Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 342893 - dev-lang/python segfaults on 'import ctypes'
Summary: dev-lang/python segfaults on 'import ctypes'
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Python Gentoo Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-27 08:39 UTC by Pavel Labushev
Modified: 2011-09-16 14:02 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Pavel Labushev 2010-10-27 08:39:01 UTC 
I encountered segfaults with python-2.6.6-r1 and python-3.2_pre20101024 (python-3.1.2-r4 also affected) inside read-only chroot on a Hardened system:

# mkdir /tmp/readonly_chroot
# mount --bind / /tmp/readonly_chroot
# mount -o ro,remount /tmp/readonly_chroot
# mount -t proc proc /tmp/readonly_chroot/proc
# chroot /tmp/readonly_chroot /bin/bash
# python2.6 -c "import ctypes"
Segmentation fault

Grsecurity logs:
It Oct 24 05:57:44 [kernel] grsec: denied RWX mmap of <anonymous mapping> by
/tmp/readonly_chroot/usr/bin/python2.6[python2.6:31335] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:20184] uid/euid:0/0 gid/egid:0/0
Oct 24 05:57:44 [kernel] grsec: Segmentation fault occurred at 7465725f in
/tmp/readonly_chroot/usr/bin/python2.6[python2.6:31335] uid/euid:0/0
gid/egid:0/0, parent /bin/bash[bash:20184] uid/euid:0/0 gid/egid:0/0


And for python-3.2_pre20101024:

# chroot /home/root/python3.2_readonly_chroot /bin/bash
# qlist -IvCU dev-lang/python:3.2
dev-lang/python-3.2_pre20101024 (doc examples ncurses readline sqlite ssl threads wide-unicode xml)
# python3.2 -c "import ctypes"
Segmentation fault

Grsecurity logs (note there's no "denied RWX mmap" messages):
Oct 27 16:06:03 [kernel] grsec: Segmentation fault occurred at 00000074 in /home/root/python3.2_readonly_chroot/usr/bin/python3.2[python3.2:15629] uid/euid:0/0 gid/egid:0/0, parent /home/root/python3.2_readonly_chroot/bin/bash[bash:15617] uid/euid:0/0 gid/egid:0/0


And another issue is due to TPE restrictions when python tries to map
executable some untrusted temporary .so file generated by libffi:

testing@worm3 ~ $ id
uid=1219(testing) gid=1221(testing) groups=1221(testing)
testing@worm3 ~ $ python -c "import ctypes"
Segmentation fault

Grsecurity logs:
Oct 24 06:01:48 [kernel] grsec: denied untrusted exec of
/home/testing/ffiCigB2E by /usr/bin/python2.6[python2.6:31420]
uid/euid:1219/1219 gid/egid:1221/1221, parent /bin/bash[bash:31406]
uid/euid:1219/1219 gid/egid:1221/1221
Oct 24 06:01:48 [kernel] grsec: Segmentation fault occurred at 7465725f in
/usr/bin/python2.6[python2.6:31420] uid/euid:1219/1219 gid/egid:1221/1221,
parent /bin/bash[bash:31406] uid/euid:1219/1219 gid/egid:1221/1221

Workaround is to add user testing to trusted TPE group:

$ id
uid=1219(testing) gid=1221(testing) groups=1221(testing),500(tpe)
$ python -c "import ctypes"
$ 

And for python-3.2_pre20101024:

$ qlist -IvCU dev-lang/python:3.2
dev-lang/python-3.2_pre20101024 (doc examples ncurses readline sqlite ssl threads wide-unicode xml)
$ id
uid=1219(testing) gid=1221(testing) groups=1221(testing)
$ python3.2 -c "import ctypes"
Segmentation fault

Grsecurity logs:
Oct 27 16:08:44 [kernel] grsec: denied untrusted exec of /home/root/python3.2_chroot/home/testing/ffiyT9ngL by /home/root/python3.2_chroot/usr/bin/python3.2[python3.2:15680] uid/euid:1219/1219 gid/egid:1221/1221, parent /home/root/python3.2_chroot/bin/bash[bash:15668] uid/euid:1219/1219 gid/egid:1221/1221
Oct 27 16:08:44 [kernel] grsec: Segmentation fault occurred at 00000074 in /home/root/python3.2_chroot/usr/bin/python3.2[python3.2:15680] uid/euid:1219/1219 gid/egid:1221/1221, parent /home/root/python3.2_chroot/bin/bash[bash:15668] uid/euid:1219/1219 gid/egid:1221/1221

The workaround is the same as for python-2.6.6-r1.
Comment 1 Dirkjan Ochtman (RETIRED) gentoo-dev 2010-10-27 09:24:04 UTC 
Is this a dupe of bug 329499, by any chance?
Comment 2 Pavel Labushev 2010-10-27 09:50:38 UTC 
(In reply to comment #1)
> Is this a dupe of bug 329499, by any chance?

Kind of dupe. Arfrever asked me to file a separate bug.
Comment 3 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2010-10-29 19:36:49 UTC 
It's a different bug in the same module.
Reporter: Please report this problem to upstream: http://bugs.python.org/
Comment 4 Nikoli 2011-01-23 19:53:34 UTC 
Same problem without hardened. gajim, gramps are broken.

Portage 2.1.9.25 (default/linux/amd64/10.0/desktop, gcc-4.4.4, glibc-2.11.2-r3, 2.6.36-gentoo-r5 x86_64)
=================================================================
Timestamp of tree: Sun, 23 Jan 2011 17:45:01 +0000
ccache version 2.4 [enabled]
app-shells/bash:     4.1_p9
dev-lang/python:     2.6.6-r1
dev-util/ccache:     2.4-r9
dev-util/cmake:      2.8.1-r2
sys-apps/baselayout: 2.0.1-r1
sys-apps/openrc:     0.6.8
sys-apps/sandbox:    2.4
sys-devel/autoconf:  2.65-r1
sys-devel/automake:  1.11.1
sys-devel/binutils:  2.20.1-r1
sys-devel/gcc:       4.4.4-r2
sys-devel/gcc-config: 1.4.1
sys-devel/libtool:   2.2.10
sys-devel/make:      3.81-r2
virtual/os-headers:  2.6.30-r1 (sys-kernel/linux-headers)
ACCEPT_KEYWORDS="amd64"
ACCEPT_LICENSE="* -@EULA"
CBUILD="x86_64-pc-linux-gnu"
CFLAGS="-march=core2 -O2 -pipe"
CHOST="x86_64-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/share/config /usr/share/openvpn/easy-rsa /usr/share/themes/oxygen-gtk/gtk-2.0"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo"
CXXFLAGS="-march=core2 -O2 -pipe"
FEATURES="assume-digests binpkg-logs ccache distlocks fixlafiles fixpackages news parallel-fetch protect-owned sandbox sfperms strict test unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync"
LANG="en_US.UTF-8"
LDFLAGS="-Wl,-O1 -Wl,--as-needed"
LINGUAS="ru en"
MAKEOPTS="-j3"
PORTAGE_CONFIGROOT="/"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/var/lib/layman/nikoli"
USE="7zip X a52 aac acl acpi akonadi alsa amd64 amr ares atm audiofile bash-completion bluetooth bzip2 cairo cdda cddb cdio cdparanoia cdr celt cli consolekit cracklib crypt css cups cxx dbus djvu dri dts dv dvd dvdr emboss encode exif ffmpeg firefox flac fluidsynth fontconfig fortran gd gdu geoip gif gimp glitz gmp gnutls gphoto2 gpm graphviz gsm gstreamer gtk hal handbook iconv id3tag idn ieee1394 ilbc imagemagick imap imlib iphone ipod ipv6 jbig jpeg jpeg2k kde kipi kontact ladspa lame laptop lcms libproxy libsamplerate libwww lm_sensors lzma lzo mad matroska mikmod mmx mmxext mng modplug modules mp3 mp4 mpeg mtp mudflap multilib musepack musicbrainz ncurses nls nptl nptlonly ntfs nvidia obex ogg openal openexr opengl openmp pam pango pcre pdf perl pg-intdatetime phonon plasma pm-utils png policykit ppds pppd qt3support qt4 quicktime rar raw readline reiserfs rtmp sasl scanner schroedinger semantic-desktop session smp sndfile socks5 speex spell sqlite sse sse2 sse3 ssl ssse3 startup-notification svg symlink sysfs taglib theora threads thumbnail tiff truetype tta udev unicode upnp usb v4l v4l2 vaapi vcd vdpau vorbis vpx wavpack webkit wifi wma wmf wps x264 xcb xcomposite xface xml xmp xorg xpm xscreensaver xulrunner xv xvid zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="ru en" NGINX_MODULES_HTTP="access auth_basic autoindex fastcgi gzip rewrite" PHP_TARGETS="php5-3" QEMU_SOFTMMU_TARGETS="i386 x86_64" QEMU_USER_TARGETS="i386 x86_64" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="nouveau nv nvidia vesa" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account"
Comment 5 Arfrever Frehtes Taifersar Arahesis (RETIRED) gentoo-dev 2011-01-23 20:04:46 UTC 
(In reply to comment #4)
> Same problem

Probably no. If segmentation fault occurs in a different source file or on a different line of the same source file or if specified workaround (in this case: adding user to trusted TPE group) doesn't work, then it's a different problem.
Comment 6 Nikoli 2011-01-24 09:16:21 UTC 
Opened bug 352575
Comment 7 Dirkjan Ochtman (RETIRED) gentoo-dev 2011-09-16 14:02:36 UTC 
I'm going to tentatively mark this as fixed, feel free to re-open if it's still an issue.