Control: affects 977894 python3-xdo On Wed 2020-12-23 15:50:43 -0400, Joey Hess wrote: > Ok, this is super weird, and I'm afraid also likely a security hole.
ugh, thanks for digging around on this with us, Joey.
it looks to me like the liblibc.a business is happening due to gobject
introspection, since it doesn't happen when impass isn't in gui mode.
> openat(AT_FDCWD, "liblibc.a", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file
> or directory)
> write(2, "The xdo module is not found, so "..., 100The xdo module is not
> found, so the 'xdo' paste method is not available.
> Please install python3-xdo.) = 100
> write(2, "\n", 1
> ) = 1
> rt_sigaction(SIGINT, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=SA_RESTORER,
> sa_restorer=0x7f56ccd6a140}, {sa_handler=0x63fb20, sa_mask=[],
> sa_flags=SA_RESTORER, sa_restorer=0x7f56ccd6a140}, 8) = 0
> munmap(0x7f56cc405000, 135168) = 0
> exit_group(1) = ?
> +++ exited with 1 +++
>
> What is this "liblibc.a" from CWD?! I have no clue at all, but if it
> does anything with it after opening it, then there would be security
> consequences.
>
> The strace -f also shows it execing ldconfig and gcc. I've attached the whole
> thing.
I'm seeing comparable weird behavior, including the invocations of
ldconfig and gcc, even if i don't see your particular failure. yikes.
But, a simple file like this produces the same behavior (with ldconfig
and gcc):
~~~
#!/usr/bin/python3
import xdo
~~~
Perhaps this is related to how python's ctypes module works?
(python3-xdo depends on ctypes)
I still don't understand why we're seeing that xdo isn't found, though.
Perhaps you could try applying the diff below to __main__.py in impass,
removing liblibc.a, and trying impass gui again?
diff --git a/impass/__main__.py b/impass/__main__.py
index 236e4c5..29957d6 100755
--- a/impass/__main__.py
+++ b/impass/__main__.py
@@ -332,7 +332,7 @@ def gui(args, method=os.getenv('IMPASS_XPASTE', 'xdo')):
if method == 'xdo':
try:
import xdo
- except:
+ except ModuleNotFoundError:
error(1, """The xdo module is not found, so the 'xdo' paste method
is not available.
Please install python3-xdo.""")
# initialize xdo
This is testing the hypothesis that there's some other error that
happens when importing the xdo module, and we're imagining that it means
the module isn't found.
we should probably have a more conservative exception handler here anyway.
> I am cautious about sending a strace with that file created, because the GUI
> did open and sanitizing my password info would take time,
yes, please be cautious about sending straces with impass!
Regards,
--dkg
signature.asc
Description: PGP signature
