libnids, autolog and snoopy (Was: Re: Ask for review)
Lukas Schwaighofer
lukas at schwaighofer.name
Fri Jul 7 07:44:15 UTC 2017
Hi Marcos,
On Fri, 7 Jul 2017 00:02:20 +0200
Marcos Fouces <marcos.fouces at gmail.com> wrote:
> > 1. libnids
> > (...)
>
> I did rebuild and use dsniff and libnids repo versions and it seems
> to works well. So i believe that libnids could be uploaded.
Ok, thanks for testing!
> > I have a question regarding the systemd service file. Marcos, you
> > specified:
> >
> > CapabilityBoundingSet=~CAP_SYS_PTRACE
> >
> > Is there a reason you just remove that specific capability? I
> > expect there are a lot more that could be removed and I was
> > wondering why you exactly remove that one.
> This is a capability that i judged unnecesary as i don't think that
> autolog should not help to debug any other process.
> I did not remove more capacities due to lack of time to test the
> result. In fact, i still not tested properly if the removal of
> CAP_SYS_PTRACE affect autolog.
Fair enough.
> I believe that more test is needed in order to upload this package
I agree. To be honest, I don't like the state the code is at and I was
reluctant to even starting it briefly to check if the service file is
working. There doesn't seem to be a good alternative to the software
however…
In any case I'd prefer you do the testing for that ;) .
>
> > 3. snoopy
> > (...)
> If you tested properly the package (basically, check that produces
> proper log entries), i believe that it could be uploaded.
I checked that it produces the expected log output and tried to cover
all the cases of the postinst script. I didn't encounter any problems.
Regards
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20170707/d4f7a1a4/attachment.sig>
More information about the Pkg-security-team
mailing list