- No CVE history
- No init scripts, cron jobs, dbus services, fscaps, setuid, sudo
- Limited use of setuid(2), more extensive use of chown(2) indicates much
expects to run as root
- No binaries use PIE or BINDNOW
- No testsuite
- Daemons started with if-up-down.d scripts; some daemons can be configured
to listen externally
- Some daemons do not daemonize themselves; others do, cryptcap does poorly
- postrm cleans up postinst
- Extensive compiler warnings:
- Ignores return values from many instances of write(2), writev(2),
chown(2), asprintf(3), fchdir(2), daemon(3), pipe(2)
- Memory allocations rarely checked for failure
- Some string copies are safe; others are needlessly complicated and ignore
useful standardized library functions such as strdup(3)
- Code rarely checks for error conditions, or emits error conditions that
are not checked by calling functions
- HOME environment variable is assumed to be safe, probably fine
- Uses OpenSSL solely for hard-coded Blowfish use
- Calls EVP_CIPHER_CTX_cleanup() after every packet; only calls
EVP_CIPHER_CTX_init() once at first use. I do not know if this is safe or
not.
- crc32 code is broken (compares crc32 values with strncmp(3) rather than
memcmp(3)) (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/1119988)
- crc32 code may contain BE/LE bug (untested)
- Some routines leak memory under failure conditions
- Some CPP macros are poorly implemented, shows disregard for professional
programming practices
NAK as it stands. There are a number of problems and I'd prefer to keep
this out of main. If this software is strategic, then we could probably
support it if the compiler warnings were fixed, memory allocations
return codes checked and handled, dlopen concerns addressed, PIE and
BINDNOW enabled, add AppArmor profiles provided for binaries processing
untrusted input, and fix bugs #1119977 #1119982 #1119983 #1119984
#1119985 #1119999.
- No CVE history CTX_cleanup( ) after every packet; only calls CTX_init( ) once at first use. I do not know if this is safe or /bugs.launchpad .net/ubuntu/ +source/ vde2/+bug/ 1119988)
- No init scripts, cron jobs, dbus services, fscaps, setuid, sudo
- Limited use of setuid(2), more extensive use of chown(2) indicates much
expects to run as root
- No binaries use PIE or BINDNOW
- No testsuite
- Daemons started with if-up-down.d scripts; some daemons can be configured
to listen externally
- Some daemons do not daemonize themselves; others do, cryptcap does poorly
- postrm cleans up postinst
- Extensive compiler warnings:
- Ignores return values from many instances of write(2), writev(2),
chown(2), asprintf(3), fchdir(2), daemon(3), pipe(2)
- Memory allocations rarely checked for failure
- Some string copies are safe; others are needlessly complicated and ignore
useful standardized library functions such as strdup(3)
- Code rarely checks for error conditions, or emits error conditions that
are not checked by calling functions
- HOME environment variable is assumed to be safe, probably fine
- Uses OpenSSL solely for hard-coded Blowfish use
- Calls EVP_CIPHER_
EVP_CIPHER_
not.
- crc32 code is broken (compares crc32 values with strncmp(3) rather than
memcmp(3)) (https:/
- crc32 code may contain BE/LE bug (untested)
- Some routines leak memory under failure conditions
- Some CPP macros are poorly implemented, shows disregard for professional
programming practices
NAK as it stands. There are a number of problems and I'd prefer to keep
this out of main. If this software is strategic, then we could probably
support it if the compiler warnings were fixed, memory allocations
return codes checked and handled, dlopen concerns addressed, PIE and
BINDNOW enabled, add AppArmor profiles provided for binaries processing
untrusted input, and fix bugs #1119977 #1119982 #1119983 #1119984
#1119985 #1119999.
Thanks