Python ctypes segmentation fault when rootfs is read-only and tmp is noexec

Question

I'm trying to use Python for an embedded app on an Arm processor running Linux (CPython 2.7.3 cross-compiled from X86/Linux). It worked really well until I started securing the device to prevent tampering. First I made the rootfs read-only, both to prevent corruption of the rootfs on a sudden loss of power and to prevent modification to our main code by unauthorized users. Still, python and our ctypes libraries continued working as normal. The /tmp directory gets mapped to a tmpfs (ramdrive). Another step of hardening is to set the noexec flag on the tmpfs partition to prevent users from somehow uploading any code that could lead to a local root exploit. With both of those options set, importing ctypes produces an immediate segfault:

root@ATX4:~# python                                 
Python 2.7.3 (default, Jul 16 2013, 17:15:57) 
[GCC 4.3.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import ctypes
Segmentation fault

score 0 · Answer 1 · Aug 28, 2018

I cant really seem to reproduce the bug on my system. I think it might have been a legitimate bug on the developer's side or maybe you could consider that ctypes may need to create a unique callback (an executable C-level function). It would map some anonymous (ok) or shared file (not ok) with execute bit set.

Memory error handling is always hard, and could have easily escaped developers.