[Bug 509647] Re: [MIR] lxc
Seth Arnold
509647 at bugs.launchpad.net
Tue Aug 6 23:08:54 UTC 2013
I reviewed lxc 0.9.0-0ubuntu18 as checked into saucy. This is not
a complete security audit but only a quick gauge of code cleanliness.
I previously reviewed lxc (0.9.0~rc1-0ubuntu3), details here:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/509647/comments/4
The code quality of the Python bindings has improved drastically.
The lock ordering with lxc_container_free() has been addressed.
Well done on both counts.
Many of the less-important problems I found are still available to
be fixed (an opportunity for someone who is looking to get started in
contributing to Ubuntu, perhaps) but one issue remains that is still a
blocker for main: most binaries are lacking one or more of the security
hardening tools offered by the toolchain.
So: Please enable PIE, stack protection, and immediate binding for all
binaries. This is the final hurdle. :)
Thanks
** Changed in: lxc (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to lxc in Ubuntu.
https://bugs.launchpad.net/bugs/509647
Title:
[MIR] lxc
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/509647/+subscriptions
More information about the Ubuntu-server-bugs
mailing list