Hi Richard,
On 11 November 2016 at 19:21, Richard Moseley <
richard...@gmail.com> wrote:
> Looking at the implementation of cffi, there is code to provide instances of
> the ffi_closure object that does not use the new ffi_closure_alloc and
> ffi_closure_free functions which have been added to support the separation
> of memory allocation and execution of code which means they may be
> different, and may answer why it is not possible to mmap an area with
> PROT_EXEC in some situations.
The reason cffi doesn't use the ffi_prep_closure_loc function is that
it is completely broken in the presence of fork(). A program using
fork() and ffi_prep_closure_loc() can crash completely. See
https://bitbucket.org/cffi/cffi/issues/231/writeable-memory-execution-execmem-with
and the pages it links to for more details.
If the situation in libffi has changed and the bug was fixed, it'd
love to hear about it. Otherwise, cffi will continue to provide the
current situation: SELinux users must configure a parameter in order
to use cffi's old-style callbacks or call C function *pointers* from
Python. This parameter, deny_execmem=off, lowers the security level
but is (as far as I can tell) less bad than the fork() crash opening
the door to more serious security issues.
A bientôt,
Armin.