Hi,
anonym wrote (26 Nov 2013 17:11:30 GMT) :
> 21/11/13 09:10, intrigeri wrote:
> What do you think about commit c177710?
Much better. Simplified a bit more in commit 3b41123.
>> * Regarding "It would obviously require to drop `set -e`, because
>> errors are indeed what could cause this to happen." --> err, well,
>> I kinda disagree that letting errors propagate further, just so we
>> can enjoy detecting it later, is "obvious". "set -e" detects a given
>> class of error conditions, great. The proposed failsafe check would
>> detect another (probably overlapping) class of error conditions.
>> I think that both should coexist.
> My point is that `set -e` doesn't simply "detect" errors, like you put
> it; it *terminates* the script upon certain error conditions, which
> most likely prevents whatever failsafe we have from detecting its class
> of errors (at least the non-overlapping part) and warn the user etc. Or
> am I misunderstanding how you want this failsafe to be implemented?
I think I now see what you mean.
My main concern is that removing `set -e' could lead to situations
when the failure detection code or the "fail close" code itself fails
at runtime for some reason, and then a MAC spoofing failure goes
silently undetected.
What I meant was:
1. Have `set -e' detect its own class of errors and abort the
script, and let the caller of this script handle this nicely.
2. Have failsafe code at the end of tails-spoof-mac handle the cases
that `set -e' didn't detect.
However, the script we're talking of (tails-spoof-mac) is run by udev
rules, so my #1 above can't be done that easily.
How about:
1. Have the udev rule run a very simple, carefully written and
robust wrapper script that runs tails-spoof-mac.
2. Have failsafe code at the end of tails-spoof-mac handle the more
or less expected failure modes that `set -e' didn't detect (I
mean, e.g. some firmware that answers macchanger "yeah, OK, I'll
use this MAC address" but actually doesn't record the change),
and return 0 if the "fail close" protection can be
successfully applied.
3. Have the wrapper handle the unexpected cases when tails-spoof-mac
returns with non-zero exit code (presumably due to `set -e'
aborting it).
Then, the wrapper script is the only part that is not allowed to have
bugs, and we have a way to sanely handle bugs that tails-spoof-mac or
any of its dependencies (macchanger, our shell library) might expose
in corner cases we've not thought of yet.
Cheers!
--
intrigeri
| GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc
| OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc
