Re: [qubes-devel] qrexec parser - !include-dir allows multiple params
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23-05-26 16:55:19, Ben Grande wrote: > The more general question is, can we avoid runtime to detect these kind > of problems? I don't believe this is an error on qubes-policy-lint, as > it is simply using StringPolicy. > > -- > Benjamin Grande I ate my tongue, problem is with qubes-policy-lint, which I will be fixing and pushing to the lint branch. Sorry for trouble. - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHDw918UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h7hJAPsEyRZgVVK0Bl4GwogToA0MPX7l/gwif/A3cCDdBfm0WQD8D+Z3sxcMgdbu pqdBr61ZD/3n/QMSXLt/+hDAtmZxbQY= =UQWh -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHDw%2BDye/kodVFx1%40personal-mutt.
Re: [qubes-devel] qrexec parser - !include-dir allows multiple params
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23-05-26 16:09:45, Ben Grande wrote: > On 23-05-26 17:57:56, Marek Marczykowski-Górecki wrote: > > On Fri, May 26, 2023 at 03:48:18PM +, Ben Grande wrote: > > > Issue report. > > > > > > Fails: > > > !include a b > > > Works: > > > !include-dir a b > > > > > > I believe that !include-dir should also throw an exception on invalid > > > number of params, but it currently doesn't. I did not understand why > > > !include can raise the exception and !include-dir, that has the same > > > code, doesn't. > > > > I can't confirm it, for me both fail. Which qrexec package versions do > > you have? > > 4.1.21 > Noticed something strange, the parser does not throw an error when > calling with qubes-policy-lint, it only throws error during runtime. > Can this be improved? > Test with TestPolicy and StringPolicy and see what happens instead of > checking the logs, which are runtime. Some testing showed me that using !include-dir in an old format policy (which should not be allowed) such as the ones in include/ shows the error during runtime, but not when calling the parser with StringPolicy. The more general question is, can we avoid runtime to detect these kind of problems? I don't believe this is an error on qubes-policy-lint, as it is simply using StringPolicy. - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHDkdl8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h4a2AQDSLnvINAZxV038ew+hOVkL6zIXjaSAyDypIOn/VRnvWAEAoyTLwZLfUokn ykJQtAeipkPO6U1xNR3OQirlSjiDsgQ= =9XdS -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHDkd4M1d4%2BFcA5t%40personal-mutt.
Re: [qubes-devel] qrexec parser - !include-dir allows multiple params
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 23-05-26 17:57:56, Marek Marczykowski-Górecki wrote: > On Fri, May 26, 2023 at 03:48:18PM +, Ben Grande wrote: > > Issue report. > > > > Fails: > > !include a b > > Works: > > !include-dir a b > > > > I believe that !include-dir should also throw an exception on invalid > > number of params, but it currently doesn't. I did not understand why > > !include can raise the exception and !include-dir, that has the same > > code, doesn't. > > I can't confirm it, for me both fail. Which qrexec package versions do > you have? 4.1.21 Noticed something strange, the parser does not throw an error when calling with qubes-policy-lint, it only throws error during runtime. Can this be improved? Test with TestPolicy and StringPolicy and see what happens instead of checking the logs, which are runtime. > > -- > Best Regards, > Marek Marczykowski-Górecki > Invisible Things Lab > > -- > You received this message because you are subscribed to the Google Groups > "qubes-devel" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to qubes-devel+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/qubes-devel/ZHDXBA2xtK63nJab%40mail-itl. - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHDZyF8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h+wFAQDmtL6KUnHiLaWtb/eGJHY2PbGEx3H4EW1686Uql5lWegEAo8/2enQZDzvU wQqwP6soH1ddnBh2E5SCldk9zdvHEAQ= =eW89 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHDZyZNJuQ7DEf%2BO%40personal-mutt.
Re: [qubes-devel] qrexec parser - !include-dir allows multiple params
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, May 26, 2023 at 03:48:18PM +, Ben Grande wrote: > Issue report. > > Fails: > !include a b > Works: > !include-dir a b > > I believe that !include-dir should also throw an exception on invalid > number of params, but it currently doesn't. I did not understand why > !include can raise the exception and !include-dir, that has the same > code, doesn't. I can't confirm it, for me both fail. Which qrexec package versions do you have? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab -BEGIN PGP SIGNATURE- iQEzBAEBCAAdFiEEhrpukzGPukRmQqkK24/THMrX1ywFAmRw1wQACgkQ24/THMrX 1yxIeAf/Yc3wYavWlq6a+4CbPfWWXsXTdP6L2dqKMYga+Dpj2V21/NN7/5csYbxT h3DzojeSgO/I2Q3ltvcY3jA724dsd9WhXwfvH/bPXqulnZ6vROslVZhUBENGmo/x ZY2xTK+nTAhBOBxXyucNYPEaN/9NXVFEBssBNblEPmO4ep9Qgbvr1N2YMTJURQrZ Uj82wwJHud3HtoJpx6Xk96d3P7XKjz4PwFw8XVqeyCjk2WGPSGIDZtK3InKWpxJV kgAT12HHaq6TcDZXUS7s+ZFIzojUZhjBnG3PCgJnx+VbLlLbtkmhKieZG1BjQQsn xxdUSRbYpUItzxcFqSergC3Auql37w== =NpuG -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHDXBA2xtK63nJab%40mail-itl.
[qubes-devel] qrexec parser - !include-dir allows multiple params
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Issue report. Fails: !include a b Works: !include-dir a b I believe that !include-dir should also throw an exception on invalid number of params, but it currently doesn't. I did not understand why !include can raise the exception and !include-dir, that has the same code, doesn't. - -- Benjamin Grande -BEGIN PGP SIGNATURE- iNUEARYKAH0WIQRklnEdsUUe50UmvUUbcxS/DMyWhwUCZHDUwl8UgAAuAChp c3N1ZXItZnByQG5vdGF0aW9ucy5vcGVucGdwLmZpZnRoaG9yc2VtYW4ubmV0NjQ5 NjcxMURCMTQ1MUVFNzQ1MjZCRDQ1MUI3MzE0QkYwQ0NDOTY4NwAKCRAbcxS/DMyW h3NHAQCIJhtdzkhVsjleqw+7isOsJ7xPtlAb0pXeBWpnf8vz1gEAs7NNUgZsBiv4 DHUOEC1oV9wPWcFAB+LEyXG0We65oQ8= =N8Uz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/ZHDUwgAjymZlHJYM%40personal-mutt.