- Few issues on github
- NO CVE history
- no pre or postinst scritps
- no systemd unit files
- no system dbus services
- no setuid files
- Some binaries:
/usr/bin/nfs-cp:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
/usr/bin/nfs-cat:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
/usr/bin/nfs-ls:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
- no sudo fragments on the code just in test/functions.sh line 11 and
15
- no udev rules
- It has dozens of tests, but I didn't see any of them be called during
build
- no cron jobs
- clean build log
- doesn't spawn other process. The only spawn happens in test files
(some .sh
scripts)
- Memory mgmt looked like OK (in a first review), but cppcheck shows
some mem leaks, in a previous analyzes show it can be treat as irrelevant. Further considerations are welcomed.
- [lib/nfs_v3.c:3106]: (error) Memory leak: cb_data
[lib/nfs_v3.c:3115]: (error) Memory leak: cb_data
[lib/nfs_v3.c:3473]: (error) Memory leak: cb_data
[lib/nfs_v3.c:3482]: (error) Memory leak: cb_data
- File IO: some reads/open files, what seems to be internally to the
lib and lot of them in examples file.
- logging looked fine
- no envars
- does not use encryption
- does not use webkit
- does not use javascript
Said that, I'm ok in that package be promoted to main. Please feel free to re-review this points I made.
I reviewed libnfs (3.0.0-1) from disco
- Build dependencies:
- debhelper, dh-autoreconf, libopt-dev
- Few issues on github bin/nfs- cat:
- NO CVE history
- no pre or postinst scritps
- no systemd unit files
- no system dbus services
- no setuid files
- Some binaries:
/usr/bin/nfs-cp:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
/usr/
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
/usr/bin/nfs-ls: v3.c:3106] : (error) Memory leak: cb_data nfs_v3. c:3115] : (error) Memory leak: cb_data nfs_v3. c:3473] : (error) Memory leak: cb_data nfs_v3. c:3482] : (error) Memory leak: cb_data
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
- no sudo fragments on the code just in test/functions.sh line 11 and
15
- no udev rules
- It has dozens of tests, but I didn't see any of them be called during
build
- no cron jobs
- clean build log
- doesn't spawn other process. The only spawn happens in test files
(some .sh
scripts)
- Memory mgmt looked like OK (in a first review), but cppcheck shows
some mem leaks, in a previous analyzes show it can be treat as irrelevant. Further considerations are welcomed.
- [lib/nfs_
[lib/
[lib/
[lib/
- File IO: some reads/open files, what seems to be internally to the
lib and lot of them in examples file.
- logging looked fine
- no envars
- does not use encryption
- does not use webkit
- does not use javascript
Said that, I'm ok in that package be promoted to main. Please feel free to re-review this points I made.