[apparmor] [PATCH 20/31] parser: Remove prints and exits from features code

[John Johansen]

On 01/23/2015 11:39 AM, Tyler Hicks wrote:
> On 2015-01-23 19:44:27, Christian Boltz wrote:
>> Hello,
>>
>> Am Donnerstag, 22. Januar 2015 schrieb Steve Beattie:
>>> On Thu, Jan 22, 2015 at 04:23:00PM -0600, Tyler Hicks wrote:
>>>> We don't know what a program linking to libapparmor will do with
>>>> stdout/stderr so I don't know if debug logging to those streams is
>>>> helpful.
>>
>> stderr doesn't sound too bad, but might be lost in some situations (like 
>> starting a program via its desktop icon)
>>
>>>> Maybe in the near future we could add a debug build option to
>>>> libapparmor and have it support an env variable that specifies a
>>>> file
>>>> path to open and log debug messages to?
>>>
>>> That would be a very nice improvement indeed.
>>
>> Would it also be a secure improvement? ;-)
>>
>> Basically that feature would allow to overwrite any file if an attacker 
>> is able to inject an environment variable...
> 
> Debug builds of programs/libraries aren't intended to be installed on
> production systems. Debug output from libapparmor would only be built
> and enabled in debug builds of libapparmor.
> 

So I like the idea of an environment variable, but I think the debug
output should (if built) dump to stderr.

I'd also like to see a better integration of DEBUG build controls,
or at least documentation of the different controls and build options.
But of course that can come in some separate patches.

For now I'd just like to not lose the limited debug that is in the code.