Bad file access on the rise
Matthew Garrett
mjg59 at srcf.ucam.org
Sun Jun 9 15:38:48 UTC 2013
On Sun, Jun 09, 2013 at 10:03:19AM -0400, Steve Grubb wrote:
> There isn't a mechanism to allow these to slip through. Over the years I have
> come to realize that the audit system can be a great resource for debugging
> user space. It was sitting through one of Dave Jones' why userspace sucks
> lectures and afterwards pouring through audit logs that I saw that we can find
> some of these problems. If part of the goals when writing software is
> correctness and efficiency, then wouldn't failing syscalls be of interest? Not
> just in the case of EPERM, but also for example EINVAL?
Because this is the expected behaviour in certain cases? I'm not
disputing the usefulness of generating these reports, but there are
cases where it's entirely legitimate to receive an EPERM and do
something useful with that. The audit system needs to recognise that and
provide a mechanism for packages to flag that such accesses are genuine
and uninteresting.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel
mailing list