grsecurity forums


https://forums.grsecurity.net./

libffi creating /tmp files (+rwx)

https://forums.grsecurity.net./viewtopic.php?f=3&t=2919

Page 1 of 1

libffi creating /tmp files (+rwx)

PostPosted: Tue Dec 27, 2011 9:06 am
by sumacsucks
Hello,

I'm trying to get mod_wsgi, Python and apache to work together for a system with a django application. Apparently libffi is causing these:

Code: Select all
...U:/usr/sbin/apache2) denied untrusted exec of /var/tmp/ffiCERLME by /usr/sbin/apache2[apache2:22643] uid/euid:1009/1009 gid/egid:1028/1028, parent /usr/sbin/apache2[apache2:20010] uid/euid:0/0 gid/egid:0/0


The ffi parameter seems to have something to do with libffi from CPython. The wsgi apache process crashes, which might or might not be related to this. What would be the best course of action here? RWX for the /tmp directory is clearly no good.
This is a Gentoo Hardened system.

Re: libffi creating /tmp files (+rwx)

PostPosted: Tue Dec 27, 2011 9:13 am
by sumacsucks
I just confirmed:

Code: Select all
/* Open a temporary file in the named directory.  */
static int
open_temp_exec_file_dir (const char *dir)
{
  static const char suffix[] = "/ffiXXXXXX";
  int lendir = strlen (dir);
  char *tempname = __builtin_alloca (lendir + sizeof (suffix));

  if (!tempname)
    return -1;

  memcpy (tempname, dir, lendir);
  memcpy (tempname + lendir, suffix, sizeof (suffix));

  return open_temp_exec_file_name (tempname);


That comes from libffi, and the library contains checks for SELinux. It tries to mmap files... hence the RWX.
This is Red Hat's hand at play, as usual.
All times are UTC - 5 hours [ DST ]
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/