[New-bugs-announce] [issue28429] ctypes fails to import with grsecurity's TPE
Glandos
report at bugs.python.org
Thu Oct 13 08:12:18 EDT 2016
New submission from Glandos:
When using a grsecurity kernel with TPE enabled, the following happens with an untrusted user:
Python 3.5.2+ (default, Sep 22 2016, 12:18:14)
[GCC 6.2.0 20160914] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from ctypes import CDLL
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python3.5/ctypes/__init__.py", line 537, in <module>
_reset_cache()
File "/usr/lib/python3.5/ctypes/__init__.py", line 276, in _reset_cache
CFUNCTYPE(c_int)(lambda: None)
MemoryError
And grsecurity complains:
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /tmp/#38928416 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /var/tmp/#15073678 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422450 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422452 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:29 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4425509 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
However, even if the solution should be to put the user in the trusted group, it seems that the involved call is just a workaround for Win64 platforms.
The program I used is using ctypes through the xattr package, which never used CFUNCTYPE. Is it possible to wrap this "fake call" into a try block?
----------
components: ctypes
messages: 278567
nosy: Glandos
priority: normal
severity: normal
status: open
title: ctypes fails to import with grsecurity's TPE
type: behavior
versions: Python 3.5
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28429>
_______________________________________
More information about the New-bugs-announce
mailing list