Bad file access on the rise

Adam Williamson awilliam at redhat.com
Sun Jun 9 14:34:10 UTC 2013 

On Sun, 2013-06-09 at 10:03 -0400, Steve Grubb wrote:

> > I don't think anyone wants these accesses to generate audit records. The
> > question is whether the right way to fix that is to avoid those accesses
> > in the first place or to provide a mechanism so that legitimate accesses
> > don't generate audit records.
> 
> There isn't a mechanism to allow these to slip through. Over the years I have 
> come to realize that the audit system can be a great resource for debugging 
> user space. It was sitting through one of Dave Jones' why userspace sucks 
> lectures and afterwards pouring through audit logs that I saw that we can find 
> some of these problems. If part of the goals when writing software is 
> correctness and efficiency, then wouldn't failing syscalls be of interest? Not 
> just in the case of EPERM, but also for example EINVAL? 

Well what I'm trying to say is that you're acting as if the entire
'audit system' was carved on stone tablets and handed down from God. It
wasn't. It's just a set of checks, the logic behind _each of which_ is
as open to question as anything else. Just because a test for all EPERM
syscall fails is a part of 'the audit system' does not make it an
unquestionable totem. Instead of answering the question "do we actually
believe that all cases of EPERM should be 'fixed', or in some cases
would the cure be worse than the disease?" you seem to just keep saying
"The Holy Audit System told me there's a problem!"

I don't know who's right, in this case. But looking at the debate, I see
one side raising what looks like a legitimate line of inquiry, and you
just batting it back with 'The Holy Audit System has no flaws'.

"There isn't a mechanism", okay, point taken. But that can be a flaw of
the audit system as much as anything else.

> Why would anyone write software that is incorrect enough the OS spits it back 
> as EINVAL?

This is entirely irrelevant. From a QA monkey perspective, I'm comparing
this with the case where we have a suite of tests, and someone raises
the question if one of them is a sensible test. Talking about how good
one of the others is is entirely out of scope. The fact we put them all
together and called them a 'test suite' is really neither here nor
there. The question here is not 'is auditing useful?', it's 'is this
particular audit check one which always indicates a genuine bug that
must be fixed?'

> I'll leave it here for anyone curious enough to dig out the details of how 
> each syscall is wrong. But its my belief that these are not intentionally 
> written to fail and people didn't know they were issuing syscalls that will 
> never work.

Well, that's clearly not the case in the situation we're actually
discussing: the author of one of the pieces of software you audited says
he knows about the failed syscalls and does not think they're a problem.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

More information about the devel mailing list