Do we break POSIX?

Do we break POSIX?

[Tom]

One point brought up by Theo DeRaadt during PacSec was that according
to POSIX, write operations can not return a permission denied error.

I could not argue with him on that because I have not actually read the
POSIX standard, but he has a valid point in that breaking standards
would be a big no.

Does anyone know immediately if this is so and if we are indeed
breaking POSIX? If nobody can answer that, I will find out myself, as
I've promised him to check.


-- 
PGP/GPG key: http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[Stephen Smalley]

On Mon, 2003-11-10 at 08:37, Tom wrote:
> One point brought up by Theo DeRaadt during PacSec was that according
> to POSIX, write operations can not return a permission denied error.
> 
> I could not argue with him on that because I have not actually read the
> POSIX standard, but he has a valid point in that breaking standards
> would be a big no.
> 
> Does anyone know immediately if this is so and if we are indeed
> breaking POSIX? If nobody can answer that, I will find out myself, as
> I've promised him to check.

NFS can yield the same behavior.  If you are holding a file open on the
client and writing to it, and someone changes the ownership of the file
on the server, then subsequent write() requests will fail with
Permission denied.  I just tested with a Linux client and server to
verify, and this is what happens.

-- 
Stephen Smalley <sds@epoch.ncsc.mil>
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[Richard Troth]

> NFS can yield the same behavior.  If you are holding a file open on the
> client and writing to it, and someone changes the ownership of the file
> on the server, then subsequent write() requests will fail with
> Permission denied.  I just tested with a Linux client and server to
> verify, and this is what happens.

Find a Sun.
Test with Solaris.
(Just to be more sure.)

-- R;


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [selinux] Do we break POSIX?

[Magosányi Árpád]

Hi!

write(2) on linux does not actually lists EACCESS as a possible error
value. It also says: "Other errors may occur, depending on the object
connected to fd."
Let's assume for now that returning permission denied error from write
operation breaks POSIX.

I would not consider it a big issue, because
	-write can do error return, and any well-behaved application
	should handle that, even when the error code is unexpected
	-if you want to be posixly correct, you can still give EIO
	as the error code
	-revocation of permission to write occurs infrequently,
	as normally programs do not cross domains, and policy is
	reloaded only very infrequently. And you make your trusted
	procedures error resistant, don't you?

A levelezőm azt hiszi, hogy Tom a következőeket írta:
> One point brought up by Theo DeRaadt during PacSec was that according
> to POSIX, write operations can not return a permission denied error.
> 
> I could not argue with him on that because I have not actually read the
> POSIX standard, but he has a valid point in that breaking standards
> would be a big no.
> 
> Does anyone know immediately if this is so and if we are indeed
> breaking POSIX? If nobody can answer that, I will find out myself, as
> I've promised him to check.
> 
> 
> -- 
> PGP/GPG key: http://web.lemuria.org/pubkey.html
> pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org>
>      Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5
> 
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
> 

-- 
GNU GPL: csak tiszta forrásból


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

RE: Do we break POSIX?

[Miner, Jonathan W]

Solaris behaves the same way.

-----Original Message-----
From: Richard Troth
To: Stephen Smalley
Cc: Tom; selinux@tycho.nsa.gov
Sent: 11/10/03 12:18 PM
Subject: Re: Do we break POSIX?

> NFS can yield the same behavior.  If you are holding a file open on
the
> client and writing to it, and someone changes the ownership of the
file
> on the server, then subsequent write() requests will fail with
> Permission denied.  I just tested with a Linux client and server to
> verify, and this is what happens.

Find a Sun.
Test with Solaris.
(Just to be more sure.)
-------

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[Thorsten Kukuk]

On Mon, Nov 10, Tom wrote:

> One point brought up by Theo DeRaadt during PacSec was that according
> to POSIX, write operations can not return a permission denied error.
> 
> I could not argue with him on that because I have not actually read the
> POSIX standard, but he has a valid point in that breaking standards
> would be a big no.
> 
> Does anyone know immediately if this is so and if we are indeed
> breaking POSIX? If nobody can answer that, I will find out myself, as
> I've promised him to check.

The write( ) function may fail if:
[EACCES]            A write was attempted on a socket and the calling
                    process does not have appropriate privileges.

POSIX says nothing about files, but for sockets, EACCES is a valid
error code.

  Thorsten

-- 
Thorsten Kukuk       http://www.suse.de/~kukuk/        kukuk@suse.de
SuSE Linux AG        Deutschherrnstr. 15-19        D-90429 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[James Morris]

On Mon, 10 Nov 2003, Tom wrote:

> One point brought up by Theo DeRaadt during PacSec was that according
> to POSIX, write operations can not return a permission denied error.
> 
> I could not argue with him on that because I have not actually read the
> POSIX standard, but he has a valid point in that breaking standards
> would be a big no.
> 
> Does anyone know immediately if this is so and if we are indeed
> breaking POSIX? If nobody can answer that, I will find out myself, as
> I've promised him to check.

No, we do not break Posix, as anyone can add new error codes.


- James
-- 
James Morris
<jmorris@redhat.com>



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[James Morris]

Also, here is the relevant quote from IEEE Std 1003.1:

  Implementations may support additional errors not included in this list, 
  may generate errors included in this list under circumstances other than 
  those described here, or may contain extensions or limitations that 
  prevent some errors from occurring. The ERRORS section on each reference 
  page specifies whether an error shall be returned, or whether it may be 
  returned. Implementations shall not generate a different error number 
  from the ones described here for error conditions described in this volume of 
  IEEE Std 1003.1-2001, but may generate additional errors unless 
  explicitly disallowed for a particular function.



- James
-- 
James Morris
<jmorris@redhat.com>



--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: Do we break POSIX?

[Jakob Oestergaard]

On Mon, Nov 10, 2003 at 09:02:05AM -0500, Stephen Smalley wrote:
...
> > 
> > Does anyone know immediately if this is so and if we are indeed
> > breaking POSIX? If nobody can answer that, I will find out myself, as
> > I've promised him to check.
> 
> NFS can yield the same behavior.  If you are holding a file open on the
> client and writing to it, and someone changes the ownership of the file
> on the server, then subsequent write() requests will fail with
> Permission denied.  I just tested with a Linux client and server to
> verify, and this is what happens.

Yep.

But NFS doesn't claim to have POSIX semantics.

I doubt there are any real-world programs that would treat a write
returning -1 with errno set to an 'unknown error', as a successful
write.

(if such a program should exist, the author will be most thoroughly
 dealt with when I take over  ;)

So all in all I think that you are both correct, but the (my) conclusion
is that it wouldn't matter if write returned EACCESS.

 / jakob


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.