polgen and strace

polgen and strace

[Manoj Srivastava]

Hi,

        While poking around in polgen (in preparation for packaging it
 for Debian), I noticed that it has the full set of sources for
 strace!  I am not sure I could use that (the strace maintainer would
 be upset f I hijacked strace or forked it in Debian ;-);

	I might be able to get strace patched, though, if the patches
 were not too intrusive., but I was not able to find a canonical
 location for strace patches.

	Would polgen work with a vanilla strace? Are there plans for
 pushing strace changes upstream?

	manoj
-- 
"Live or die, I'll make a million." Reebus Kneebus, before his jump to
the center of the earth, Firesign Theater
Manoj Srivastava   <manoj.srivastava@stdc.com>    <srivasta@acm.org> 
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: polgen and strace

[John D. Ramsdell]

Manoj Srivastava <manoj.srivastava@stdc.com> writes:

>         While poking around in polgen (in preparation for packaging
>  it for Debian), I noticed that it has the full set of sources for
>  strace!

The strace that is part of polgen has been changed so that when one
specifies the -X option, it adds security context information to its
output.  This added output is essential to the analysis that follows.

Polgen 0.8 has a version of strace based on version 4.5.6.  Late last
week, I noticed Polgen's strace died a horrible death when tracing
Java programs.  I found out that the standard 4.5.6 release has the
same problem, but the version that comes with FC3 works.

I have a new version of SE Linux enhanced strace based on version
4.5.8 in my CVS repository, and this version allows us to analyze Java
programs.  Let me simply say, there is a lot going on in a Java VM!
People interested in policies that implement the principle of least
privileges have a lot to do.  A new polgen release that includes this
improvement is coming soon.

> 	Would polgen work with a vanilla strace? Are there plans for
> pushing strace changes upstream?

Polgen would not work with vanilla strace.  We have offered the
changes to the strace maintainers, but have not received a word one
way or the other as to their interest in supporting the -X option.  

> 	I might be able to get strace patched, though, if the patches
> were not too intrusive., but I was not able to find a canonical
> location for strace patches.

I can make up the patch, but I'm not sure it would help.

By the way, the polgen program strace2tsv transforms strace output
into tab separated values.  It should be useful to anyone analyzing
strace output with another program.  It works with vanilla strace too.
Polgen has a manual page for this program.

What does one do to package polgen for Debian?  Is there something I
can add to the polgen sources that would facilitate this process.  I
don't know much about Debian packaging, so hand holding is in order.

John

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: polgen and strace

[Manoj Srivastava]

On 16 Nov 2004 08:43:30 -0500, John D Ramsdell <ramsdell@mitre.org> said: 

> Manoj Srivastava <manoj.srivastava@stdc.com> writes:
>> While poking around in polgen (in preparation for packaging it for
>> Debian), I noticed that it has the full set of sources for strace!

> The strace that is part of polgen has been changed so that when one
> specifies the -X option, it adds security context information to its
> output.  This added output is essential to the analysis that
> follows.

>> Would polgen work with a vanilla strace? Are there plans for
>> pushing strace changes upstream?

> Polgen would not work with vanilla strace.  We have offered the
> changes to the strace maintainers, but have not received a word one
> way or the other as to their interest in supporting the -X option.

	I see. However, I could still try to get the patch accepted by
 Debian, which would be good. Oh, and Debian's strasce is also 4.5.8
 at this point.

>> I might be able to get strace patched, though, if the patches were
>> not too intrusive., but I was not able to find a canonical location
>> for strace patches.

> I can make up the patch, but I'm not sure it would help.

	A clean patch would make the task of convincing the Debian
 strace maintainer a lot easier.

> What does one do to package polgen for Debian?  Is there something I
> can add to the polgen sources that would facilitate this process.  I
> don't know much about Debian packaging, so hand holding is in order.

	Oh, there is no technical issue with regards to packaging
 strace itself, the problem lies in integration into the Debian
 distribution, and adherence to debian technical policy. 

	manoj
-- 
Any given program, when running, is obsolete.
Manoj Srivastava   <manoj.srivastava@stdc.com>    <srivasta@acm.org> 
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: polgen and strace

[John D. Ramsdell]

Manoj Srivastava <manoj.srivastava@stdc.com> writes:

> 	I see. However, I could still try to get the patch accepted by
>  Debian, which would be good. Oh, and Debian's strasce is also 4.5.8
>  at this point.
> 
> >> I might be able to get strace patched, though, if the patches were
> >> not too intrusive., but I was not able to find a canonical location
> >> for strace patches.
> 
> > I can make up the patch, but I'm not sure it would help.
> 
> 	A clean patch would make the task of convincing the Debian
>  strace maintainer a lot easier.

I have made the patch available to all at 

http://simp.mitre.org/selinux

John

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: polgen and strace

[Steve G]

>I have made the patch available to all at 
>
>http://simp.mitre.org/selinux

The patch removes the guts of the COPYING file. I wouldn't touch that file. I'd
leave it the way the authors tar'ed it up so that no one says the license changed
due to a 3rd party patch.

The patch should also modify strace.1 to add the -X option. Otherwise looks OK to
me.

-Steve Grubb


		
__________________________________ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: polgen and strace

[John D. Ramsdell]

Steve G <linux_4ever@yahoo.com> writes:

> >I have made the patch available to all at 
> >
> >http://simp.mitre.org/selinux
> 

> The patch removes the guts of the COPYING file. I wouldn't touch
> that file. I'd leave it the way the authors tar'ed it up so that no
> one says the license changed due to a 3rd party patch.

Ugh.  I don't know what happened to the COPYING file in my CVS
repository, but I put it back, and I fixed the patch.

> The patch should also modify strace.1 to add the -X
> option. Otherwise looks OK to me.

Good call.  Will do.  Thanks.

John

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

SELinux enhanced strace patch

[John D. Ramsdell]

I finally tracked down and resolved all the issues with the SELinux
enhancement patch for strace 4.5.8, and placed an updated patch here:

http://simp.mitre.org/selinux

The new patch updates the strace(1) manual page so that it describes
the -X option, the one that requests that security contexts be printed
whenever possible.

The copyright issue has also been resolved.  It turns out that in the
strace project's CVS repository on SourceForge, the strace module has
no COPYING file in its root directory.  It does, however, have a file
named COPYRIGHT.  This file contains what appears to me to be a BSD
license, although it's not identical to the BSD license on
http://opensource.org.

So why does a standard strace distribution include a copy of the GPL
in a file named COPYING?  I suspect the answer is this.

When checked out, strace module does not have several files that must
be included in a distribution.  These files are created with:

  $ autoreconf -i

The -i option installs missing auxiliary files.  If no file exists
called COPYING, it will install a version of that file that contains
the GPL.  As a result, a distribution contains two incompatible
licenses!  As near as I can tell, someone receiving the distribution
has no way of knowing the conditions of using the software.  The file
COPYRIGHT should be renamed to COPYING.

There is one more odd thing about what is in the strace module.  It
contains the files config.guess, config.sub, and install-sh.  The
files are also installed by autoreconf when missing.  It's a good idea
to let it install these files so that distributions get the latest
versions of them.

John

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.