Comment 23 for bug 1747759

Revision history for this message
Mark Esler (eslerm) wrote :

I reviewed cpdb-libs 2.0~b4-0ubuntu2 as checked into lunar. This shouldn't be considered a full audit but rather a quick gauge of maintainability.

cpdb-libs: code for frontend and backend libraries for the Common Printing Dialog Backends (CPDB) project. These libraries allow the CPDB frontends (the print dialogs) and backends (the modules communicating with the different printing systems) to communicate with each other via D-Bus.

- CVE History:
  - none
- Build-Depends?
  - debhelper-compat (=13)
  - autoconf
  - pkg-config
  - sharutils
  - libglib2.0-dev
  - libdbus-1-dev
  - dbus-daemon
    - ! note that dbus-broker aims to replace dbus-daemon with LP#2015538
- pre/post inst/rm scripts?
  - none
- init scripts?
  - none
- systemd units?
  - none
- dbus services?
  - no "dbus services" in packaging, but does mediate D-Bus communication
  - cpdb-libs-tools' cpdbPicklePrinterToFile() looks dangerous
  - g_bus_*/g_dbus_* use in cpdb-frontend.c appears fine
- setuid binaries?
  - none
- binaries in PATH?
  - ./usr/bin/cpdb-pickle-print
  - ./usr/bin/cpdb-text-frontend
  - note, binaries come from cpdb-libs-tools which Security NACKs for promotion
- sudo fragments?
  - none
  - false positives from README.md
- polkit files?
  - none
- udev rules?
  - none
- unit tests / autopkgtests?
  - has tests
- cron jobs?
  - none
- Build logs:
  - some lintain warnings

- Processes spawned?
  - none
- Memory management?
  - malloc, sprintf, and strcpy use appears okay
    - unclear what dialog_bus_name does and why it has a fixed buffer
  - cpdb-frontend.c uses g_new/g_new0 for allocation instead
    - possibly missing g_free cases
- File IO?
  - cpdb-frontend.c has heavy goto use for file handling
    - backend_file_name may not be freed etc
  - is log_file closed? is stderr closed?
  - _fine_
- Logging?
  - uses a mix of g_*() and log*()
  - user control of log verbosity
  - appears sane
- Environment variable usage?
  - XDG_CONFIG_HOME and HOME and possible mkdir handled well
  - LANGUAGE for locale
  - setenv("LANGUAGE", lang, 1) used in translation
  - CPDB_DEBUG_LEVEL, CPDB_DEBUG_LOGFILE, and CPDB_BACKEND_INFO_DIR also handled well
- Use of privileged functions?
 - none
- Use of cryptography / random number sources etc?
 - none
- Use of temp files?
  - pickle-printer uses the predictable/constant name /tmp/.printer-pickle
- Use of networking?
  - none
- Use of WebKit?
  - none
- Use of PolicyKit?
  - none

- Any significant cppcheck results?
  - resource leak
- Any significant Coverity results?
  - Upstream dev Michael Sweet determined that many reports were false postiives or negligible
  - some reports lead to fixes, others open
  - suggested https://scan.coverity.com/github to upstream
- Any significant shellcheck results?
  - nothing applicable
- Any significant bandit results?
  - none

Seth Arnold reported https://github.com/OpenPrinting/cpdb-libs/security/advisories/GHSA-25j7-9gfc-f46x (note, this URL may 404 until made public). For this and other reasons, Security NACKs the promotion of cpdb-libs-tools. Till okayed this as these tools are for development and debugging, and non-consequential to this MIR.

Switching from dbus-daemon to dbus-broker might be seamless, but maintainers should be aware (LP#2015538).

Security team ACK for promoting cpdb-libs to main, except for cpdb-libs-tools.