[MIR] ndisc6

Bug #806723 reported by Colin Watson
This bug affects 1 person
Affects Status Importance Assigned to Milestone
ndisc6 (Ubuntu)
Fix Released

Bug Description

Availability: In universe for all architectures.

Rationale: This package helps meet the goals in https://blueprints.launchpad.net/ubuntu/+spec/foundations-o-ipv6-healthcheck. Specifically, rdnssd-udeb is used by the netcfg ipv6 branch to discover DNS servers on IPv6 networks, and ndisc6-udeb is used by the netcfg ipv6 branch to analyse what kind of configuration (SLAAC only, stateless DHCPv6, or stateful DHCPv6) is required on a network based on its router advertisements.

Security: ndisc6 ships three setuid-root binaries: rdisc6, ndisc6, and rltraceroute6, for the usual SOCK_RAW kinds of reasons; and rdnssd ships a daemon by the same name. I don't see any history of security vulnerabilities, but I expect it will need a security review due to the setuid binaries anyway. To my eye the code seems pretty clear (it's basically just packet-banging code), and it has the virtue of being small; however, I have only scanned it fairly briefly.

QA: Mostly tools with little configuration required. No bug reports of great concern in Debian or Ubuntu. No test suite as far as I can see. Includes a watch file.

UI standards: N/A.

Dependencies: The udebs are all I need at this time, and their dependencies are straightforward and already in main. The rdnssd deb recommends resolvconf, which we'd probably want to drop to a suggests if we promoted the deb to main as well, but we would notice that at the time of promotion.

Standards compliance: Straightforward-looking CDBS packaging; seems to meet the relevant standards for both debs and udebs.

Maintenance: I expect we can just keep this synced from Debian. The foundations team will deal with issues that specifically affect the foundations-o-ipv6-healthcheck specification, but in my testing so far I haven't run across any.

Michael Terry (mterry)
Changed in ndisc6 (Ubuntu):
assignee: nobody → Kees Cook (kees)
Revision history for this message
Kees Cook (kees) wrote :

n/rdisc6 immediately drop privileges (and check the results), so I have no problem with them being setuid, however, the daemon does not check return codes of setgid or setuidor initgroups (rdnssd.c drop_privileges()). This is almost CVE worthy, and needs to be fixed before it would go into main. Outside of that, the initial design looks good (split root/non-root server, etc).

Changed in ndisc6 (Ubuntu):
status: New → Incomplete
assignee: Kees Cook (kees) → nobody
Revision history for this message
Colin Watson (cjwatson) wrote :

OK. I've sent a patch upstream for this. Can I go ahead and promote it once that fix is in the archive?

Revision history for this message
Colin Watson (cjwatson) wrote :

ndisc6 (1.0.1-1ubuntu1) oneiric; urgency=low

  * Backport from upstream:
    - rdnssd: check for errors while dropping privileges

 -- Colin Watson <email address hidden> Wed, 10 Aug 2011 12:43:32 +0100

Revision history for this message
Michael Terry (mterry) wrote :

Awesome, marking this approved then since Kees's concerns were fixed.

Changed in ndisc6 (Ubuntu):
status: Incomplete → Fix Committed
Revision history for this message
Colin Watson (cjwatson) wrote :

Michael Terry acked this on IRC, so I've gone ahead and promoted it now. Thanks!

Changed in ndisc6 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.