Message 278567 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Glandos
Recipients	Glandos
Date	2016-10-13.12:12:18
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1476360738.57.0.800770600157.issue28429@psf.upfronthosting.co.za>
In-reply-to

Content
When using a grsecurity kernel with TPE enabled, the following happens with an untrusted user: Python 3.5.2+ (default, Sep 22 2016, 12:18:14) [GCC 6.2.0 20160914] on linux Type "help", "copyright", "credits" or "license" for more information. >>> from ctypes import CDLL Traceback (most recent call last): File "<stdin>", line 1, in <module> File "/usr/lib/python3.5/ctypes/__init__.py", line 537, in <module> _reset_cache() File "/usr/lib/python3.5/ctypes/__init__.py", line 276, in _reset_cache CFUNCTYPE(c_int)(lambda: None) MemoryError And grsecurity complains: oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /tmp/#38928416 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000 oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /var/tmp/#15073678 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000 oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422450 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000 oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422452 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000 oct. 13 13:52:29 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4425509 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000 However, even if the solution should be to put the user in the trusted group, it seems that the involved call is just a workaround for Win64 platforms. The program I used is using ctypes through the xattr package, which never used CFUNCTYPE. Is it possible to wrap this "fake call" into a try block?

When using a grsecurity kernel with TPE enabled, the following happens with an untrusted user:

Python 3.5.2+ (default, Sep 22 2016, 12:18:14) 
[GCC 6.2.0 20160914] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>> from ctypes import CDLL
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3.5/ctypes/__init__.py", line 537, in <module>
    _reset_cache()
  File "/usr/lib/python3.5/ctypes/__init__.py", line 276, in _reset_cache
    CFUNCTYPE(c_int)(lambda: None)
MemoryError

And grsecurity complains:

oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /tmp/#38928416 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /var/tmp/#15073678 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422450 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:27 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4422452 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000
oct. 13 13:52:29 belette64 kernel: grsec: From XX.XX.XX.XX: denied untrusted exec (due to not being in trusted group and file in world-writable directory) of /dev/shm/#4425509 by /usr/bin/python3.5[python3:19125] uid/euid:1000/1000 gid/egid:1000/1000, parent /usr/bin/fish[fish:17716] uid/euid:1000/1000 gid/egid:1000/1000

However, even if the solution should be to put the user in the trusted group, it seems that the involved call is just a workaround for Win64 platforms.
The program I used is using ctypes through the xattr package, which never used CFUNCTYPE. Is it possible to wrap this "fake call" into a try block?

History
Date	User	Action	Args
2016-10-13 12:12:18	Glandos	set	recipients: + Glandos
2016-10-13 12:12:18	Glandos	set	messageid: <1476360738.57.0.800770600157.issue28429@psf.upfronthosting.co.za>
2016-10-13 12:12:18	Glandos	link	issue28429 messages
2016-10-13 12:12:18	Glandos	create