[issue7332] python script segment fault at PyMarshal_ReadLastObjectFromFile in import_submodule

2010-04-21 Thread Kees Cook 

Kees Cook  added the comment:

The stack protector will add 8 (aligned, so possibly padded) bytes to each 
stack frame of functions with arrays of 8 or greater bytes.  So if things are 
marginal, this could make the difference between Pythons compiled with/without 
-fstack-protector.

N.B. if rPath is compiled with -D_FORTIFY_SOURCE=2 and -O1, then 
-D_FORTIFY_SOURCE=2 has no effect (it is only activated at -O2 or higher).

Details on Ubuntu's compiler flag defaults:
https://wiki.ubuntu.com/CompilerFlags

Putting MAXPATH on the stack certainly seems like a big waste of space, though. 
 :)

--
nosy: +keescook

___
Python tracker 
<http://bugs.python.org/issue7332>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue7332] python script segment fault at PyMarshal_ReadLastObjectFromFile in import_submodule

2010-04-21 Thread Kees Cook 

Kees Cook  added the comment:

So, digging a little further, I think this is a now-fixed kernel bug with stack 
growth.  There were known issues prior to Sep 2009 with 64bit stack growth with 
ASLR, which is enabled by default.  Upstream fix:

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80938332d8cf652f6b16e0788cf0ca136befe0b5

This was fixed in stable releases of the Ubuntu kernels on Mar 16, 2010 (though 
the fix was included in Ubuntu 9.10 when it was released Oct 29, 2009).

The Launchpad bugs 432546 and 393022 were both filed prior to these kernel 
fixes, and show an un-maximized stack segment that has bumped up against the 
next-lower segment, which is how this kernel bug was manifesting.  (See their 
attached ProcMaps.txt files.)

I don't believe this is a Python bug, and I think the issue is solved for any 
distro that contains the above kernel fix.

--

___
Python tracker 
<http://bugs.python.org/issue7332>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com