I reviewed libmd 1.0.3-3build1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libmd is a small library of message digest aka hash functions.
- No CVE history.
- No non-essential build-depends.
- No pre/post inst/rm scripts, only a trigger to run ldconfig due to it
being a shared library.
- No init scripts.
- No systemd units.
- No dbus services?
- No setuid binaries.
- No binaries in PATH.
- No sudo fragments.
- No polkit files.
- No udev rules.
- There are simple unit tests for each of the hashing algorithms that
are run as part of the build. One limitation of the tests is that all
the testcases hash trivially small amounts of data, so multiple
block computations are not exercised, as well as none of the
file hashing interfaces. Upstream has added gitlab ci integration
support after the 1.0.3 release.
- No cron jobs.
- Build logs are clean, with the exception that the
unit test compilations throw a bunch of signedness
mismatch warnings (const char * versus const unsigned
char *). These look to have been fixed upstream in https://git.hadrons.org/cgit/libmd.git/commit/?id=e50a6db8ec1425e8354ece5ce45ac6cb2d2dcb3b
- No processes spawned.
- Memory management is par for the course for crypto/hashing
algorithms. Return values for malloc() are checked, but lots of
memory operations relying on correctness of computed sizes.
- The only File IO is opening file or file chunks in read-only mode to
compute the message digest of its contents. Paths are assumed to have
been sanitized by the calling application. No interpretation of the
contents is performed.
- No logging appears to be performed.
- No environment variable usage present.
- No use of privileged functions.
- No use of outside cryptography / random number sources etc. As a
hashing library it implements several algorithms itself.
- No use of temp files.
- No use of networking.
- No use of WebKit.
- No use of PolicyKit.
- No cppcheck or Coverity issues found.
There is a bunch of duplicated code in the helper functions around file
handling that only differs in the specific message digest algorithm
used. This means that bugs/flaws in that portion of the code will need
to be applied to all, rather than just once in an abstracted set of
functions.
I reviewed libmd 1.0.3-3build1 as checked into hirsute. This shouldn't be
considered a full audit but rather a quick gauge of maintainability.
libmd is a small library of message digest aka hash functions.
- No CVE history. /git.hadrons. org/cgit/ libmd.git/ commit/ ?id=e50a6db8ec1 425e8354ece5ce4 5ac6cb2d2dcb3b
- No non-essential build-depends.
- No pre/post inst/rm scripts, only a trigger to run ldconfig due to it
being a shared library.
- No init scripts.
- No systemd units.
- No dbus services?
- No setuid binaries.
- No binaries in PATH.
- No sudo fragments.
- No polkit files.
- No udev rules.
- There are simple unit tests for each of the hashing algorithms that
are run as part of the build. One limitation of the tests is that all
the testcases hash trivially small amounts of data, so multiple
block computations are not exercised, as well as none of the
file hashing interfaces. Upstream has added gitlab ci integration
support after the 1.0.3 release.
- No cron jobs.
- Build logs are clean, with the exception that the
unit test compilations throw a bunch of signedness
mismatch warnings (const char * versus const unsigned
char *). These look to have been fixed upstream in
https:/
- No processes spawned.
- Memory management is par for the course for crypto/hashing
algorithms. Return values for malloc() are checked, but lots of
memory operations relying on correctness of computed sizes.
- The only File IO is opening file or file chunks in read-only mode to
compute the message digest of its contents. Paths are assumed to have
been sanitized by the calling application. No interpretation of the
contents is performed.
- No logging appears to be performed.
- No environment variable usage present.
- No use of privileged functions.
- No use of outside cryptography / random number sources etc. As a
hashing library it implements several algorithms itself.
- No use of temp files.
- No use of networking.
- No use of WebKit.
- No use of PolicyKit.
- No cppcheck or Coverity issues found.
There is a bunch of duplicated code in the helper functions around file
handling that only differs in the specific message digest algorithm
used. This means that bugs/flaws in that portion of the code will need
to be applied to all, rather than just once in an abstracted set of
functions.
Security team ACK for promoting libmd to main.