Python ctypes segmentation fault when rootfs is read-only and /tmp is noexec -


i'm trying use python embedded app on arm processor running linux (cpython 2.7.3 cross-compiled x86/linux). worked until started securing device prevent tampering. first made rootfs read-only, both prevent corruption of rootfs on sudden loss of power , prevent modification our main code unauthorized users. still, python , our ctypes libraries continued working normal. /tmp directory gets mapped tmpfs (ramdrive). step of hardening set noexec flag on tmpfs partition prevent users somehow uploading code lead local root exploit. both of options set, importing ctypes produces immediate segfault:

root@atx4:~# python                                  python 2.7.3 (default, jul 16 2013, 17:15:57)  [gcc 4.3.3] on linux2 type "help", "copyright", "credits" or "license" more information. >>> import ctypes segmentation fault

interestingly enough, of changes below allows ctypes work correctly:

  1. remounting rootfs read-write
  2. remounting tmpfs without noexec
  3. remounting /dev/shm without noexec

any idea what's causing this? now, i've made /dev/shm mount without noexec, , restrict least possible users.

i cannot reproduce python 2.7.6;

i suspect could've been valid bug.

consider ctypes may need create unique callback (an executable c-level function). mmap anonymous (ok) or shared file (not ok) execute bit set.

memory error handling hard, , have escaped developers.


Comments

Post a Comment

Popular posts from this blog

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

Firefox SVG shape not printing when it has stroke -

Image
i having issue svg shapes have stroke , trying them print in firefox. this simplest example: <svg xmlns="http://www.w3.org/2000/svg" version="1.1" xmlns:xlink="http://www.w3.org/1999/xlink"> <rect x="0" y="0" rx="15" ry="15" width="300" height="400" style="stroke:black;stroke-width:5;" fill="black" /> <circle id="firstcircle" cx="50" cy="50" r="30" stroke="black" stroke-width="2" fill="white" style="opacity:0.75;"/> <circle id="secondcircle" cx="50" cy="150" r="30" fill="white" style="opacity:0.75;"/> </svg> when try , print first shape 1 of 2 things: it not show @ all it shows off center in bounding box. the second shape no stroke shows expected, expected. when displaying on scre...
Read more

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more