[apparmor] [PATCH 20/31] parser: Remove prints and exits from features code
Tyler Hicks
tyhicks at canonical.com
Fri Feb 27 17:11:03 UTC 2015
On 2015-02-27 11:08:28, Tyler Hicks wrote:
> On 2015-01-27 10:11:48, John Johansen wrote:
> > On 01/23/2015 11:39 AM, Tyler Hicks wrote:
> > > On 2015-01-23 19:44:27, Christian Boltz wrote:
> > >> Hello,
> > >>
> > >> Am Donnerstag, 22. Januar 2015 schrieb Steve Beattie:
> > >>> On Thu, Jan 22, 2015 at 04:23:00PM -0600, Tyler Hicks wrote:
> > >>>> We don't know what a program linking to libapparmor will do with
> > >>>> stdout/stderr so I don't know if debug logging to those streams is
> > >>>> helpful.
> > >>
> > >> stderr doesn't sound too bad, but might be lost in some situations (like
> > >> starting a program via its desktop icon)
> > >>
> > >>>> Maybe in the near future we could add a debug build option to
> > >>>> libapparmor and have it support an env variable that specifies a
> > >>>> file
> > >>>> path to open and log debug messages to?
> > >>>
> > >>> That would be a very nice improvement indeed.
> > >>
> > >> Would it also be a secure improvement? ;-)
> > >>
> > >> Basically that feature would allow to overwrite any file if an attacker
> > >> is able to inject an environment variable...
> > >
> > > Debug builds of programs/libraries aren't intended to be installed on
> > > production systems. Debug output from libapparmor would only be built
> > > and enabled in debug builds of libapparmor.
> > >
> >
> > So I like the idea of an environment variable, but I think the debug
> > output should (if built) dump to stderr.
> >
> > I'd also like to see a better integration of DEBUG build controls,
> > or at least documentation of the different controls and build options.
> > But of course that can come in some separate patches.
> >
> > For now I'd just like to not lose the limited debug that is in the code.
>
> I wanted to give you a quick update on what my plans are here. The code
> that is being moved from the parser to libapparmor has calls to PERROR()
> and PDEBUG(). Here's my thoughts on how to handle them in libapparmor:
>
>
> * PDEBUG()
> - Compiled out unless libapparmor is built with --enable-debug
> - Prints to stderr if libapparmor is built with --enable-debug and
> the LIBAPPARMOR_DEBUG environment variable is set
One correction. To match the current PDEBUG() implementation in the
parser, the libapparmor PDEBUG() would need to print to stdout instead
of stderr.
Tyler
> * PERROR()
> - Always built and uses syslog(LOG_ERR, ...) by default
> - Uses syslog(LOG_PERROR, ...) if libapparmor is built with
> --enable-debug and the LIBAPPARMOR_DEBUG environment variable is
> set
>
> Tyler
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150227/d31d72f5/attachment.pgp>
More information about the AppArmor
mailing list