I reviewed version 198-0ubuntu0ppa2 from pitti's PPA. I confined my review primarily to src/logind/ and src/udevd/ directories, as these are the largest of the components we intend to use. This should not be considered a full security audit, but rather a quick and dirty gauge of code cleanliness.
- No cron jobs, fscaps, sudo - Several initscripts - Provides dbus services - Limited use of setuid(2) looked safe - Some executables not PIE - All executables use stack protection, fortify, relro, bind_now - Minimal tests; extensive global state would be difficult to test - Daemons initialize carefully - Many libtool warnings - Many dpkg-shlibdeps warnings - Memory allocations check for failure - Error codes are returned, checked - String manipulation uses good utility routines - Crypto used only in un-audited portions I did not verify if the package provides needed functionality. Since this is a fairly specialized sort of package, I'm not too surprised about e.g. libtool and dpkg-shlibdeps warnings. However, they would make it more difficult to spot warnings in the future. Please consider spending some time to reduce the warning count. ACK for the proposed selective inclusion into main. ** Changed in: systemd (Ubuntu) Assignee: Seth Arnold (seth-arnold) => MIR approval team (ubuntu-mir) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1152187 Title: [MIR] systemd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1152187/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs