Remove (most) attacker-controlled error messages #537
Conversation
deeplow
changed the title
deeplow
force-pushed
the
456-remove-attacker-errors
branch
2 times, most recently
from
57795d3
to
bc4993d
Compare
There was a problem hiding this comment.
I have added some comments inline, but I also have one last general comment:
In order to remove all reliance on attacker-controlled messages, we should also mark our run_command invocations with the stage that the conversion takes place, probably with a Python constant, so that we can return an exit code that reflects it.
deeplow
force-pushed
the
456-remove-attacker-errors
branch
from
1d2aed5
to
5853356
Compare
|
I have resolved most of our discussions, and I've commented on some very small issues remaining. Other than that, feel free to merge the PR. BTW, regarding this:
Let's just have it in mind for the general error handling PR. |
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client. Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
Distinguish from podman or other errors in called binaries by shifting the error codes by 128.
deeplow
force-pushed
the
456-remove-attacker-errors
branch
2 times, most recently
from
d81f895
to
ee886ec
Compare
deeplow
force-pushed
the
456-remove-attacker-errors
branch
from
ee886ec
to
94f569c
Compare
Creates exceptions in the server code to be shared with the client via an identifying exit code. These exceptions are then reconstructed in the client.
Refs #456 but does not completely fix it. Unexpected exceptions and progress descriptions are still passed in Containers.
This was addressed in the process of fixing #430, since in Qubes we'll have server errors that we'll need to communicate.