Ubuntu
gce-compute-image-packages package

[MIR] gce-compute-image-packages

Bug #1763830 reported by Brian Murray
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
gce-compute-image-packages (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

[Availability]
gce-compute-image-packages is in universe and only depends on packages provided in main or by the sourcepackage itself. It has been in the archive since Yakkety. The package builds for all architectures.

[Rationale]
This package is included on the GCE images and the Ubuntu Foundations team has been supporting it as such. We'd like to get it included in main as that's the right thing to do.

[Security]

[Quality assurance]
There are currently 0 open bug reports (excluding this one) about the package and the Ubuntu Foundations team (foundations-bugs) is subscribed to bugs about the package.

[Dependencies]
All binary dependencies are from main or come from the source package itself.

[Standards compliance]

[Maintenance]
The Ubuntu Foundations team will continue to maintain the package as they have been doing.

[Background information]

Description: GCE's compute-image-packages for use in their guest environment
 This is a collection of scripts that are used on Google Compute Engine images to ensure compatibility with the cloud, as well as to enable features specific to the cloud.

Francis Ginther (fginther)
tags: added: id-5a31ec0d08b4b35aa702a41b
Revision history for this message
Seth Arnold (seth-arnold) wrote :

https://github.com/GoogleCloudPlatform/compute-image-packages/issues/620
https://github.com/GoogleCloudPlatform/compute-image-packages/issues/621

Revision history for this message
Seth Arnold (seth-arnold) wrote :

I reviewed gce-compute-image-packages version 20180129+dfsg1-0ubuntu3 as
checked into bionic. This is not a full security audit but rather a quick
gauge of maintainability.

I didn't see any CVEs in our database.

- gce-compute-image-packages provides utilities and integration useful on
  Google's cloud hosting platform, including new account creation,
  centralized account management, granting blanket sudo rules, ssh keys,
  and a variety of other configuration tools.

- Build-Depends: cmake, debhelper, dh-python, dh-systemd,
  libcurl4-openssl-dev, libgtest-dev, libjson-c-dev, libpam-dev,
  python-all, python-setuptools, python3-all, python3-setuptools,
  python-pytest, python3-pytest, python-mock, python-boto, python3-boto

- Several daemons started via systemd, do not themselves daemonize

- pre/post inst/rm scripts are automatically generated code, except for a
  piece that will stop services before removing them

- No initscripts; systemd unit files to start:
  - accounts daemon
  - clock skew daemon
  - instance setup
  - ip forwarding daemon
  - network setup
  - shutdown scripts
  - startup scripts
- No dbus services
- No setuid
- Adds several binaries to PATH:
  - google_accounts_daemon
  - google_clock_skew_daemon
  - google_instance_setup
  - google_ip_forwarding_daemon
  - google_metadata_script_runner
  - google_network_setup
  - optimize_local_ssd
  - set_multiqueue
  - google_authorized_keys
  - google_oslogin_control
- No sudo fragments in the static packaging -- adds new sudo entries at
  runtime, however
- udev rules to add some device nodes, permissions, set storage parameters
- Small-ish test suite run during the build, this is a hard thing to test
  in isolation but hopefully this is helpful

- Some subprocesses are spawned, via string-based execution tools;
  sometimes with only the authentication server's checks for username
  validity to ensure shell metachars aren't included in inputs. Ideally
  these would perform checks for shell metachars directly.

- memory management looked careful
- Files are written to -- including sudoers files -- and if the umask of
  the process isn't correct, it might allow a race condition for local
  attacks.
- No environment variable use
- Privileged functions looked careful, with exception of writing sudoers
  files
- No cryptography
- No privileged portions of code
- No temporary files
- Does not use WebKit
- Does not use PolicyKit
- Clean cppcheck

- pam_sm_acct_mgmt() functions rely upon the correct behaviour of a remote
  web service to prevent local security problems with usernames that
  include e.g. ../../.. substrings.

- pam_sm_acct_mgmt() in pam_oslogin_admin.cc creates a sudoers file before
  setting appropriate permissions; if C++ doesn't have a mechanism to
  expose open(2)'s modes, then it would be best to set the umask() to
  something restrictive before this open() call.

- Is /lib/libnss_google-compute-engine-oslogin-1.1.4.so the right path for
  libraries?

Security team ACK for promoting gce-compute-image-packages to main.

Thanks

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

MIR approved.

Please make sure to move the packaging source to someplace other than ~rbalint's own tree; it probably should be modifiable by others.

Changed in gce-compute-image-packages (Ubuntu):
status: New → Fix Committed
Revision history for this message
Balint Reczey (rbalint) wrote :

@seth-arnold Thank you for the review. Multiarching the package is in debian/TODO, but I could not find time for that yet and the package is used mostly on amd64.

@cyphermox Thanks, I moved the repository to https://code.launchpad.net/~ubuntu-core-dev/+git/gce-compute-image-packages with updating d/control which will be in the next update.

Revision history for this message
Matthias Klose (doko) wrote :

Override component to main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic: universe/admin -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic amd64: universe/admin/extra/100% -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic arm64: universe/admin/extra/100% -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic armhf: universe/admin/extra/100% -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic i386: universe/admin/extra/100% -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic ppc64el: universe/admin/extra/100% -> main
gce-compute-image-packages 20180510+dfsg1-0ubuntu5 in cosmic s390x: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic amd64: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic arm64: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic armhf: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic i386: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic ppc64el: universe/admin/extra/100% -> main
google-compute-engine-oslogin 20180510+dfsg1-0ubuntu5 in cosmic s390x: universe/admin/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic amd64: universe/python/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic arm64: universe/python/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic armhf: universe/python/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic i386: universe/python/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic ppc64el: universe/python/extra/100% -> main
python-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic s390x: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic amd64: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic arm64: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic armhf: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic i386: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic ppc64el: universe/python/extra/100% -> main
python3-google-compute-engine 20180510+dfsg1-0ubuntu5 in cosmic s390x: universe/python/extra/100% -> main
25 publications overridden.

Changed in gce-compute-image-packages (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.