Comment 39 for bug 2003259
Revision history for this message
| Rodrigo Figueiredo Zaiden (rodrigo-zaiden) wrote | #39 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
I reviewed cups-browsed 2.0~b4-0ubuntu2 as checked into lunar.
This shouldn't be considered a full audit but rather a quick gauge of
maintainability.
cups-browsed is a a helper daemon to browse the network for remote CUPS
queues and IPP network printers and automatically create local queues
pointing to them. It used to be a binary in cups-filters source and was
now split into a new source.
- CVE History:
- CVE history is applicable to cups-filter, and it is all good. The CVEs
that existed were fixed.
- Build-Depends?
- avahi, cups, dbus, glib2.0, openldap, pkgconf, poppler, zlib all in main
- libppd, also targeted in the same MIR bug.
- pre/post inst/rm scripts?
- preinst: runs dh_installdeb
- prerm: runs dh_installsystemd dh_installdeb
- postinst: runs dh_apparmor, dh_installdeb, dh_installsystemd and
accepts a configure param to setup /var/ directories and add
cups-browsed user.
- postrm: runs dh_apparmor dh_installdeb dh_installsystemd and accepts a
purge param to remove the previously setup /var/ directories and remove
the cups-browsed user.
- init scripts?
- NA
- systemd units?
- starts the daemon /usr/sbin/
- dbus services?
- NA
- setuid binaries?
- NA
- binaries in PATH?
- cups-browsed: ./usr/sbin/
- cups-browsed-tests: ./usr/bin/
- sudo fragments?
- NA
- polkit files?
- NA
- udev rules?
- NA
- unit tests / autopkgtests?
- Tests are defined in the script cups-browsed-
that seems to do a good job in creating the test setup. it gives the
chance to make different types of tests. This is the script that runs in
the autopkgtests.
- cron jobs?
- NA
- Build logs:
- build log is clean, there is an information about the tests being
executed in the autopkgtest and not during the build, due to the
need of avahi-daemon in the build chroot.
- Lintian throws the following Errors and Warnings.
E: cups-browsed: depends-
E: cups-browsed: maintainer-
W: cups-browsed: debian-
W: cups-browsed: maintainer-
W: cups-browsed: mismatched-override executable-
W: cups-browsed: non-standard-
W: cups-browsed: wrong-name-
W: cups-browsed-tests: no-manual-page [usr/bin/
W: cups-browsed-tests: script-
Some seems OK, like the warnings for 'cups-browsed-
others could be checked better.
- Processes spawned?
- No
- Memory management?
- malloc's and calloc's are being checked, strcpy and sprintf seems fine
- some coverity reports on memory management will be forwarded to upstream,
nothing concerning.
- File IO?
- All fine.
- Logging?
- All fine.
- Environment variable usage?
- OK, they are all used in a fixed sized variable, can't be abused
- Use of privileged functions?
- No
- Use of cryptography / random number sources etc?
- No
- Use of temp files?
- No
- Use of networking?
- uses http to connect to CUPS, seems fine.
- Use of WebKit?
- No
- Use of PolicyKit?
- NA
- Any significant cppcheck results?
- No
- Any significant Coverity results?
- Some worth checking, but they will be forwarded to upstream later.
Most already exist in the current cups-filters source.
- Any significant shellcheck results?
- No
- Any significant bandit results?
- NA
cups-browsed code is pretty similar with the already existing code for
cups-browsed binary that lives inside cups-filter source package.
This cups-browsed source package is part of the split for the version 2.x
in the OpenPrinting project.
Security team ACK for promoting cups-browsed to main.