Python ctypes segmentation fault when rootfs is read-only and /tmp is noexec

0 votes

I'm trying to use Python for an embedded app on an Arm processor running Linux (CPython 2.7.3 cross-compiled from X86/Linux). It worked really well until I started securing the device to prevent tampering. First I made the rootfs read-only, both to prevent corruption of the rootfs on a sudden loss of power and to prevent modification to our main code by unauthorized users. Still, python and our ctypes libraries continued working as normal. The /tmp directory gets mapped to a tmpfs (ramdrive). Another step of hardening is to set the noexec flag on the tmpfs partition to prevent users from somehow uploading any code that could lead to a local root exploit. With both of those options set, importing ctypes produces an immediate segfault:

root@ATX4:~# python                                 
Python 2.7.3 (default, Jul 16 2013, 17:15:57) 
[GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ctypes
Segmentation fault
Aug 27, 2018 in Python by ariaholic
• 7,320 points
38 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes
I cant really seem to reproduce the bug on my system. I think it might have been a legitimate bug on the developer's side or maybe you could consider that ctypes may need to create a unique callback (an executable C-level function). It would map some anonymous (ok) or shared file (not ok) with execute bit set.

Memory error handling is always hard, and could have easily escaped developers.
answered Aug 27, 2018 by anonymous

Related Questions In Python

0 votes
2 answers

What do you mean by python scripting? What is a script and a module in python?

A scripting language is a programming language ...READ MORE

answered Mar 14 in Python by rajesh kumar
1,507 views
0 votes
1 answer

What is the difference between Python and IPython?

There are few differences between Python and ...READ MORE

answered Jul 26, 2018 in Python by Priyaj
• 56,100 points
111 views
0 votes
1 answer

Python exit commands - why so many and when should each be used?

Let me give some information on them: quit ...READ MORE

answered Aug 27, 2018 in Python by Priyaj
• 56,100 points
175 views
0 votes
1 answer

When I create and remove files rapidly on windows using python I get WindowsError (Error 5)

Here's the short answer: disable any antivirus or ...READ MORE

answered Aug 31, 2018 in Python by charlie_brown
• 7,710 points
69 views
0 votes
1 answer
0 votes
1 answer

How is Python 2.7.3 and Python 3.3 different?

raw_input() is not used in Python 3. Use input()  ...READ MORE

answered Sep 12, 2018 in Python by SDeb
• 9,380 points
21 views
0 votes
0 answers

How to mix read() and write() on Python files in Windows

It appears that a write() immediately following a read() on a ...READ MORE

Oct 23, 2018 in Python by Aryya
• 500 points
23 views
0 votes
1 answer

What is logits, softmax and softmax_cross_entropy_with_logits in Python?

Suppose you have two tensors, where y_hat contains computed ...READ MORE

answered Nov 12, 2018 in Python by Nymeria
• 3,500 points
261 views
+1 vote
1 answer

What is the difference between range and xrange functions in Python 2.X?

xrange only stores the range params and ...READ MORE

answered Aug 22, 2018 in Python by Priyaj
• 56,100 points
61 views
0 votes
1 answer

Is there a foreach function in python and is there a way to implement it if there isnt any

Every occurence of "foreach" I've seen (PHP, ...READ MORE

answered Aug 31, 2018 in Python by charlie_brown
• 7,710 points
41 views

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.