I am posting this Security MIR on behalf of Sudhakar Verma (@sudhackar) since he is out of the office. --- I reviewed authd 0.2.1 as checked into noble. This shouldn't be considered a full audit but rather a quick gauge of maintainability. authd is a service that builds cloud based authentication and MFA from clouds such as Open ID connect or Microsoft Azure / Entra ID. This is also a framework that will help create authentication broker services. - CVE History - no CVE found - Build-Depends - pam related libraries - libpam0g-dev - language runtimes - golang-go - dh-cargo - jq - protobuf-compiler - pre/post inst/rm scripts - add/remove authd to /etc/nsswitch.conf - init scripts - No - systemd units - Creates 'authd.service' - which is expected since this is a service to manage the authentication with a daemon - dbus services - No - setuid binaries - No - binaries in PATH - /usr/sbin/authd - sudo fragments - No - polkit files - No - udev rules - No - unit tests / autopkgtests - unit tests and autopkgtests are there and working quite fine - cron jobs - No - Build logs - some warnings from tests and autopkgtests but nothing major - Processes spawned - gpasswd is spawned to manage user - groups associations. The path seems to be hardcoded - Memory management - code is mostly go - some glue for handling native libs in rust and C but no problems seen there. The tests cover the cases well. - File IO - the daemon relies on a database file, config files and files related to user accounts - like /etc/group. The config files could be based in user's home, /etc - nothing concerning. Seems safe. - Logging - logrus is used - under vendor. Seems safe. - Environment variable usage - Used to enable debugging, PAM specific glue, DBUS etc. Seems safe. - Use of privileged functions - No - Use of cryptography / random number sources etc - RNG - uses crypto/rand from stdlib which is a CSPRNG. Seems safe. - Cryptography - Uses RSA from crypto/rsa - PKCS #1 and RFC 8017 for PAM side encryption. Seems safe. - Hashing - Only uses sha512 from crypto/sha512. Seems safe. - Use of temp files - only while testing. Seems safe. - Use of networking - All networking is done through unix sockets within PAM. Seems safe. - Use of WebKit - No. - Use of PolicyKit - No. - Any significant cppcheck results - No - Any significant Coverity results - No - Any significant shellcheck results - No. authd only has scripts which are used during building. - Any significant bandit results - No - Any significant govulncheck results - No - Any significant Semgrep results - go.grpc.security.grpc-server-insecure-connection - The connection is through a unix socket, so it's only accessible locally and is within PAM, so we are protected by the pam stack as well. - go.lang.security.audit.dangerous-exec-command - The command is static - 'gpasswd' as defined in defaultOptions, so this is an FP. authd is a daemon that implements managing user authentication and related services like MFA. It can be used to integrate with different auth providers with our own brokers by exposing a dbus interface. It maintains a database at runtime locally to handle user accounts. It also exposes NSS and PAM services over grpc. What this basically means is - authd is a complex project that talks to various services and exposes a few of its own - its stateful and is a daemon. It also handles authentication - one of the key foundation to security of a system. However the project looks good in terms of maintainability. There re plenty of integration, unit and end to end tests. The project is well documented, and is well maintained. The history looks clean and the maintainers are easy to approach and talk to. Security team ACK for promoting authd to main.