Confusing behavior: allow_stdin overrides allow_read
#6
Comments
|
Hi! Thanks for the issue. I agree the documentation needs to be more clear about what happens when two rules have overlapping syscalls. What's happening is that In this specific case I could also add some validation to the SystemIO methods as well, but in the general case two different RuleSets can both enable I thought this behavior wasn't great for extrasafe because it's easy to accidentally enable Do you think printing a warning to stderr would be useful here, besides improving the documentation? "A parameterized rule would have been overridden by the current rule, so the global rule is being ignored." In this specific case I could also add some validation to the SystemIO methods as well, but in the general case two different RuleSets can both enable |
|
Thank you for your reply. Is it possible to just return
|
That's a very good point :) Returning ConditionalNoEffectError in this case might be the best option since you're the second person to bring it up. I was also briefly exploring switching to seccompiler from libseccomp which might make it easier to control this behavior - as far as I'm aware it's not inherent to seccomp itself, just how libseccomp generates its bpf programs. Another option would be adding a typestate <ReadParameterized, WriteParameterized, ...etc.> parameter to the SystemIO struct that would not implement calling Another option might be adding a I guess given that the user can always define their own RuleSet it's okay to error in this case as well. |
When a RuleSet provides both a simple and conditional rule for a single syscall, in the past extrasafe would ignore the simple rule and only use the conditional rule. Now extrasafe will raise the same error as when two different RuleSets provided both simple and conditional rules. This fixes GitHub issue #6
|
Hi, I'm sorry it's taken me a year to get back to work on this project. I just pushed a branch with some cleanups I've been working on in preparation for seccompiler and landlock. I think it solves the issue. Also, it looks like my first comment here somehow got corrupted or maybe I was just very tired - there's an edit on it that seems strange. ¯\(ツ)/¯` |
When a RuleSet provides both a simple and conditional rule for a single syscall, in the past extrasafe would ignore the simple rule and only use the conditional rule. Now extrasafe will raise the same error as when two different RuleSets provided both simple and conditional rules. This fixes GitHub issue #6
When a RuleSet provides both a simple and conditional rule for a single syscall, in the past extrasafe would ignore the simple rule and only use the conditional rule. Now extrasafe will raise the same error as when two different RuleSets provided both simple and conditional rules. This fixes GitHub issue #6
|
I'm going to close this since you thumbs-up'd my previous comment. I'm also going to push a new release to crates.io today. If you run into more issues with this feel free to reopen this issue or make a new one! Thanks again for the report, and sorry it took me so long to get back to it. |
Hi.
I was really puzzled why reading from a file failed with a combination of
allow_stdinandallow_readand eventually found thatallow_stdinnegatedallow_read.I think it's confusing and the documentation should make it clear that those methods are exclusive.
The text was updated successfully, but these errors were encountered: