivid report universe when trust-store was migrated to main in utopic?

Thanks

Revision history for this message
Sebastien Bacher (seb128) wrote :

The component was demoted in previous cycles and needs to be promoted back, there is no action needed on the bug but changing to fix-commited to help with the component mismatch summary of the situation

Changed in trust-store (Ubuntu):
status: Fix Released → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :
Download full text (3.7 KiB)

Override component to main
trust-store 2.0.0+16.04.20160119-0ubuntu5 in yakkety: universe/libs -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety amd64: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety arm64: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety armhf: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety i386: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety powerpc: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety ppc64el: universe/libdevel/optional/100% -> main
libtrust-store-dev 2.0.0+16.04.20160119-0ubuntu5 in yakkety s390x: universe/libdevel/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety amd64: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety arm64: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety armhf: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety i386: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety powerpc: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety ppc64el: universe/doc/optional/100% -> main
libtrust-store-doc 2.0.0+16.04.20160119-0ubuntu5 in yakkety s390x: universe/doc/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety amd64: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety arm64: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety armhf: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety i386: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety powerpc: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety ppc64el: universe/libs/optional/100% -> main
libtrust-store2 2.0.0+16.04.20160119-0ubuntu5 in yakkety s390x: universe/libs/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety amd64: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety arm64: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety armhf: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety i386: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety powerpc: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety ppc64el: universe/devel/optional/100% -> main
trust-store-bin 2.0.0+16.04.20160119-0ubuntu5 in yakkety s390x: universe/devel/optional/100% -> main
trust-store-tests 2.0.0+16.04.20160119-0ubuntu5 in yakkety amd64: universe/libdevel/optional/100% -> main
trust-store-tests 2.0.0+16.04.20160119-0ubuntu5 in yakkety arm64: universe/lib...

Read more...

Changed in trust-store (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.