Ubuntu
u-boot-menu package

  1. Bug #1907284
  2. Comment #2

Comment 2 for bug 1907284

Revision history for this message
Seth Arnold (seth-arnold) wrote :

This is a short and sweet package, so I'll skip the full boilerplate:

No cves, no setuid executables, no use of complex frameworks, no sudo fragments, no initscripts or systemd units, it's really just a few shellscripts that look like they were well-written.

I wish it were a quilt package rather than a patchless package but changing that just on the off-chance that we have to do work on this is probably more work than it deserves.

There were some shellcheck results, but they're probably not security critical, there shouldn't be untrusted inputs into this tool.

Security team ACK for promoting u-boot-menu to main.

Thanks

shellcheck results (I trimmed it a bit):

./u-boot-update:100:8: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:1: note: read without -r will mangle backslashes. [SC2162]
./u-boot-update:103:24: warning: _FS_VFSTYPE appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:36: warning: _FS_MNTOPS appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:47: warning: _FS_FREQ appears unused. Verify it or export it. [SC2034]
./u-boot-update:103:56: warning: _FS_PASSNO appears unused. Verify it or export it. [SC2034]
./u-boot-update:121:15: note: To read lines rather than words, pipe/redirect to a 'while read' loop. [SC2013]
./u-boot-update:172:27: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:23: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:40: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:178:52: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:181:25: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:181:42: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:184:25: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:184:42: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:194:10: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:209:10: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:220:26: note: See if you can use ${variable//search/replace} instead. [SC2001]
./u-boot-update:220:31: note: Double quote to prevent globbing and word splitting. [SC2086]
./u-boot-update:225:14: note: $/${} is unnecessary on arithmetic variables. [SC2004]
./zz-sync-dtb:30:17: note: Double quote to prevent globbing and word splitting. [SC2086]