cobbler-enlist is not checking for return codes enough
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cobbler-enlist (Ubuntu) |
Invalid
|
High
|
Adam Gandelman | ||
Oneiric |
Won't Fix
|
High
|
Ubuntu Server | ||
Precise |
Invalid
|
High
|
Adam Gandelman |
Bug Description
In performing the MIR audit for cobbler-enlist (bug #860492), I discovred:
- PROBLEM: most xmlrpc_* calls are not doing any error checking, but should be based on looking at code of xmlrpc-c.
- RECOMMENDATION: create utility function wrappers for the common xmlrpc-c comamnds, have the cobbler-enlist code use the wrappers, and have the wrappers do all the error checking. Eg: all current uses of xmlrpc_
This needs to get fixed so that cobbler-enlist is defensively coded. This must happen before 12.04 and I think it would also be good for SRU.
security vulnerability: | yes → no |
visibility: | private → public |
Changed in cobbler-enlist (Ubuntu): | |
assignee: | nobody → Canonical Server Team (canonical-server) |
importance: | Undecided → High |
status: | New → Triaged |
Changed in cobbler-enlist (Ubuntu Oneiric): | |
milestone: | none → oneiric-updates |
Changed in cobbler-enlist (Ubuntu Oneiric): | |
assignee: | Canonical Server Team (canonical-server) → Ubuntu Server Team (ubuntu-server) |
tags: | added: rls-mgr-o-tracking |
tags: |
added: rls-mgr-p-tracking removed: rls-mgr-o-tracking |
Changed in cobbler-enlist (Ubuntu Precise): | |
milestone: | none → precise-alpha-1 |
Changed in cobbler-enlist (Ubuntu Precise): | |
assignee: | Ubuntu Server Team (ubuntu-server) → Adam Gandelman (gandelman-a) |
Changed in cobbler-enlist (Ubuntu): | |
milestone: | precise-alpha-1 → precise-alpha-2 |
Marking Invalid since we'll be moving forward with a rewrite of the utility.