[MIR] ndisc6
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ndisc6 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Availability: In universe for all architectures.
Rationale: This package helps meet the goals in https:/
Security: ndisc6 ships three setuid-root binaries: rdisc6, ndisc6, and rltraceroute6, for the usual SOCK_RAW kinds of reasons; and rdnssd ships a daemon by the same name. I don't see any history of security vulnerabilities, but I expect it will need a security review due to the setuid binaries anyway. To my eye the code seems pretty clear (it's basically just packet-banging code), and it has the virtue of being small; however, I have only scanned it fairly briefly.
QA: Mostly tools with little configuration required. No bug reports of great concern in Debian or Ubuntu. No test suite as far as I can see. Includes a watch file.
UI standards: N/A.
Dependencies: The udebs are all I need at this time, and their dependencies are straightforward and already in main. The rdnssd deb recommends resolvconf, which we'd probably want to drop to a suggests if we promoted the deb to main as well, but we would notice that at the time of promotion.
Standards compliance: Straightforward
Maintenance: I expect we can just keep this synced from Debian. The foundations team will deal with issues that specifically affect the foundations-
Changed in ndisc6 (Ubuntu): | |
assignee: | nobody → Kees Cook (kees) |
n/rdisc6 immediately drop privileges (and check the results), so I have no problem with them being setuid, however, the daemon does not check return codes of setgid or setuidor initgroups (rdnssd.c drop_privileges()). This is almost CVE worthy, and needs to be fixed before it would go into main. Outside of that, the initial design looks good (split root/non-root server, etc).