[apparmor] [PATCH 20/31] parser: Remove prints and exits from features code

Tyler Hicks tyhicks at canonical.com
Fri Feb 27 17:08:28 UTC 2015 

On 2015-01-27 10:11:48, John Johansen wrote:
> On 01/23/2015 11:39 AM, Tyler Hicks wrote:
> > On 2015-01-23 19:44:27, Christian Boltz wrote:
> >> Hello,
> >>
> >> Am Donnerstag, 22. Januar 2015 schrieb Steve Beattie:
> >>> On Thu, Jan 22, 2015 at 04:23:00PM -0600, Tyler Hicks wrote:
> >>>> We don't know what a program linking to libapparmor will do with
> >>>> stdout/stderr so I don't know if debug logging to those streams is
> >>>> helpful.
> >>
> >> stderr doesn't sound too bad, but might be lost in some situations (like 
> >> starting a program via its desktop icon)
> >>
> >>>> Maybe in the near future we could add a debug build option to
> >>>> libapparmor and have it support an env variable that specifies a
> >>>> file
> >>>> path to open and log debug messages to?
> >>>
> >>> That would be a very nice improvement indeed.
> >>
> >> Would it also be a secure improvement? ;-)
> >>
> >> Basically that feature would allow to overwrite any file if an attacker 
> >> is able to inject an environment variable...
> > 
> > Debug builds of programs/libraries aren't intended to be installed on
> > production systems. Debug output from libapparmor would only be built
> > and enabled in debug builds of libapparmor.
> > 
> 
> So I like the idea of an environment variable, but I think the debug
> output should (if built) dump to stderr.
> 
> I'd also like to see a better integration of DEBUG build controls,
> or at least documentation of the different controls and build options.
> But of course that can come in some separate patches.
> 
> For now I'd just like to not lose the limited debug that is in the code.

I wanted to give you a quick update on what my plans are here. The code
that is being moved from the parser to libapparmor has calls to PERROR()
and PDEBUG(). Here's my thoughts on how to handle them in libapparmor:


 * PDEBUG()
   - Compiled out unless libapparmor is built with --enable-debug
   - Prints to stderr if libapparmor is built with --enable-debug and
     the LIBAPPARMOR_DEBUG environment variable is set
 * PERROR()
   - Always built and uses syslog(LOG_ERR, ...) by default
   - Uses syslog(LOG_PERROR, ...) if libapparmor is built with
     --enable-debug and the LIBAPPARMOR_DEBUG environment variable is
     set

Tyler
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150227/2a11bd44/attachment.pgp>

More information about the AppArmor mailing list