Message 248951 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	eryksun
Recipients	Albert.Zeyer, ajaksu2, eryksun, georg.brandl, ghazel, loewis, ssb22
Date	2015-08-21.13:55:06
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1440165308.26.0.984942782257.issue1384175@psf.upfronthosting.co.za>
In-reply-to

Content
Albert, this issue was opened for Python 2.4 and was closed over 6 years ago. Open a new issue if you believe there's a bug or room for improvement in a currently supported Python version. FYI, on Windows _PyOS_URandom first initializes the Crypto API by calling [CryptAcquireContext][1]. As shown in the debug session below, this function requires the SystemRoot environment variable to be correctly defined. C:\>cdb -g "C:\Program Files\Python27\python.exe" Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. ... >>> import os >>> from ctypes import * ... >>> PROV_RSA_FULL = 1 >>> CRYPT_VERIFYCONTEXT = 0xf0000000 >>> CryptAcquireContextA = WinDLL('advapi32').CryptAcquireContextA >>> hcrypt = c_void_p() >>> del os.environ['SystemRoot'] >>> CryptAcquireContextA(byref(hcrypt), None, None, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) ModLoad: 000007fe`fc480000 000007fe`fc498000 C:\Windows\system32\CRYPTSP.dll CryptAcquireContext: CheckSignatureInFile failed at cryptapi.c line 5198 CryptAcquireContext: Failed to read registry signature value at cryptapi.c line 873 0 >>> os.environ['SystemRoot'] = 'C:\\Windows' >>> CryptAcquireContextA(byref(hcrypt), None, None, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT) ModLoad: 000007fe`fc180000 000007fe`fc1c7000 C:\Windows\system32\rsaenh.dll ModLoad: 000007fe`fcae0000 000007fe`fcaef000 C:\Windows\system32\CRYPTBASE.dll 1 >>> hcrypt c_void_p(4407952L) It has always struck me as odd that this API uses the environment variable instead of the object manager's secured \SystemRoot object symbolic link. C'est la vie. Anyway, I don't think Python's os and subprocess modules should prevent you from shooting yourself in the foot here. When creating an environment block for a child process, excluding SystemRoot is generally a bad idea, but the language shouldn't get in the way. I think it's prudent to include at least all of the system-defined variables. Here's a function that calls [CreateEnvironmentBlock][2] and returns the system variables in a dict. It excludes user variables and doesn't inherit from the current process. import ctypes userenv = ctypes.WinDLL('userenv', use_last_error=True) def errcheck_bool(result, func, args): if not result: raise ctypes.WinError(ctypes.get_last_error()) return args userenv.CreateEnvironmentBlock.argtypes = (ctypes.POINTER(ctypes.c_void_p), ctypes.c_void_p, ctypes.c_int) userenv.DestroyEnvironmentBlock.argtypes = (ctypes.c_void_p,) def get_system_environ(): WCHAR_SIZE = ctypes.sizeof(ctypes.c_wchar) environ = {} cenv = ctypes.c_void_p() userenv.CreateEnvironmentBlock(ctypes.byref(cenv), None, 0) addr = cenv.value try: while True: s = ctypes.c_wchar_p(addr).value if not s: break i = s.find('=', 1) if i != -1: environ[s[:i]] = s[i+1:] addr += (len(s) + 1) * WCHAR_SIZE finally: userenv.DestroyEnvironmentBlock(cenv) return environ [1]: https://msdn.microsoft.com/en-us/library/aa379886 [2]: https://msdn.microsoft.com/en-us/library/bb762270

Albert, this issue was opened for Python 2.4 and was closed over 6 years ago. Open a new issue if you believe there's a bug or room for improvement in a currently supported Python version. 

FYI, on Windows _PyOS_URandom first initializes the Crypto API by calling [CryptAcquireContext][1]. As shown in the debug session below, this function requires the SystemRoot environment variable to be correctly defined. 

    C:\>cdb -g "C:\Program Files\Python27\python.exe"

    Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
    Copyright (c) Microsoft Corporation. All rights reserved.

    ...

    >>> import os
    >>> from ctypes import *
    ...
    >>> PROV_RSA_FULL = 1
    >>> CRYPT_VERIFYCONTEXT = 0xf0000000
    >>> CryptAcquireContextA = WinDLL('advapi32').CryptAcquireContextA 
    >>> hcrypt = c_void_p()

    >>> del os.environ['SystemRoot']
    >>> CryptAcquireContextA(byref(hcrypt), None, None, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)
    ModLoad: 000007fe`fc480000 000007fe`fc498000   C:\Windows\system32\CRYPTSP.dll
    CryptAcquireContext:  CheckSignatureInFile failed at cryptapi.c line 5198
    CryptAcquireContext:  Failed to read registry signature value at cryptapi.c line 873
    0

    >>> os.environ['SystemRoot'] = 'C:\\Windows'
    >>> CryptAcquireContextA(byref(hcrypt), None, None, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)
    ModLoad: 000007fe`fc180000 000007fe`fc1c7000   C:\Windows\system32\rsaenh.dll
    ModLoad: 000007fe`fcae0000 000007fe`fcaef000   C:\Windows\system32\CRYPTBASE.dll
    1
    >>> hcrypt
    c_void_p(4407952L)

It has always struck me as odd that this API uses the environment variable instead of the object manager's secured \SystemRoot object symbolic link. C'est la vie. 

Anyway, I don't think Python's os and subprocess modules should prevent you from shooting yourself in the foot here. When creating an environment block for a child process, excluding SystemRoot is generally a bad idea, but the language shouldn't get in the way. 

I think it's prudent to include at least all of the system-defined variables. Here's a function that calls [CreateEnvironmentBlock][2] and returns the system variables in a dict. It excludes user variables and doesn't inherit from the current process.

    import ctypes

    userenv = ctypes.WinDLL('userenv', use_last_error=True)

    def errcheck_bool(result, func, args):
        if not result:
            raise ctypes.WinError(ctypes.get_last_error())
        return args

    userenv.CreateEnvironmentBlock.argtypes = (ctypes.POINTER(ctypes.c_void_p),
                                               ctypes.c_void_p,
                                               ctypes.c_int)
    userenv.DestroyEnvironmentBlock.argtypes = (ctypes.c_void_p,)

    def get_system_environ():
        WCHAR_SIZE = ctypes.sizeof(ctypes.c_wchar)
        environ = {}
        cenv = ctypes.c_void_p()
        userenv.CreateEnvironmentBlock(ctypes.byref(cenv), None, 0)
        addr = cenv.value    
        try:
            while True:
                s = ctypes.c_wchar_p(addr).value
                if not s:
                    break
                i = s.find('=', 1)
                if i != -1:
                    environ[s[:i]] = s[i+1:]
                addr += (len(s) + 1) * WCHAR_SIZE
        finally:
            userenv.DestroyEnvironmentBlock(cenv)
        return environ

[1]: https://msdn.microsoft.com/en-us/library/aa379886
[2]: https://msdn.microsoft.com/en-us/library/bb762270

History
Date	User	Action	Args
2015-08-21 13:55:08	eryksun	set	recipients: + eryksun, loewis, georg.brandl, ghazel, ajaksu2, ssb22, Albert.Zeyer
2015-08-21 13:55:08	eryksun	set	messageid: <1440165308.26.0.984942782257.issue1384175@psf.upfronthosting.co.za>
2015-08-21 13:55:08	eryksun	link	issue1384175 messages
2015-08-21 13:55:06	eryksun	create