[issue9385] python-2.6.5 and 3.2.1 uses 'rwx' mmap() calls for the ctypes module
Radoslaw Madej
report at bugs.python.org
Mon Jul 26 19:02:36 CEST 2010
New submission from Radoslaw Madej <radegand at o2.pl>:
Hi,
Python ctypes module creates a 'rwx' memory mapping (defined in malloc_closure.c) which causes python to crash when running under grsecurity enabled kernel and could also have a negative security impact.
Is there any specific need for the mmap call to create an executable mapping or can it be safely removed?
Please refer here for more information and proposed patch:
http://bugs.gentoo.org/show_bug.cgi?id=329499
The actual mmap call:
item = (ITEM *)mmap(NULL,
count * sizeof(ITEM),
PROT_READ | PROT_WRITE | PROT_EXEC,
MAP_PRIVATE | MAP_ANONYMOUS,
-1,
0);
There has been further investigation done by Gentoo users and work towards python handling this error gracefully rather than segfaulting. It seems that dereference at Py_XDECREF(self->restype); (line 23 of Modules/_ctypes/callbacks.c) causes the segfault.
Thanks.
----------
assignee: theller
components: ctypes
messages: 111644
nosy: radegand532, theller
priority: normal
severity: normal
status: open
title: python-2.6.5 and 3.2.1 uses 'rwx' mmap() calls for the ctypes module
type: security
versions: Python 2.6, Python 3.2
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue9385>
_______________________________________
More information about the Python-bugs-list
mailing list