[MIR] spice-vdagent
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | spice-vdagent (Ubuntu) |
Wishlist
|
Andy Whitcroft | ||
| | ubuntu-meta (Ubuntu) |
Wishlist
|
Unassigned | ||
Bug Description
Availability
============
Built for all supported architectures.
In sync with Debian except for one cherry-picked patch to hide spice-vdagent from Startup Applications.
Rationale
=========
"spice-vdagent adds some nice features to guest systems running over SPICE: copy and paste between guest and host, arbitrary resolution support, ... It's also very tiny (40kB compressed, less than 200kB installed) and won't startup when not running in a SPICE guest.
Shipping it on the desktop ISOs will improve the user experience when using SPICE (eg in GNOME Boxes), and will have no impact on other use cases, so it would be really nice to add this package to the ISO."
Ubuntu GNOME 16.10 and 17.04 included it in the default install.
Security
========
No known open security vulnerabilities.
https:/
Quality assurance
=================
Bug subscriber: Ubuntu Desktop Bugs
https:/
https:/
https:/
No tests.
Dependencies
============
check-mir reports all other binary dependencies are in main
Standards compliance
=======
3.9.8
Maintenance
===========
- Actively developed upstream
https:/
https:/
- Maintained in Debian by the same Debian Developer who maintains the other Spice packages.
short dh7 style rules, dh compat 10
Background information
=======
N/A
CVE References
| Christophe Fergeau (teuf-gnome) wrote : | #1 |
| Changed in spice-vdagent (Ubuntu): | |
| importance: | Undecided → Wishlist |
| status: | New → Confirmed |
| Changed in ubuntu-meta (Ubuntu): | |
| importance: | Undecided → Wishlist |
| Launchpad Janitor (janitor) wrote : | #2 |
Status changed to 'Confirmed' because the bug affects multiple users.
| Changed in ubuntu-meta (Ubuntu): | |
| status: | New → Confirmed |
| summary: |
- Please ship spice-vdagent on the livecd + [MIR] spice-vdagent |
| description: | updated |
The package in general looks fine, properly maintained in Debian, and low effort to maintain in Ubuntu; so this part looks fine for the MIR.
However, spice-vdagent is missing a team subscriber; please fix this.
Finally, given the use of spice-vdagent to capture mouse and such, its tight integration with ConsoleKit for session handling, its clipboard capture, and mucking with X, randr, etc., this will require a review by the Security Team.
| Changed in ubuntu-meta (Ubuntu): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
| assignee: | Ubuntu Security Team (ubuntu-security) → nobody |
| Changed in spice-vdagent (Ubuntu): | |
| assignee: | nobody → Ubuntu Security Team (ubuntu-security) |
Please also make sure to update ubuntu-meta / seed; if nothing brings in the package, it won't stay in main.
| description: | updated |
| Didier Roche (didrocks) wrote : | #5 |
security team: ping?
| Didier Roche (didrocks) wrote : | #6 |
Can we have that checked before FF by the security team? Most of popular distros are shipping it by default and the VM experience is the first one people may get. Would be bad to get ubuntu showing off not optimized default acceleration/
| Seth Arnold (seth-arnold) wrote : | #7 |
I reviewed spice-vdagent 0.17.0-1ubuntu1 as checked into zesty. This
shouldn't be considered a full audit but rather a quick gauge of
maintainability.
spice-vdagent provides some services between virtual machine host and
guests to make the experience less jarring.
One CVE is in our database for the Windows client.
- Build-Depends: debhelper, pkg-config, dh-systemd, libspice-
libdbus-1-dev, libx11-dev, libxrandr-dev, libxfixes-dev,
desktop-
libglib2.0-dev, systemd, libsystemd-dev, libasound2-dev
- Provides a client and server; both daemonize
- pre/post inst/rm scripts automatically generated
- spice-vdagent init script starts the guest daemon, modprobes uinput
- spice-vdagentd and spice-vdagent systemd service files, start their
daemons
- no dbus services
- No setuid or setgid files
- Two executables in PATH /usr/bin/
/usr/
- No sudo fragments
- One udev rule for virtio-ports
- No test suite
- No cron
- Clean build logs
- Subprocesses spawned using system(), unsafe construction, reported
upstream
- Memory management looked good enough; some cases of malloc(a*b) but 'b'
was often 4, 8, maybe 16, and 'a' calculated from data on the wire in a
fashion that looked difficult to really abuse.
- File IO looked safe except for uses of system()
- Logging looked safe
- No environment variable use
- chmod(socket, 0666) looked out of place
- other privileged ioctl() calls looked fine
- No cryptography
- Does networking; a quick skim looked like all Unix Domain Sockets
- I didn't see privileged portions of the code
- No tmp files
- No WebKit
- No PolicyKit
- Clean cppcheck
Here's some notes I collected while reviewing spice-vdagent:
- vdagent_
it to the shell (CVE-2017-15108 was assigned for this issue)
- vdagent_
too-long xfers->save_dir could cause the & or ' or any number of other
characters to go missing.
- daemonize() from ./src/vdagentd.c only forks once
- daemonize() from ./src/vdagent.c only forks once
- why does main() in ./src/vdagentd.c set vdagentd_socket to 0666
This symlink looks out of place:
/usr/share/
Please make sure https:/
Security team ACK for promoting spice-vdagent to main.
Thanks
| Changed in spice-vdagent (Ubuntu): | |
| assignee: | Ubuntu Security Team (ubuntu-security) → nobody |
| Changed in spice-vdagent (Ubuntu): | |
| status: | Confirmed → Fix Committed |
| Changed in ubuntu-meta (Ubuntu): | |
| status: | Confirmed → Fix Committed |
| Andy Whitcroft (apw) wrote : | #8 |
Confirmed that the security fix at the URL below is include in the package as git_cve-
| Changed in spice-vdagent (Ubuntu): | |
| assignee: | nobody → Andy Whitcroft (apw) |
| Andy Whitcroft (apw) wrote : | #9 |
Override component to main
spice-vdagent 0.17.0-1ubuntu2 in bionic: universe/x11 -> main
spice-vdagent 0.17.0-1ubuntu2 in bionic amd64: universe/
spice-vdagent 0.17.0-1ubuntu2 in bionic arm64: universe/
spice-vdagent 0.17.0-1ubuntu2 in bionic armhf: universe/
spice-vdagent 0.17.0-1ubuntu2 in bionic i386: universe/
spice-vdagent 0.17.0-1ubuntu2 in bionic ppc64el: universe/
spice-vdagent 0.17.0-1ubuntu2 in bionic s390x: universe/
7 publications overridden.
| Changed in spice-vdagent (Ubuntu): | |
| status: | Fix Committed → Fix Released |
| Jeremy Bicha (jbicha) wrote : | #10 |
| Changed in ubuntu-meta (Ubuntu): | |
| status: | Fix Committed → Fix Released |
Forgot to add, the ISOs already contain the qxl SPICE driver, so there are already SPICE specific packages in there.