On Sun, 2013-06-09 at 10:03 -0400, Steve Grubb wrote: > > I don't think anyone wants these accesses to generate audit records. The > > question is whether the right way to fix that is to avoid those accesses > > in the first place or to provide a mechanism so that legitimate accesses > > don't generate audit records. > > There isn't a mechanism to allow these to slip through. Over the years I have > come to realize that the audit system can be a great resource for debugging > user space. It was sitting through one of Dave Jones' why userspace sucks > lectures and afterwards pouring through audit logs that I saw that we can find > some of these problems. If part of the goals when writing software is > correctness and efficiency, then wouldn't failing syscalls be of interest? Not > just in the case of EPERM, but also for example EINVAL? Well what I'm trying to say is that you're acting as if the entire 'audit system' was carved on stone tablets and handed down from God. It wasn't. It's just a set of checks, the logic behind _each of which_ is as open to question as anything else. Just because a test for all EPERM syscall fails is a part of 'the audit system' does not make it an unquestionable totem. Instead of answering the question "do we actually believe that all cases of EPERM should be 'fixed', or in some cases would the cure be worse than the disease?" you seem to just keep saying "The Holy Audit System told me there's a problem!" I don't know who's right, in this case. But looking at the debate, I see one side raising what looks like a legitimate line of inquiry, and you just batting it back with 'The Holy Audit System has no flaws'. "There isn't a mechanism", okay, point taken. But that can be a flaw of the audit system as much as anything else. > Why would anyone write software that is incorrect enough the OS spits it back > as EINVAL? This is entirely irrelevant. From a QA monkey perspective, I'm comparing this with the case where we have a suite of tests, and someone raises the question if one of them is a sensible test. Talking about how good one of the others is is entirely out of scope. The fact we put them all together and called them a 'test suite' is really neither here nor there. The question here is not 'is auditing useful?', it's 'is this particular audit check one which always indicates a genuine bug that must be fixed?' > I'll leave it here for anyone curious enough to dig out the details of how > each syscall is wrong. But its my belief that these are not intentionally > written to fail and people didn't know they were issuing syscalls that will > never work. Well, that's clearly not the case in the situation we're actually discussing: the author of one of the pieces of software you audited says he knows about the failed syscalls and does not think they're a problem. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
