search

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.
https://ctc-oss.github.io/fapolicy-analyzer
GNU General Public License v3.0
12 stars 5 forks source link

Testing Rel 1.0.1-1 over FC38. Profiler arg state maintained from prior trial for cleared field #850

Closed tparchambault closed 1 year ago

tparchambault commented 1 year ago

I don't have full consistent duplication information yet. Will nail it down by Monday. Depending on the order of field entry, one can observe correct results, other times, Profiler UI state appears to be maintained from prior runs that don't reflect the current state of the UI text fields.

My comments on the fedora update site follow, but have added images:

Full install on clean FC38 platform. Installation via rpm was seamless. No issues observed.

Copied /usr/bin/pwd and /usr/bin/id into /home/toma as my-pwd and my-id respectively, w/env var: PATH=$PATH:. with the user's home directory not specified explicitly. No observed issues and expected results.

Copied /usr/bin/pwd to /tmp/my-pwd. Executed my-pwd as the user toma w/working dir /tmp w/envvar: PATH=$PATH:. Results were as expected with no observed issues.

profiler_my-pwd_root_tmp

After the above, attempted to execute pwd with the envvar PATH=$PATH:. (should have no effect) but pwd displayed the output

/tmp

profiler_pwd_root_home

tparchambault commented 1 year ago

Another example:

profiler_dupped_w_PATH_set

As of this moment, I believe the incorrect result occurs only when the PATH is set in the env var field, even though the value of PATH is not modified beyond the default PATH value. Other env vars being set did not result in symptom duplication.

tparchambault commented 1 year ago

Based on the following debug logging, I think $PATH needs to get expanded prior to dispatching to Redox.

INFO:root:validateArgs()
DEBUG:root:validateArgs({'cmd': 'pwd', 'arg': None, 'uid': None, 'pwd': '/tmp', 'env': 'PATH=$PATH:/a/meaningless/path/'}
DEBUG:root:Processing current working dir: /tmp
DEBUG:root:FaProfSession::validateArgs() --> pwd verified
DEBUG:root:expand_path($PATH:/a/meaningless/path/, /tmp)
DEBUG:root:expand_path::path = /usr/sbin:/usr/bin:/sbin:/bin:/root/bin:/a/meaningless/path/
DEBUG:root:exec=pwd, Profiling PATH = /usr/sbin:/usr/bin:/sbin:/bin:/root/bin:/a/meaningless/path/
INFO:root:_rel_tgt_which() - return value:/usr/bin/pwd
DEBUG:root:Entry text = {'cmd': 'pwd', 'arg': None, 'uid': None, 'pwd': '/tmp', 'env': 'PATH=$PATH:/a/meaningless/path/', 'env_dict': {'PATH': '$PATH:/a/meaningless/path/'}}
DEBUG:root:dispatch( START_PROFILING_REQUEST )
DEBUG:fapolicy_pyo3.profiler:profile_all pwd
thread '<unnamed>' panicked at 'called `Result::unwrap()` on an `Err` value: Os { code: 2, kind: NotFound, message: "No such file or directory" }', crates/pyo3/src/profiler.rs:196:64
thread '<unnamed>' panicked at 'profiling failure: "Any { .. }"', crates/pyo3/src/profiler.rs:284:27