From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752466AbdEPT6G (ORCPT ); Tue, 16 May 2017 15:58:06 -0400 Received: from mout.web.de ([217.72.192.78]:58527 "EHLO mout.web.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750759AbdEPT6E (ORCPT ); Tue, 16 May 2017 15:58:04 -0400 Subject: Re: selinux: Use an other error code for an input validation failure in sidtab_insert() To: Paul Moore Cc: Casey Schaufler , Eric Paris , James Morris , "Serge E. Hallyn" , Stephen Smalley , William Roberts , linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov, LKML , kernel-janitors@vger.kernel.org References: <5704e656-708a-b611-5611-70fc65dc67e8@users.sourceforge.net> <38273216-97ad-7955-941a-68485534d39f@users.sourceforge.net> From: SF Markus Elfring Message-ID: Date: Tue, 16 May 2017 21:57:36 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:sbPI3M3iVcZ9xDDEhdjF5wZApuhVeBk0zRXAGetTFKi6k5M8oiU sc7b8JVm3WXsCQuY0wl/2k3xLST0BYUNhRCe7jsOhPGNTYAQbk2w0/Lj0EOpmGgdy06+j2/ S8XZyfQh46CdRrxbRi2tTNZACh7y63zXsUy752SJ+y0lWigaKIU1zSriHy9JBoseaZy8oM9 KQfejZuzRnEvphvYAay1g== X-UI-Out-Filterresults: notjunk:1;V01:K0:sHypPC1w6Ig=:qUU7PYLbcYxUtKi5P0bwkA Uo3jivIUPJdGaNNPImqrfFIWwZV+7k7vjOyYBouicS7SVNT3chMyP3oKTkeqUuxxW9EJ/bvuv OzepKDz0gIlVF7IqFIanlJpJ363ZejPCcaC6I93TUYKE2EZk2AhBrbieAYnKcqSLKEWkPri2j oYBUzOGCdpy11ybbrAU7TDu2jQa97rfq6s6aC1pE7uB5n7YI3k6qFeq3dpsj0pBMmn5Rx14pc 11GJw+KrRT4/HQLPIKDEnpnjksqwsPeBB6inWCG5m9fKR0SjIFEW8+oviCzzoFgx1ibC4up+1 h7bk8rcN2k4W2Vo9UlN8Vwa7ZQN7Wzud0xxsaN0JGLqK9iIJUSUliPvXh9knb4js1qzNvObZw gOmq5vnmNNl9/YPqCgnkR9+b3Jt7nExuGPIyE9s9d9BN1Sc6h/FYIpjM0a+mSWjFb73rkseAW eByYrrDO7DGVjqU8OUy/mUCq/Rxxg2YKi0omVDg7vIP/RzxhRNAKhdHXSFtRD6rzRrYrEmQMD 0/19C7zApoJ/cRfyrIHm7tANVhGBdqwOyetCPGfcnVQY26z91Dj+u6HM2qRX5StZv4b1H4ey/ 0mc8p+2rNOc0yfrJRbyYVi5nPYkkJAvjpuuL/ro2D3bngBsUn0fz9SA4C17SE417bPdwKftsj pkI/H5anPfznZmcHg/+W6BVAIrzvHoMj4GnqUTaQuGd9PNwsmIVT567S+aQFNMjWY+2Bmd4Pf 6DdByrUwGf5uBaqVgvdXehqOer9MWD1zUrsprzSVYZfY9wZSJC5VkPjfz5QzjyPA2/1bGmd2F rbbgPlm Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Have you tested this to determine any impact it may have on the > SELinux userspace? Not yet. > I would agree that EINVAL is probably more appropriate in this case, Thanks that a part of your view seems to fit also to mine. > but changing this return code has very little value I would appreciate if this aspect can clarified a bit more. > and may disrupt userspace if it assumes EINVAL means something else > when the policy load fails. Would you find an other error code better there? Do you care to distinguish an input validation failure in a specific function implementation from other error situations? Regards, Markus From mboxrd@z Thu Jan 1 00:00:00 1970 From: SF Markus Elfring Date: Tue, 16 May 2017 19:57:36 +0000 Subject: Re: selinux: Use an other error code for an input validation failure in sidtab_insert() Message-Id: List-Id: References: <5704e656-708a-b611-5611-70fc65dc67e8@users.sourceforge.net> <38273216-97ad-7955-941a-68485534d39f@users.sourceforge.net> In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: linux-security-module@vger.kernel.org > Have you tested this to determine any impact it may have on the > SELinux userspace? Not yet. > I would agree that EINVAL is probably more appropriate in this case, Thanks that a part of your view seems to fit also to mine. > but changing this return code has very little value I would appreciate if this aspect can clarified a bit more. > and may disrupt userspace if it assumes EINVAL means something else > when the policy load fails. Would you find an other error code better there? Do you care to distinguish an input validation failure in a specific function implementation from other error situations? Regards, Markus From mboxrd@z Thu Jan 1 00:00:00 1970 From: elfring@users.sourceforge.net (SF Markus Elfring) Date: Tue, 16 May 2017 21:57:36 +0200 Subject: selinux: Use an other error code for an input validation failure in sidtab_insert() In-Reply-To: References: <5704e656-708a-b611-5611-70fc65dc67e8@users.sourceforge.net> <38273216-97ad-7955-941a-68485534d39f@users.sourceforge.net> Message-ID: To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org > Have you tested this to determine any impact it may have on the > SELinux userspace? Not yet. > I would agree that EINVAL is probably more appropriate in this case, Thanks that a part of your view seems to fit also to mine. > but changing this return code has very little value I would appreciate if this aspect can clarified a bit more. > and may disrupt userspace if it assumes EINVAL means something else > when the policy load fails. Would you find an other error code better there? Do you care to distinguish an input validation failure in a specific function implementation from other error situations? Regards, Markus -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo at vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html