from:"Pavel Labushev"

[issue13703] Hash collision security issue

2012-01-06 Thread Pavel Labushev


Changes by Pavel Labushev :


--
nosy: +Arach

___
Python tracker 
<http://bugs.python.org/issue13703>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue11048] "import ctypes" causes segfault on read-only filesystem

2011-01-28 Thread Pavel Labushev


New submission from Pavel Labushev :

"import ctypes" causes segfault on read-only filesystem

This regression was introduced in python-2.6.6 and exists in all the later 
versions.

To reproduce run python -c "import ctypes" on read-only filesystem:


(gdb) file python3.2
Reading symbols from /usr/bin/python3.2...done.
(gdb) run -c "import ctypes"
Starting program: /usr/bin/python3.2 -c "import ctypes"
[Thread debugging using libthread_db enabled]

Program received signal SIGSEGV, Segmentation fault.
0xb7af605c in CThunkObject_dealloc (_self=0xb7b35344)
at 
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/callbacks.c:18
18  
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/callbacks.c:
 No such file or directory.
in 
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/callbacks.c
(gdb) bt
#0  0xb7af605c in CThunkObject_dealloc (_self=0xb7b35344)
at 
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/callbacks.c:18
#1  0xb7af63b4 in _ctypes_alloc_callback (callable=0xb7b10bec, 
converters=0xb7c4e02c, restype=0xb810c544, flags=257)
at 
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/callbacks.c:439
#2  0xb7af1f57 in PyCFuncPtr_new (type=0xb810b0bc, args=0xb7b3618c, kwds=0x0)
at 
/var/tmp/portage/dev-lang/python-3.2_pre20110123/work/python-3.2_pre20110123/Modules/_ctypes/_ctypes.c:3339
#3  0xb7ea2355 in type_call (type=0xb810b0bc, args=0xb7b3618c, kwds=0x0) at 
Objects/typeobject.c:676
#4  0xb7e4f34e in PyObject_Call (func=0xb810b0bc, arg=0xb7b3618c, kw=0x0) at 
Objects/abstract.c:2149
#5  0xb7eedee3 in do_call (f=0xb80fdb44, throwflag=0) at Python/ceval.c:4095
#6  call_function (f=0xb80fdb44, throwflag=0) at Python/ceval.c:3898
#7  PyEval_EvalFrameEx (f=0xb80fdb44, throwflag=0) at Python/ceval.c:2673
#8  0xb7ef0639 in PyEval_EvalCodeEx (_co=0xb7b159d0, globals=0xb7bf40b4, 
locals=0xb7bf40b4, args=0x0, argcount=0, kws=0x0, kwcount=0, defs=0x0, 
defcount=0,
kwdefs=0x0, closure=0x0) at Python/ceval.c:3311
#9  0xb7ef08b6 in PyEval_EvalCode (co=0xb7b159d0, globals=0xb7bf40b4, 
locals=0xb7bf40b4) at Python/ceval.c:761
#10 0xb7f0121c in PyImport_ExecCodeModuleWithPathnames (name=0xbfffd9fb 
"ctypes", co=0xb7b159d0,
pathname=0xbfffa89b 
"/usr/lib/python3.2/ctypes/__pycache__/__init__.cpython-32.pyc",
cpathname=0xbfffa89b 
"/usr/lib/python3.2/ctypes/__pycache__/__init__.cpython-32.pyc") at 
Python/import.c:809
#11 0xb7f03ce8 in load_source_module (name=, 
pathname=, fp=0xb8020b28) at Python/import.c:1339
#12 0xb7f044f8 in load_package (name=, pathname=) at Python/import.c:1435
#13 0xb7f04da7 in import_submodule (mod=, subname=, fullname=0xbfffd9fb "ctypes") at Python/import.c:2894
#14 0xb7f050b4 in load_next (mod=, altmod=, p_name=0xbfffd9ec, buf=0xbfffd9fb "ctypes", p_buflen=0xbfffd9f4)
at Python/import.c:2706
#15 0xb7f05774 in import_module_level (name=0x0, globals=, 
locals=0xb7c2035c, fromlist=0xb7f98ca0, level=0) at Python/import.c:2422
#16 0xb7f05d14 in PyImport_ImportModuleLevel (name=0xb7c0f8e8 "ctypes", 
globals=0xb7c2035c, locals=0xb7c2035c, fromlist=0xb7f98ca0, level=0)
at Python/import.c:2474
#17 0xb7ee73c1 in builtin___import__ (self=0xb7c6726c, args=0xb7c7b9bc, 
kwds=0x0) at Python/bltinmodule.c:168
#18 0xb7e907fe in PyCFunction_Call (func=0xb7c6730c, arg=0xb7c7b9bc, 
kw=0xb7b35344) at Objects/methodobject.c:84
#19 0xb7e4f34e in PyObject_Call (func=0xb7c6730c, arg=0xb7c7b9bc, kw=0x0) at 
Objects/abstract.c:2149
#20 0xb7ee802f in PyEval_CallObjectWithKeywords (func=0xb7c6730c, 
arg=0xb7c7b9bc, kw=0x0) at Python/ceval.c:3755
#21 0xb7eec962 in PyEval_EvalFrameEx (f=0xb8072564, throwflag=0) at 
Python/ceval.c:2332
#22 0xb7ef0639 in PyEval_EvalCodeEx (_co=0xb7bdb7f0, globals=0xb7c2035c, 
locals=0xb7c2035c, args=0x0, argcount=0, kws=0x0, kwcount=0, defs=0x0, 
defcount=0,
kwdefs=0x0, closure=0x0) at Python/ceval.c:3311
#23 0xb7ef08b6 in PyEval_EvalCode (co=0xb7bdb7f0, globals=0xb7c2035c, 
locals=0xb7c2035c) at Python/ceval.c:761
#24 0xb7f0eabc in run_mod (mod=, filename=, globals=0xb7c2035c, locals=0xb7c2035c, flags=0xbfffefa8,
arena=0xb8071030) at Python/pythonrun.c:1760
#25 0xb7f0edf9 in PyRun_StringFlags (str=0xb7bf5330 "import ctypes\n", 
start=257, globals=0xb7c2035c, locals=0xb7c2035c, flags=0xbfffefa8)
at Python/pythonrun.c:1694
#26 0xb7f11006 in PyRun_SimpleStringFlags (command=0xb7bf5330 "import 
ctypes\n", flags=0xbfffefa8) at Python/pythonrun.c:1267
#27 0xb7f2477c in run_command (argc=3, argv=0xb8001018) at Modules/main.c:258
#28 Py_Main (argc=3, argv=0xb8001018) at Modules/main.c:647
#29 0xb7fffc4f in main (argc=3, argv=0xb0d4) at ./Modules/python.c:82
(gdb) quit

--
assignee: theller
componen

[issue11048] "import ctypes" causes segfault on read-only filesystem

2011-01-29 Thread Pavel Labushev


Pavel Labushev  added the comment:

How to reproduce:

# mkdir /mnt/readonly
# mount --bind / /mnt/readonly
# mount -o remount,ro /mnt/readonly
# mount -t proc proc /mnt/readonly/proc
# chroot /mnt/readonly python3.2 -c "import ctypes"
Segmentation fault

If your python build expected to have this bug, you'll see something like this 
(the -1 EROFS lines):

# chroot /mnt/readonly strace -f -e trace=open python3.2 -c "import ctypes" 
2>&1 | grep ffi
open("/usr/lib/libffi.so.5", O_RDONLY)  = 5
open("/tmp/.private/root/ffiicoh8G", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 ENOENT 
(No such file or directory)
open("/tmp/ffiFjqUa9", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EROFS (Read-only file 
system)
open("/var/tmp/ffidTdydB", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EROFS (Read-only 
file system)
open("/dev/shm/ffiemIcg3", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EROFS (Read-only 
file system)
open("/root/ffiXfWRiv", O_RDWR|O_CREAT|O_EXCL, 0600) = -1 EROFS (Read-only file 
system)

--

___
Python tracker 
<http://bugs.python.org/issue11048>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue9385] python-2.6.5 and 3.2.1 uses 'rwx' mmap() calls for the ctypes module

2010-07-26 Thread Pavel Labushev


Pavel Labushev  added the comment:

Note that the removing of PROT_EXEC flag doesn't break any ctypes test.

--
nosy: +Arach

___
Python tracker 
<http://bugs.python.org/issue9385>
___
___
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

[issue13703] Hash collision security issue

[issue11048] "import ctypes" causes segfault on read-only filesystem

[issue11048] "import ctypes" causes segfault on read-only filesystem

[issue9385] python-2.6.5 and 3.2.1 uses 'rwx' mmap() calls for the ctypes module

4 matches

Site Navigation

Mail list logo

Footer information