I reviewed ndctl as checked into focal. This shouldn't be considered a full audit but rather a quick gauge of maintainability.
ndctl is comprised of utilities and libraries for managing the libnvdimm (non-volatile memory device) sub-system in the Linux kernel
- No CVEs readily found.
Gleaned the git repository, https://github.com/pmem/ndctl. Appears to be actively maintained.
Security-wise, noted fixes for a memory leak and non-null terminated strings.
- Build-Depends: debhelper-compat (= 12), pkg-config, libkmod-dev, libudev-dev, uuid-dev,
libjson-c-dev, bash-completion, systemd, libkeyutils-dev, asciidoctor
- No pre/post inst/rm scripts.
- There is an init script, debian/ndctl.init that is is installed as /etc/init.d/ndctl-monitor.
All actions are circumvented to systemctl.
- There is a systemd unit file, ndctl-monitor.service, for the ndctl monitor daemon. The daemon
catches smart events notify from firmware and outputs the notifications (in json format) to a
logfile.
- No dbus services.
- No setuid binaries.
- 2 binaries, ndctl and daxctl in /usr/bin
- No sudo fragments.
- No udev rules.
- There are unit-tests and autopkgtests. The unit tests were skipped. There has been considerable
discussion in this bugreport about providing regression testing.
- No cron jobs.
- Build reported following...
- configure: WARNING: unrecognized options: --disable-maintainer-mode
- quite a few alignment warnings for "address-of-packed-member",
i.e.,
nfit.c: In function ‘ndctl_bus_cmd_new_translate_spa’:
nfit.c:65:25: warning: taking address of packed member of ‘struct nd_cmd_translate_spa’ may result in an unaligned pointer value [-Waddress-of-packed-member]
65 | cmd->firmware_status = &translate_spa->status;
| ^~~~~~~~~~~~~~~~~~~~~~
- following dpkg warnings
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/daxctl/usr/bin/daxctl was not linked against libndctl.so.6 (it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/daxctl/usr/bin/daxctl was not linked against libuuid.so.1 (it uses none of the library's symbols)
- execlp() called without an absolute path to bring up help pages. A call to "kfmclient" and
once to call "man".
- Inspecting a random sampling of memory mgmt routines, the memory allocation looked good;
memcpy() ok; none of the sprintf() nor asprintf() checked return value.
- File IO looked ok.
- Logging looked ok. We do not --enable-debug so limited debugging available.
-daxctl_set_log_fn allows user to write custom function to override default!
-There are several environment vars. Could not readily find documentation on any of them.
- log_env overrides log priority set in config file but uses secure_logenv so probably ok.
- code does getenv("MANPATH"); then calls setenv("MANPATH") with gotten value. Seems bad idea.
- ioctls looked ok.
- Cryptography: looks ok.
ndctl-setup|update|remove-passphrase uses the kernel keyring to enable
a security passphrase for NVDIMM(s).
binary blobs of the encrypted masterkey and NVDIMM passphrase(s) are
stored in /etc/ndctl/keys directory and loaded into memory and
compared (in a way validated) with kernel keyring with ndctl command.
- a single testcase uses hard-coded tmp file but this testcase is skipped.
- No WebKit.
- No PolicyKit.
- There were some cppcheck results, upon closer examination they seem ok.
[ndctl/check.c:1150]: (error) Signed integer overflow for expression '(549755813888)-4096'.
[ndctl/dimm.c:1216]: (error) Memory leak: actx.f_out
[util/json.c:871]: (error) Uninitialized variable: raw_uuid
[ndctl/lib/libndctl.c:5577]: (error) Uninitialized variable: uuid
[ndctl/lib/libndctl.c:5578]: (error) Uninitialized variable: uuid
- Quite a few scripts in test directory reported following warning,
"Double quote to prevent globbing and word splitting"
I reviewed ndctl as checked into focal. This shouldn't be considered a full audit but rather a quick gauge of maintainability.
ndctl is comprised of utilities and libraries for managing the libnvdimm (non-volatile memory device) sub-system in the Linux kernel
- No CVEs readily found. /github. com/pmem/ ndctl. Appears to be actively maintained. d/ndctl- monitor. service, for the ndctl monitor daemon. The daemon maintainer- mode of-packed- member" , bus_cmd_ new_translate_ spa’: translate_ spa’ may result in an unaligned pointer value [-Waddress- of-packed- member] status = &translate_ spa->status; ~~~~~~~ ~~~~~~~ ~
Gleaned the git repository, https:/
Security-wise, noted fixes for a memory leak and non-null terminated strings.
- Build-Depends: debhelper-compat (= 12), pkg-config, libkmod-dev, libudev-dev, uuid-dev,
libjson-c-dev, bash-completion, systemd, libkeyutils-dev, asciidoctor
- No pre/post inst/rm scripts.
- There is an init script, debian/ndctl.init that is is installed as /etc/init.
All actions are circumvented to systemctl.
- There is a systemd unit file, ndctl-monitor.
catches smart events notify from firmware and outputs the notifications (in json format) to a
logfile.
- No dbus services.
- No setuid binaries.
- 2 binaries, ndctl and daxctl in /usr/bin
- No sudo fragments.
- No udev rules.
- There are unit-tests and autopkgtests. The unit tests were skipped. There has been considerable
discussion in this bugreport about providing regression testing.
- No cron jobs.
- Build reported following...
- configure: WARNING: unrecognized options: --disable-
- quite a few alignment warnings for "address-
i.e.,
nfit.c: In function ‘ndctl_
nfit.c:65:25: warning: taking address of packed member of ‘struct nd_cmd_
65 | cmd->firmware_
| ^~~~~~~
- following lintian warnings, deb-archive newer compressed control.tar.xz script- uses-usr- interpreter etc/init. d/ndctl- monitor /usr/bin/env script- does-not- implement- required- option etc/init. d/ndctl- monitor start script- does-not- implement- required- option etc/init. d/ndctl- monitor stop script- does-not- implement- required- option etc/init. d/ndctl- monitor restart script- does-not- implement- required- option etc/init. d/ndctl- monitor force-reload d/ndctl- monitor #!/lib/ init/init- d-script script- does-not- source- init-functions etc/init. d/ndctl- monitor
- malformed-
- init.d-
E: ndctl: init.d-
E: ndctl: init.d-
E: ndctl: init.d-
E: ndctl: init.d-
W: ndctl: unusual-interpreter etc/init.
W: ndctl: init.d-
- following dpkg warnings daxctl/ usr/bin/ daxctl was not linked against libndctl.so.6 (it uses none of the library's symbols) daxctl/ usr/bin/ daxctl was not linked against libuuid.so.1 (it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/
- execlp() called without an absolute path to bring up help pages. A call to "kfmclient" and set_log_ fn allows user to write custom function to override default! setup|update| remove- passphrase uses the kernel keyring to enable check.c: 1150]: (error) Signed integer overflow for expression '(549755813888) -4096'. dimm.c: 1216]: (error) Memory leak: actx.f_out lib/libndctl. c:5577] : (error) Uninitialized variable: uuid lib/libndctl. c:5578] : (error) Uninitialized variable: uuid
once to call "man".
- Inspecting a random sampling of memory mgmt routines, the memory allocation looked good;
memcpy() ok; none of the sprintf() nor asprintf() checked return value.
- File IO looked ok.
- Logging looked ok. We do not --enable-debug so limited debugging available.
-daxctl_
-There are several environment vars. Could not readily find documentation on any of them.
- log_env overrides log priority set in config file but uses secure_logenv so probably ok.
- code does getenv("MANPATH"); then calls setenv("MANPATH") with gotten value. Seems bad idea.
- ioctls looked ok.
- Cryptography: looks ok.
ndctl-
a security passphrase for NVDIMM(s).
binary blobs of the encrypted masterkey and NVDIMM passphrase(s) are
stored in /etc/ndctl/keys directory and loaded into memory and
compared (in a way validated) with kernel keyring with ndctl command.
- a single testcase uses hard-coded tmp file but this testcase is skipped.
- No WebKit.
- No PolicyKit.
- There were some cppcheck results, upon closer examination they seem ok.
[ndctl/
[ndctl/
[util/json.c:871]: (error) Uninitialized variable: raw_uuid
[ndctl/
[ndctl/
- Quite a few scripts in test directory reported following warning,
"Double quote to prevent globbing and word splitting"
GENERAL COMMENTS
- There are other licenses besides GPL licences.
- Note: opened an issue upstream about the unaligned pointer warning from compiler, https:/ /github. com/pmem/ ndctl/issues/ 131
Security team ACK only on condition that regression tests are available.