[gentoo-commits] proj/elfix:master commit in: src/, scripts/

["Anthony G. Basile" <blueness@gentoo.org>]

commit:     1f7b02be034ce0545249b11eea9db27643e0ad60
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 20:52:10 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 20:52:10 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=1f7b02be

scripts/{paxmodule.c,setup.py}: propagated enable/disable pt/xtpax

---
 scripts/paxmodule.c |   60 +++++++++++++++++++++++++++++++++++---------------
 scripts/setup.py    |   26 ++++++++++++++++------
 src/paxctl-ng.c     |    2 +-
 3 files changed, 62 insertions(+), 26 deletions(-)

diff --git a/scripts/paxmodule.c b/scripts/paxmodule.c
index 9cd1ec3..56cef3a 100644
--- a/scripts/paxmodule.c
+++ b/scripts/paxmodule.c
@@ -19,20 +19,29 @@
 #include <Python.h>
 
 #include <string.h>
-
-#include <gelf.h>
-
-#ifdef XTPAX
-#include <attr/xattr.h>
-#endif
-
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
 
+#ifdef PTPAX
+ #include <gelf.h>
+#else
+ #define PF_PAGEEXEC     (1 << 4)        /* Enable  PAGEEXEC */
+ #define PF_NOPAGEEXEC   (1 << 5)        /* Disable PAGEEXEC */
+ #define PF_SEGMEXEC     (1 << 6)        /* Enable  SEGMEXEC */
+ #define PF_NOSEGMEXEC   (1 << 7)        /* Disable SEGMEXEC */
+ #define PF_MPROTECT     (1 << 8)        /* Enable  MPROTECT */
+ #define PF_NOMPROTECT   (1 << 9)        /* Disable MPROTECT */
+ #define PF_EMUTRAMP     (1 << 12)       /* Enable  EMUTRAMP */
+ #define PF_NOEMUTRAMP   (1 << 13)       /* Disable EMUTRAMP */
+ #define PF_RANDMMAP     (1 << 14)       /* Enable  RANDMMAP */
+ #define PF_NORANDMMAP   (1 << 15)       /* Disable RANDMMAP */
+#endif
+
 #ifdef XTPAX
-#define PAX_NAMESPACE	"user.pax.flags"
+ #include <attr/xattr.h>
+ #define PAX_NAMESPACE	"user.pax.flags"
 #endif
 
 #define FLAGS_SIZE	6
@@ -95,6 +104,7 @@ initpax(void)
 }
 
 
+#ifdef PTPAX
 uint16_t
 get_pt_flags(int fd)
 {
@@ -141,6 +151,7 @@ get_pt_flags(int fd)
 
 	return pt_flags;
 }
+#endif
 
 
 uint16_t
@@ -236,23 +247,30 @@ pax_getflags(PyObject *self, PyObject *args)
 		return NULL;
 	}
 
-#ifdef XTPAX
-	flags = get_xt_flags(fd);
+	/* Since the xattr pax flags are obtained second, they
+	 * will override the PT_PAX flags values.  The pax kernel
+	 * expects them to be the same if both PAX_XATTR_PAX_FLAGS
+	 * and PAX_PT_PAX_FLAGS else it returns -EINVAL.
+	 * (See pax_parse_pax_flags() in fs/binfmt_elf.c.)
+	 * Unless migrating, we will document to use one or the
+	 * other but not both.
+	 */
+
+#ifdef PTPAX
+	flags = get_pt_flags(fd);
 	if( flags != UINT16_MAX )
 	{
 		memset(buf, 0, FLAGS_SIZE);
 		bin2string(flags, buf);
 	}
-	else
-	{
 #endif
-		flags = get_pt_flags(fd);
-		if( flags != UINT16_MAX )
-		{
-			memset(buf, 0, FLAGS_SIZE);
-			bin2string(flags, buf);
-		}
+
 #ifdef XTPAX
+	flags = get_xt_flags(fd);
+	if( flags != UINT16_MAX )
+	{
+		memset(buf, 0, FLAGS_SIZE);
+		bin2string(flags, buf);
 	}
 #endif
 
@@ -262,6 +280,7 @@ pax_getflags(PyObject *self, PyObject *args)
 }
 
 
+#ifdef PTPAX
 void
 set_pt_flags(int fd, uint16_t pt_flags)
 {
@@ -314,6 +333,7 @@ set_pt_flags(int fd, uint16_t pt_flags)
 
 	elf_end(elf);
 }
+#endif
 
 
 #ifdef XTPAX
@@ -350,7 +370,9 @@ pax_setbinflags(PyObject *self, PyObject *args)
 
 	flags = (uint16_t) iflags;
 
+#ifdef PTPAX
 	set_pt_flags(fd, flags);
+#endif
 
 #ifdef XTPAX
 	set_xt_flags(fd, flags);
@@ -382,7 +404,9 @@ pax_setstrflags(PyObject *self, PyObject *args)
 
 	flags = string2bin(sflags);
 
+#ifdef PTPAX
 	set_pt_flags(fd, flags);
+#endif
 
 #ifdef XTPAX
 	set_xt_flags(fd, flags);

diff --git a/scripts/setup.py b/scripts/setup.py
index 8c78279..528cfa0 100755
--- a/scripts/setup.py
+++ b/scripts/setup.py
@@ -3,21 +3,33 @@
 import os
 from distutils.core import setup, Extension
 
-xattr = os.getenv('XTPAX')
+ptpax = os.getenv('PTPAX')
+xtpax = os.getenv('XTPAX')
 
-if xattr != None:
+if ptpax != None and xtpax == None:
 	module1 = Extension(
 		name='pax',
 		sources = ['paxmodule.c'],
-		libraries = ['elf', 'attr'],
-		define_macros = [('XTPAX', None)]
+		libraries = ['elf'],
+		undef_macros = ['XTPAX'],
+		define_macros = [('PTPAX', 1)]
 	)
-else:
+
+elif ptpax == None and xtpax != None:
 	module1 = Extension(
 		name='pax',
 		sources = ['paxmodule.c'],
-		libraries = ['elf'],
-		undef_macros = ['XTPAX']
+		libraries = ['attr'],
+		undef_macros = ['PTPAX'],
+		define_macros = [('PTPAX', 1)]
+	)
+
+if ptpax != None and xtpax != None:
+	module1 = Extension(
+		name='pax',
+		sources = ['paxmodule.c'],
+		libraries = ['elf', 'attr'],
+		define_macros = [('PTPAX', 1), ('XTPAX', 1)]
 	)
 
 setup(

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index e0e6035..817192d 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -79,7 +79,7 @@ print_help_exit(char *v)
 		"             : -M enable MPROTECT\t-m disable  MPROTECT\n"
 		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
 		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
-		"             : -Z most secure settings\t-z all default settings\n"
+		"             : -Z all secure settings\t-z all default settings\n"
 #ifdef XTPAX
 		"             : -C create XT_PAX with most secure setting\n"
 		"             : -c create XT_PAX all default settings\n"