© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
Security review:
With a shallow code audit, the code seems ok and is quite small. It (obviously) ships a dbus system service. The recent fixes for the CVE look ok. Upstream reported the issue responsibly, provided patches and was receptive to feedback on the patches. The package is a root running application that processes input from the user session. It would be good if this had full hardening options during compilation. The policykit policy looks ok (note that we ship polkit overrides that allow all actions to anyone in the lpadmin, sudo or admin groups if they have an active session-- this is ok). The packaging looks fine. It looks like there are some test files that could be run (in src/test-*).
Conditional ACK provided we compile with PIE and BIND_NOW and try to get the testsuite going during build.