Hi Armin,

Thanks for the solution!

I tired it, and found out a command "reload(socket)" could break it.

So I might consider my previous method is more safer.

The protection is at the function entry point. In addition, 'criticalsection' module and customized 'select' module are both build into libpypy-c.so. It might be more difficult to break.

And for the mentioned RPython error: "object with a __call__ is not RPython", any advices?

On Thu, May 28, 2015 at 11:41 PM, Armin Rigo <arigo@tunes.org> wrote:

Hi Yicong,

On 28 May 2015 at 17:09, Yicong Huang <hengha.mao@gmail.com> wrote:
> To achieve this purpose, here are my plans:
> 1. Write a builtin RPython module 'criticalsection', because I thought only
> builtin RPython module could be used for existed builtin RPython module
> 2. For the list of builtin functions that we might block, add the code in
> the begining of those functions, e.g.
>
> def epoll:
> if criticalsection.isInCriticalSection() and
> criticalsection.block('select.epoll')
> return None
> ... the original code...

How about this pure Python solution, which would give the equivalent
level of security (i.e., okish against naive code, but no hard
security against a motivated attacker):

def just_returns_none(*args, **kwds):
return None

def enter_critical_section():
socket.epoll = just_returns_none

original_socket_epoll = socket.epoll

def leave_criticial_section():
socket.epoll = original_socket_epoll

A bientôt,

Armin.