[Bug 1746680] Re: [MIR] xe-guest-utilities

Seth Arnold 1746680 at bugs.launchpad.net
Tue Apr 24 02:45:44 UTC 2018 

I reviewed xe-guest-utilities version 7.10.0-0ubuntu1 as checked into
bionic. This should not be considered a full security audit but rather a
quick gauge of maintainability.

- collects and reports distribution version, uname, memory, IP addresses,
  MAC addresses, memory information, balloon status, CPUs, etc. through
  xenstore data collection
- No CVEs in our database
- Build-Depends: debhelper, gawk, golang | gccgo-go (<< 1.3)
- Does not itself daemonize
- pre/post inst/rm scripts automatically generated
- Two systemd unit files, one to mount /proc/xen, one to start the
  xe-daemon
- No dbus services
- No setuid files
- xe-daemon and xe-linux-distribution in path
- No sudo fragments
- Udev rule appears to auto-online new CPUs
- There's some testing framework of some sort but it doesn't appear to be
  run during the build; I don't see how it would help us much.
- Clean build logs

- Subprocesses are spawned extensively to collect data; it appears to use
  go's array-based execve() wrappers
- standard go memory handling
- Opens files based on a few well-known paths as well as glob() on other
  paths, including /dev/, /sys/class/net/, /sys/block/*/device
- Logging can go to syslog or stderr, looked okay
- I didn't spot environment variable use
- I didn't spot explicit privileged actions
- No cryptography
- No networking
- No privileged portions of code
- No temporary files
- No webkit
- No policykit


- xe-linux-distribution is fairly gross code, and may present security
  issues. I'd really like to ditch this code entirely. Ideally the daemon
  would just run lsb_release -a and uname -a and return that unchanged to
  xenstore.

- enumNetworkAddresses() discards err from runCmd() calls

Security team ACK for promoting xe-guest-utilities to main, but it'd be
really nice to remove the shell script for 18.10.

Thanks


** Changed in: xe-guest-utilities (Ubuntu)
     Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to xe-guest-utilities in Ubuntu.
https://bugs.launchpad.net/bugs/1746680

Title:
  [MIR] xe-guest-utilities

Status in xe-guest-utilities package in Ubuntu:
  Triaged

Bug description:
  [Availability]
  * Since pre-precise, available on all architectures
  * Previously it was an arch:all, since recently it is arc:any as it got rewritten in golang upstream.

  [Rationale]
  * Multiple clouds which use XEN like hypervisors, use xe-guest-utilities to communicate with the XEN host, to retrieve cloud-config drive.

  [Security]
  * Ships a daemon
  * Adds a mountpoint of /proc/xen
  * Uses /proc/xen
  * Adds udev rules for hotplug cpus
  * golang...

  [Quality assurance]
  * well maintained upstream
  * well maintain debian package
  * simply packaging

  [Dependencies]
  * init-system-helpers... the rest is statically linked golang

  [Standards compliance]
  * Complies with debian policy

  [Maintenance]
  * little, to none required.

  [Background information]
  * Used by some xen based Openstack public clouds.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xe-guest-utilities/+bug/1746680/+subscriptions

More information about the foundations-bugs mailing list