[FFe] [MIR] freeipmi

Bug #1052056 reported by Andres Rodriguez
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
freeipmi (Ubuntu)
Fix Released
High
Unassigned
Precise
Won't Fix
High
Unassigned

Bug Description

1. Availability: any

2. Rationale:
This package will be a dependency for MAAS instead of ipmitool. It is utilized to do the power management operations by MAAS.

3. Security:
No open CVE's.

4. QA:
1 bug in Ubuntu. 1 bug in Debian. No lintian warnings/errors

5. UI standards: none

6. Dependencies: All in main.

7. Standards:
No lintian Warnings
Package is packaged with debhelper, source format 3.0 (quilt)

8. Maintenance: easy

9. Background information:

This package is used by MAAS to start/stop nodes that MAAS controles using the IPMI protocol.

Michael Terry (mterry)
Changed in freeipmi (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

MIR review:
 * it builds with only main enably
 * it does not have a testsuite. It does have a document for testing instructions in doc/freeipmi-testing.txt
 * there is no Ubuntu delta
 * it was a watch file
 * upstream is active
 * Debian is several releases behind
 * So long as there is no Ubuntu delta, it should be easy to maintain
 * not lintian clean (manpage errors)
 * debian/rules is not simple, but is readable, using dh
 * there are some compiler warnings:
bmc-watchdog.c:1695:15: warning: ignoring return value of 'read', declared with attribute warn_unused_result [-Wunused-result]
bmc-watchdog.c:1721:12: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result]
ipmidetectd.c:72:11: warning: ignoring return value of 'read', declared with attribute warn_unused_result [-Wunused-result]
ipmidetectd.c:89:9: warning: ignoring return value of 'chdir', declared with attribute warn_unused_result [-Wunused-result]
ipmidetectd.c:92:8: warning: ignoring return value of 'write', declared with attribute warn_unused_result [-Wunused-result]
 * there is one open Debian bug. There are 2 open Ubuntu bugs

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Security review:
- No CVE history
- two initscripts, neither are configured upon install:
  /etc/init.d/bmc-watchdog
  /etc/init.d/ipmidetectd
  When configured, ipmidetectd listens on a TCP and UDP port as root.
  bmc-watchdog does not listen on a network port
- no dbus, setuid, fscaps, sudo, etc. No cron jobs
- hardening options are enabled, but would be good to have PIE and BINDNOW for ipmidetectd
- very shallow code review:
 - some strcpy() without bounds checking, but on stack so stack-protector should handle it
 - *alloc return codes are checked in all the places I looked
 - there is a lot of low level memory operations, but the code seems well coded and should be maintainable
 - there is /tmp file usage, though the sdr cache ones seem to be handled ok.
./libipmiconsole/ipmiconsole_debug.h:#define IPMICONSOLE_DEBUG_DIRECTORY "/tmp"
./libipmiconsole/ipmiconsole_debug.c: IPMICONSOLE_DEBUG_DIRECTORY,
./libipmiconsole/ipmiconsole_debug.h:#define IPMICONSOLE_DEBUG_DIRECTORY "/var/log/ipmiconsole"
./libipmiconsole/ipmiconsole_ctx.c: IPMICONSOLE_DEBUG_DIRECTORY,
ipmiconsole_debug.c and ipmiconsole_ctx.c need to open these files with 'O_CREAT' and 'O_EXCL'

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Conditional ACK provided:
- PIE and BINDNOW are enabled
- add O_EXCL when opening files in /tmp
- fix compiler warnings
- all of the above should be pushed to Debian
- add ubuntu-server to bug subscribers

Changed in freeipmi (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → Andres Rodriguez (andreserl)
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package freeipmi - 1.1.5-3ubuntu1

---------------
freeipmi (1.1.5-3ubuntu1) quantal; urgency=low

  * Resolve outstanding MIR issues, LP: #1052056

  [ Andres Rodriguez ]
  * debian/rules: Build with "-pie,-bindnow"
  * debian/patches/0002_excel_when_opening_tmp.patch: Open files with O_EXCL.

  [ Dave Walker (Daviey) ]
  * debian/patches/fix-Wunused-result.patch: Resolve -Wunused-result's
    warnings, by checking for non-0 return.
 -- Dave Walker (Daviey) <email address hidden> Sun, 07 Oct 2012 22:22:20 +0100

Changed in freeipmi (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Colin Watson (cjwatson) wrote :

Reopening pending MIR processing.

Changed in freeipmi (Ubuntu):
status: Fix Released → In Progress
Revision history for this message
Matthias Klose (doko) wrote :

promoted

Changed in freeipmi (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

FYI, all these changes look good.

Changed in freeipmi (Ubuntu):
assignee: Andres Rodriguez (andreserl) → nobody
Changed in freeipmi (Ubuntu Precise):
importance: Undecided → High
Mathew Hodson (mhodson)
Changed in freeipmi (Ubuntu):
importance: Undecided → High
Changed in freeipmi (Ubuntu Precise):
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.