[Bug 1572537] Re: [MIR] libnss-extrausers
Tyler Hicks
tyhicks at canonical.com
Wed Apr 20 18:04:46 UTC 2016
Security Team ack.
I did a quick review due to the timing of this MIR but this package is
very small so it was pretty easy. There are a small list of things that
I don't like but I don't see any real harm in them and don't foresee any
issues supporting the package:
1) There's a fair amount of copy-and-pasted code between g_search(), p_search(), and shadow_search() that could be shared.
2) g_search(), p_search(), and shadow_search() do not do proper under/over flow checking of the return values from strtol() but the input strings strictly come from trusted files that are modifiable only by the admin.
3) The string parsing in g_search(), p_search(), and shadow_search() is careful but hairy and, again, the inputs are coming from trusted files.
** Changed in: libnss-extrausers (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-extrausers in Ubuntu.
https://bugs.launchpad.net/bugs/1572537
Title:
[MIR] libnss-extrausers
Status in libnss-extrausers package in Ubuntu:
Incomplete
Bug description:
[MIR] the readonly setup on snappy and ubuntu for phones requires us
to manage the password database in a writable space, libnss-extrausers
enables us to do this.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-extrausers/+bug/1572537/+subscriptions
More information about the foundations-bugs
mailing list