Comment 18 for bug 776818

- No CVE history
- No init scripts, cron jobs, dbus services, fscaps, setuid, sudo
- Limited use of setuid(2), more extensive use of chown(2) indicates much
  expects to run as root
- No binaries use PIE or BINDNOW
- No testsuite
- Daemons started with if-up-down.d scripts; some daemons can be configured
  to listen externally
- Some daemons do not daemonize themselves; others do, cryptcap does poorly
- postrm cleans up postinst
- Extensive compiler warnings:
  - Ignores return values from many instances of write(2), writev(2),
    chown(2), asprintf(3), fchdir(2), daemon(3), pipe(2)
- Memory allocations rarely checked for failure
- Some string copies are safe; others are needlessly complicated and ignore
  useful standardized library functions such as strdup(3)
- Code rarely checks for error conditions, or emits error conditions that
  are not checked by calling functions
- HOME environment variable is assumed to be safe, probably fine
- Uses OpenSSL solely for hard-coded Blowfish use
- Calls EVP_CIPHER_CTX_cleanup() after every packet; only calls
  EVP_CIPHER_CTX_init() once at first use. I do not know if this is safe or
  not.
- crc32 code is broken (compares crc32 values with strncmp(3) rather than
  memcmp(3)) (https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/1119988)
- crc32 code may contain BE/LE bug (untested)
- Some routines leak memory under failure conditions
- Some CPP macros are poorly implemented, shows disregard for professional
  programming practices

NAK as it stands. There are a number of problems and I'd prefer to keep
this out of main. If this software is strategic, then we could probably
support it if the compiler warnings were fixed, memory allocations
return codes checked and handled, dlopen concerns addressed, PIE and
BINDNOW enabled, add AppArmor profiles provided for binaries processing
untrusted input, and fix bugs #1119977 #1119982 #1119983 #1119984
#1119985 #1119999.

Thanks