[RFC] dbus-python API (re)definition

Daniel P. Berrange dan at berrange.com
Thu Aug 31 11:12:31 PDT 2006


On Thu, Aug 31, 2006 at 02:10:54PM -0300, Johan Dahlin wrote:
> A couple of weeks ago I started a new set of python bindings for dbus
> using ctypes, they can be found here:
> 
>   http://svn.async.com.br/cgi-bin/viewcvs.cgi/pydbus/
> 
> For checking out the tree using subversion, issue this command:
> 
>   svn co svn://svn.async.com.br/pydbus
> 
> They should be considered as a prototype at this point, even so  I think
> they serve well as a starting point for future work.

Unfortunately there is one major problem with ctypes - it requires the
application in question to have executable stack. Traditionally i386 Linux
does allow this, but many platforms/OS do not. Even on Linux this is changing 
because current SELinux security policy explicitly forbids executable
stack. For more info checkout the 'execstack' entry:

  http://people.redhat.com/drepper/selinux-mem.html

eg, As a simple demo running on Fedora Core 6 with SELinux:

  $ cat demo.py 
  #!/usr/bin/python

  from ctypes import *

  dbus = cdll.LoadLibrary("libdbus-1.so.3")

  $ python demo.py 
  Traceback (most recent call last):
    File "demo.py", line 3, in ?
      from ctypes import *
    File "/usr/lib64/python2.4/site-packages/ctypes/__init__.py", line 16, in ?
      from _ctypes import Union, Structure, Array
  ImportError: /usr/lib64/python2.4/site-packages/_ctypes.so: cannot enable executable stack as shared object requires: Permission denied

So unless Python ctypes can be fixed to not require execstack, using it
for DBus does not seem like a sensible / viable option. Particularly since
we go to such length to ensure DBus takes security as seriously as possible.

Regards,
Dan.
-- 
|=-            GPG key: http://www.berrange.com/~dan/gpgkey.txt       -=|
|=-       Perl modules: http://search.cpan.org/~danberr/              -=|
|=-           Projects: http://freshmeat.net/~danielpb/               -=|
|=-   berrange at redhat.com  -  Daniel Berrange  -  dan at berrange.com    -=|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.freedesktop.org/archives/dbus/attachments/20060831/de423685/attachment.pgp


More information about the dbus mailing list