Path to trusting libffi unconditionally on OSX
55 views
Skip to first unread message
Theodore Ni
Aug 17, 2022, 10:03:41 PM8/17/22
to python-cffi
Hi all,
Today, trust on libffi is gated by:
defined(__APPLE__) && defined(FFI_AVAILABLE_APPLE)
I am interested in knowing if there is a path to:
defined(__APPLE__) && defined(/* test on upstream libffi */)
My motivation is that the nixpkgs package manager bundles upstream libffi and not Apple's fork (which defines the FFI_AVAILABLE_APPLE symbol), and my uninformed scanning of the code base plus historical issues makes me think there is a path to this.
From this comment, I gather that the issue is with calling mmap with MAP_SHARED. I see in both libffi code bases here and here that MAP_SHARED is not used as long as FFI_EXEC_TRAMPOLINE_TABLE is defined. The code to support this on Darwin aarch64 was committed and released in libffi version 3.3 in 2019.
In contrast, I am not as convinced that x86-64 darwin is unaffected by this issue, since FFI_EXEC_TRAMPOLINE_TABLE is not defined for that platform (although maybe it is not an issue in practice for other reasons?).
There still seems to be a gap in libffi for which code signed apps on M1 chips run into security protections, but at least the MAP_SHARED vulnerability isn't present. So is it a blocker? If it is, is it the only known issue remaining?
I'm interested in your opinions on this topic. Thank you for your time.
Teddy
Theodore Ni
Sep 16, 2022, 3:11:55 PM9/16/22
to python-cffi
Hi all,
Ping on this in case it slipped through. I'm still interested in some more authoritative opinions on this subject. I would be willing to spend time on this if it ends up improving libffi and simplifying cffi in the process.
Thank you!
Teddy
Armin Rigo
Sep 19, 2022, 1:53:04 AM9/19/22
to pytho...@googlegroups.com
Hi Theodore,
On Fri, 16 Sept 2022 at 21:11, Theodore Ni <zyl...@gmail.com> wrote:
> Ping on this in case it slipped through. I'm still interested in some more authoritative opinions on this subject. I would be willing to spend time on this if it ends up improving libffi and simplifying cffi in the process.
Sorry, I have no first-hand experience on Macs. In the past I have
put a break on changes because of an old security vulnerability with
MAP_SHARED after fork which nobody could confirm was fixed. You are
welcome to propose any changes for cffi on Macs, as long as you can
honestly claim that you understand this issue and your change is
indeed not reopening it.
A bientôt,
Armin Rigo
On Fri, 16 Sept 2022 at 21:11, Theodore Ni <zyl...@gmail.com> wrote:
> Ping on this in case it slipped through. I'm still interested in some more authoritative opinions on this subject. I would be willing to spend time on this if it ends up improving libffi and simplifying cffi in the process.
put a break on changes because of an old security vulnerability with
MAP_SHARED after fork which nobody could confirm was fixed. You are
welcome to propose any changes for cffi on Macs, as long as you can
honestly claim that you understand this issue and your change is
indeed not reopening it.
A bientôt,
Armin Rigo
Reply all
Reply to author
Forward
0 new messages