* [gentoo-commits] proj/elfix:master commit in: src/, /
@ 2014-06-07 11:56 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2014-06-07 11:56 UTC (permalink / raw
To: gentoo-commits
commit: 962b3194f525bbb2152d90168b8cd5d5a95a4276
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jun 7 11:56:18 2014 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jun 7 11:57:10 2014 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=962b3194
src{fix-gnustack.c,paxctl-ng.c}: portable error reporting
---
configure.ac | 2 +-
src/fix-gnustack.c | 22 +++++++++++-----------
src/paxctl-ng.c | 4 ++--
3 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/configure.ac b/configure.ac
index 58a6c16..865cbaf 100644
--- a/configure.ac
+++ b/configure.ac
@@ -44,7 +44,7 @@ AC_PROG_SED
# Checks for header files.
AC_CHECK_HEADERS(
- [errno.h error.h fcntl.h gelf.h libgen.h stdio.h stdlib.h string.h \
+ [errno.h err.h fcntl.h gelf.h libgen.h stdio.h stdlib.h string.h \
sys/mman.h sys/stat.h sys/types.h unistd.h],
[],
[AC_MSG_ERROR(["Missing necessary header"])]
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 0d6ecc1..59e10be 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -19,7 +19,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
#include <libgen.h>
#include <gelf.h>
@@ -58,7 +58,7 @@ parse_cmd_args( int c, char *v[], int *flagv )
int i, oc;
if((c != 2)&&(c != 3))
- error(EXIT_FAILURE, 0, "Usage: %s -f ELF | -h", v[0]);
+ errx(EXIT_FAILURE, "Usage: %s -f ELF | -h", v[0]);
*flagv = 0 ;
while((oc = getopt(c, v,":fh")) != -1)
@@ -72,7 +72,7 @@ parse_cmd_args( int c, char *v[], int *flagv )
break;
case '?':
default:
- error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
+ errx(EXIT_FAILURE, "option -%c is invalid: ignored.", optopt ) ;
}
return v[optind] ;
@@ -93,31 +93,31 @@ main( int argc, char *argv[])
f_name = parse_cmd_args(argc, argv, &flagv);
if(elf_version(EV_CURRENT) == EV_NONE)
- error(EXIT_FAILURE, 0, "Library out of date.");
+ errx(EXIT_FAILURE, "Library out of date.");
if(flagv)
{
if((fd = open(f_name, O_RDWR)) < 0)
- error(EXIT_FAILURE, 0, "open() fail.");
+ errx(EXIT_FAILURE, "open() fail.");
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+ errx(EXIT_FAILURE, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
else
{
if((fd = open(f_name, O_RDONLY)) < 0)
- error(EXIT_FAILURE, 0, "open() fail.");
+ errx(EXIT_FAILURE, "open() fail.");
if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+ errx(EXIT_FAILURE, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
if(elf_kind(elf) != ELF_K_ELF)
- error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+ errx(EXIT_FAILURE, "elf_kind() fail: this is not an elf file.");
elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+ errx(EXIT_FAILURE, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_GNU_STACK)
{
@@ -132,7 +132,7 @@ main( int argc, char *argv[])
printf("W&X FOUND: X flag removed\n");
phdr.p_flags ^= PF_X;
if(!gelf_update_phdr(elf, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ errx(EXIT_FAILURE, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
}
}
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 8071d50..d340a43 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -20,7 +20,7 @@
#include <stdint.h>
#include <stdlib.h>
#include <string.h>
-#include <error.h>
+#include <err.h>
#include <libgen.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -257,7 +257,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
break;
case '?':
default:
- error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
+ errx(EXIT_FAILURE, "option -%c is invalid: ignored.", optopt ) ;
}
}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/elfix:master commit in: src/, /
@ 2012-11-10 23:19 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2012-11-10 23:19 UTC (permalink / raw
To: gentoo-commits
commit: e23e49e00932e374e5667e5eee5b79460c6f8ffb
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 23:18:43 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 23:18:43 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=e23e49e0
src/paxctl-ng.c: proper exit code handling
---
TODO | 1 -
src/paxctl-ng.c | 72 ++++++++++++++++++++++++++++++++++++------------------
2 files changed, 48 insertions(+), 25 deletions(-)
diff --git a/TODO b/TODO
index d3d6c0e..83b1012 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
* src/paxctl-ng.c: add verbose error reporting for xattr (like for set/get phdr)
- * make sure the exit code are correct if you can't set either PT_PAX or xattr
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 00a4b83..875304e 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -392,7 +392,7 @@ bin2string(uint16_t flags, char *buf)
}
-void
+int
print_flags(int fd, int verbose)
{
uint16_t flags;
@@ -421,6 +421,8 @@ print_flags(int fd, int verbose)
printf("\tXT_PAX: %s\n", buf);
}
#endif
+
+ return EXIT_SUCCESS;
}
@@ -518,7 +520,7 @@ update_flags(uint16_t flags, uint16_t pax_flags)
#ifdef PTPAX
-void
+int
set_pt_flags(int fd, uint16_t pt_flags, int verbose)
{
Elf *elf;
@@ -529,14 +531,14 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
{
if(verbose)
printf("\tELF ERROR: Library out of date.\n");
- return;
+ return EXIT_FAILURE;
}
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
{
if(verbose)
printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
- return;
+ return EXIT_FAILURE;
}
if(elf_kind(elf) != ELF_K_ELF)
@@ -544,7 +546,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
elf_end(elf);
if(verbose)
printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
- return;
+ return EXIT_FAILURE;
}
elf_getphdrnum(elf, &phnum);
@@ -556,7 +558,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
elf_end(elf);
if(verbose)
printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
- return;
+ return EXIT_FAILURE;
}
if(phdr.p_type == PT_PAX_FLAGS)
@@ -569,32 +571,39 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
elf_end(elf);
if(verbose)
printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ return EXIT_FAILURE;
}
}
}
elf_end(elf);
+ return EXIT_SUCCESS;
}
#endif
#ifdef XTPAX
-void
+int
set_xt_flags(int fd, uint16_t xt_flags)
{
char buf[FLAGS_SIZE];
memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), 0);
+
+ if( !fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), 0) )
+ return EXIT_SUCCESS;
+ else
+ return EXIT_FAILURE;
}
#endif
-void
+int
set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
{
uint16_t flags;
+ int ret = EXIT_FAILURE;
#ifdef PTPAX
if(rdwr_pt_pax)
@@ -607,7 +616,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
if( flags == UINT16_MAX )
flags = PF_NOEMUTRAMP ;
flags = update_flags( flags, *pax_flags);
- set_pt_flags(fd, flags, verbose);
+ ret = set_pt_flags(fd, flags, verbose);
#ifdef XTPAX
}
#endif
@@ -624,16 +633,18 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
if( flags == UINT16_MAX )
flags = PF_NOEMUTRAMP ;
flags = update_flags( flags, *pax_flags);
- set_xt_flags(fd, flags);
+ ret = set_xt_flags(fd, flags);
#ifdef PTPAX
}
#endif
#endif
+
+ return ret;
}
#ifdef XTPAX
-void
+int
create_xt_flags(int fd, int cp_flags)
{
char buf[FLAGS_SIZE];
@@ -647,34 +658,45 @@ create_xt_flags(int fd, int cp_flags)
memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_CREATE);
+
+ if( !fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_CREATE) )
+ return EXIT_SUCCESS;
+ else
+ return EXIT_FAILURE;
}
-void
+int
delete_xt_flags(int fd)
{
- fremovexattr(fd, PAX_NAMESPACE);
+ if( !fremovexattr(fd, PAX_NAMESPACE) )
+ return EXIT_SUCCESS;
+ else
+ return EXIT_FAILURE;
}
#endif
#if defined(PTPAX) && defined(XTPAX)
-void
+int
copy_xt_flags(int fd, int cp_flags, int verbose)
{
uint16_t flags;
+ int ret = EXIT_FAILURE;
+
if(cp_flags == COPY_PT_TO_XT_FLAGS)
{
flags = get_pt_flags(fd, verbose);
if( flags != UINT16_MAX )
- set_xt_flags(fd, flags);
+ ret = set_xt_flags(fd, flags);
}
else if(cp_flags == COPY_XT_TO_PT_FLAGS)
{
flags = get_xt_flags(fd);
if( flags != UINT16_MAX )
- set_pt_flags(fd, flags, verbose);
+ ret = set_pt_flags(fd, flags, verbose);
}
+
+ return ret;
}
#endif
@@ -687,6 +709,8 @@ main( int argc, char *argv[])
int verbose, cp_flags, limit, begin, end;
int rdwr_pt_pax = 1;
+ int ret = EXIT_SUCCESS;
+
parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &limit, &begin, &end);
for(fi = begin; fi < end; fi++)
@@ -711,21 +735,21 @@ main( int argc, char *argv[])
#ifdef XTPAX
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
- create_xt_flags(fd, cp_flags);
+ ret = create_xt_flags(fd, cp_flags);
if(cp_flags == DELETE_XT_FLAGS)
- delete_xt_flags(fd);
+ ret = delete_xt_flags(fd);
#endif
#if defined(PTPAX) && defined(XTPAX)
if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
- copy_xt_flags(fd, cp_flags, verbose);
+ ret = copy_xt_flags(fd, cp_flags, verbose);
#endif
if(pax_flags != 0)
- set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
+ ret = set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
if(verbose == 1)
- print_flags(fd, verbose);
+ ret = print_flags(fd, verbose);
close(fd);
@@ -733,5 +757,5 @@ main( int argc, char *argv[])
printf("\n");
}
- exit(EXIT_SUCCESS);
+ exit(ret);
}
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/elfix:master commit in: src/, /
@ 2012-11-10 20:02 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2012-11-10 20:02 UTC (permalink / raw
To: gentoo-commits
commit: 2c94229b496315346c90ed0f90c497cb9b75b88e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 19:59:46 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 19:59:46 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=2c94229b
configure.ac, src/paxctl-ng.c: improve checks and propagate defines
configure.ac: always check for gelf.h and libelf since fix-gnustack
needs it.
src/paxctl-ng.c: add the defines for all possibilities of enable or
disable ptpax and xtpax
---
configure.ac | 22 ++++++++----------
src/paxctl-ng.c | 66 +++++++++++++++++++++++++++++++++++++++++++-----------
2 files changed, 62 insertions(+), 26 deletions(-)
diff --git a/configure.ac b/configure.ac
index bfbe367..3e22d45 100644
--- a/configure.ac
+++ b/configure.ac
@@ -25,7 +25,7 @@ AC_PROG_SED
# Checks for header files.
AC_CHECK_HEADERS(
- [errno.h error.h fcntl.h libgen.h stdio.h stdlib.h string.h \
+ [errno.h error.h fcntl.h gelf.h libgen.h stdio.h stdlib.h string.h \
sys/mman.h sys/stat.h sys/types.h unistd.h],
[],
[AC_MSG_ERROR(["Missing necessary header"])]
@@ -43,6 +43,15 @@ AC_FUNC_FORK
AC_FUNC_MMAP
AC_CHECK_FUNCS([memset strerror])
+# Note: this is always needed for fix-gnustack
+# and for paxctl-ng only with --enable-ptpax
+AC_CHECK_LIB(
+ [elf],
+ [elf_begin],
+ [],
+ [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])]
+)
+
AC_ARG_ENABLE(
[ptpax],
AS_HELP_STRING(
@@ -54,23 +63,12 @@ AC_ARG_ENABLE(
AS_IF(
[test "x$enable_ptpax" != "xno"],
[
- AC_CHECK_HEADERS(
- [gelf.h],
- [],
- [AC_MSG_ERROR(["Missing necessary gelf.h"])]
- )
AC_CHECK_DECLS(
[PT_PAX_FLAGS, PF_PAGEEXEC, PF_MPROTECT, PF_RANDMMAP],
[],
[AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])],
[[#include <gelf.h>]]
)
- AC_CHECK_LIB(
- [elf],
- [elf_begin],
- [],
- [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])]
- )
CFLAGS+=" -DPTPAX"
],
[
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d1bddda..e0e6035 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -29,6 +29,17 @@
#ifdef PTPAX
#include <gelf.h>
+#else
+ #define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */
+ #define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */
+ #define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */
+ #define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */
+ #define PF_MPROTECT (1 << 8) /* Enable MPROTECT */
+ #define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */
+ #define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */
+ #define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */
+ #define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */
+ #define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */
#endif
#ifdef XTPAX
@@ -108,18 +119,19 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
*verbose = 0;
*cp_flags = 0;
-/*
-#if !defined(PTPAX) && defined(XTPAX)
- while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcvh")) != -1)
-#elif defined(PTPAX) && defined(XTPAX)
- while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
-#else
- while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
-#endif
-*/
-
- //Accept all options and silently ignore irrelevant ones below
- //so we can pass any parameter in scripts
+ /* Accept all options and silently ignore irrelevant ones below.
+ * We can then pass any parameter in scripts without failure.
+ *
+ * Alternatively we could do
+ *
+ * #if !defined(PTPAX) && defined(XTPAX)
+ * while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcvh")) != -1)
+ * #elif defined(PTPAX) && defined(XTPAX)
+ * while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
+ * #else
+ * while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
+ * #endif
+ */
while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
{
@@ -185,6 +197,10 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
solitaire += 1;
*cp_flags = CREATE_XT_FLAGS_DEFAULT;
break;
+#else
+ case 'C':
+ case 'c':
+ break;
#endif
#if defined(PTPAX) && defined(XTPAX)
case 'F':
@@ -195,6 +211,10 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
solitaire += 1;
*cp_flags = COPY_XT_TO_PT_FLAGS;
break;
+#else
+ case 'F':
+ case 'f':
+ break;
#endif
case 'v':
*verbose = 1;
@@ -208,10 +228,14 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
}
}
- if( ((compat == 1 && solitaire == 0) ||
+ if(
+ (
+ (compat == 1 && solitaire == 0) ||
(compat == 0 && solitaire == 1) ||
(compat == 0 && solitaire == 0 && *verbose == 1)
- ) && argv[optind] != NULL)
+ )
+ && argv[optind] != NULL
+ )
{
*begin = optind;
*end = argc;
@@ -221,6 +245,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
}
+#ifdef PTPAX
uint16_t
get_pt_flags(int fd, int verbose)
{
@@ -271,6 +296,7 @@ get_pt_flags(int fd, int verbose)
elf_end(elf);
return pt_flags;
}
+#endif
#ifdef XTPAX
@@ -350,6 +376,7 @@ print_flags(int fd, int verbose)
uint16_t flags;
char buf[FLAGS_SIZE];
+#ifdef PTPAX
flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
printf("\tPT_PAX: not found\n");
@@ -359,6 +386,7 @@ print_flags(int fd, int verbose)
bin2string(flags, buf);
printf("\tPT_PAX: %s\n", buf);
}
+#endif
#ifdef XTPAX
flags = get_xt_flags(fd);
@@ -467,6 +495,7 @@ update_flags(uint16_t flags, uint16_t pax_flags)
}
+#ifdef PTPAX
void
set_pt_flags(int fd, uint16_t pt_flags, int verbose)
{
@@ -524,6 +553,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
elf_end(elf);
}
+#endif
#ifdef XTPAX
@@ -544,6 +574,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
{
uint16_t flags;
+#ifdef PTPAX
if(rdwr_pt_pax)
{
flags = get_pt_flags(fd, verbose);
@@ -552,6 +583,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
flags = update_flags( flags, *pax_flags);
set_pt_flags(fd, flags, verbose);
}
+#endif
#ifdef XTPAX
flags = get_xt_flags(fd);
@@ -580,8 +612,10 @@ create_xt_flags(int fd, int cp_flags)
bin2string(xt_flags, buf);
fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_CREATE);
}
+#endif
+#if defined(PTPAX) && defined(XTPAX)
void
copy_xt_flags(int fd, int cp_flags, int verbose)
{
@@ -617,6 +651,7 @@ main( int argc, char *argv[])
if(verbose)
printf("%s:\n", argv[fi]);
+#ifdef PTPAX
if((fd = open(argv[fi], O_RDWR)) < 0)
{
rdwr_pt_pax = 0;
@@ -629,11 +664,14 @@ main( int argc, char *argv[])
continue;
}
}
+#endif
#ifdef XTPAX
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
create_xt_flags(fd, cp_flags);
+#endif
+#if defined(PTPAX) && defined(XTPAX)
if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
copy_xt_flags(fd, cp_flags, verbose);
#endif
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/elfix:master commit in: src/, /
@ 2012-11-10 19:31 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2012-11-10 19:31 UTC (permalink / raw
To: gentoo-commits
commit: 193fe870825aa2e2b738acd6c2bd7fd4c4698ca9
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 19:30:50 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 19:30:50 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=193fe870
configure.ac: clean up checks for ptpax, xtpax
---
configure.ac | 90 +++++++++++++++++++++++++------------------------------
src/paxctl-ng.c | 53 ++++++++++++++++++++++----------
2 files changed, 78 insertions(+), 65 deletions(-)
diff --git a/configure.ac b/configure.ac
index f0299a8..bfbe367 100644
--- a/configure.ac
+++ b/configure.ac
@@ -48,37 +48,33 @@ AC_ARG_ENABLE(
AS_HELP_STRING(
[--enable-ptpax],
[enable support for pax markings in PT_PAX ELF phdr]
- ),
+ )
+)
+
+AS_IF(
+ [test "x$enable_ptpax" != "xno"],
[
- AS_IF(
- [test "x$enable_ptpax" = "xyes"],
- [
- AC_CHECK_HEADERS(
- [gelf.h],
- [],
- [AC_MSG_ERROR(["Missing necessary gelf.h"])]
- )
- AC_CHECK_DECLS(
- [PT_PAX_FLAGS, PF_PAGEEXEC, PF_MPROTECT, PF_RANDMMAP],
- [],
- [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])],
- [[#include <gelf.h>]]
- )
- AC_CHECK_LIB(
- [elf],
- [elf_begin],
- [],
- [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])]
- )
- CFLAGS+=" -DPTPAX"
- ],
- [
- CFLAGS+=" -UPTPAX"
- ]
+ AC_CHECK_HEADERS(
+ [gelf.h],
+ [],
+ [AC_MSG_ERROR(["Missing necessary gelf.h"])]
+ )
+ AC_CHECK_DECLS(
+ [PT_PAX_FLAGS, PF_PAGEEXEC, PF_MPROTECT, PF_RANDMMAP],
+ [],
+ [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])],
+ [[#include <gelf.h>]]
)
+ AC_CHECK_LIB(
+ [elf],
+ [elf_begin],
+ [],
+ [AC_MSG_ERROR(["Missing necessary function elf_begin in libelf"])]
+ )
+ CFLAGS+=" -DPTPAX"
],
[
- CFLAGS+=" -DPTPAX"
+ CFLAGS+=" -UPTPAX"
]
)
@@ -87,35 +83,31 @@ AC_ARG_ENABLE(
AS_HELP_STRING(
[--enable-xtpax],
[enable support for pax markings in xattrs]
- ),
+ )
+)
+
+AS_IF(
+ [test "x$enable_xtpax" != "xno"],
[
- AS_IF(
- [test "x$enable_xtpax" = "xyes"],
- [
- AC_CHECK_HEADERS(
- [attr/xattr.h],
- [],
- [AC_MSG_ERROR(["Missing necessary attr/xattr.h"])]
- )
- AC_CHECK_LIB(
- [attr],
- [fgetxattr],
- [],
- [AC_MSG_ERROR(["Missing necessary function fgetxattr in libattr"])]
- )
- CFLAGS+=" -DXTPAX"
- ],
- [
- CFLAGS+=" -UXTPAX"
- ]
+ AC_CHECK_HEADERS(
+ [attr/xattr.h],
+ [],
+ [AC_MSG_ERROR(["Missing necessary attr/xattr.h"])]
)
+ AC_CHECK_LIB(
+ [attr],
+ [fgetxattr],
+ [],
+ [AC_MSG_ERROR(["Missing necessary function fgetxattr in libattr"])]
+ )
+ CFLAGS+=" -DXTPAX"
],
[
- CFLAGS+=" -DXTPAX"
+ CFLAGS+=" -UXTPAX"
]
)
-if [test "x$enable_ptpax" != "xyes" -a "x$enable_xtpax" != "xyes" ]; then
+if [test "x$enable_ptpax" = "xno" -a "x$enable_xtpax" = "xno" ]; then
AC_MSG_ERROR(["You must enable either ptpax or xtpax"])
fi
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index b467c2a..d1bddda 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -22,30 +22,29 @@
#include <string.h>
#include <error.h>
#include <libgen.h>
-
-#include <gelf.h>
-
-#ifdef XTPAX
-#include <attr/xattr.h>
-#endif
-
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
-#include <config.h>
+#ifdef PTPAX
+ #include <gelf.h>
+#endif
#ifdef XTPAX
-#define PAX_NAMESPACE "user.pax.flags"
+ #include <attr/xattr.h>
+
+ #define PAX_NAMESPACE "user.pax.flags"
-#define CREATE_XT_FLAGS_SECURE 1
-#define CREATE_XT_FLAGS_DEFAULT 2
-#define COPY_PT_TO_XT_FLAGS 3
-#define COPY_XT_TO_PT_FLAGS 4
+ #define CREATE_XT_FLAGS_SECURE 1
+ #define CREATE_XT_FLAGS_DEFAULT 2
+ #define COPY_PT_TO_XT_FLAGS 3
+ #define COPY_XT_TO_PT_FLAGS 4
#endif
-#define FLAGS_SIZE 6
+#define FLAGS_SIZE 6
+
+#include <config.h>
void
print_help_exit(char *v)
@@ -58,7 +57,10 @@ print_help_exit(char *v)
"Description : Get or set pax flags on an ELF object\n\n"
"Usage : %s -PpSsMmEeRrv ELF | -Zv ELF | -zv ELF\n"
#ifdef XTPAX
- " : %s -Cv ELF | -cv ELF | -Fv ELF | -fv ELF\n"
+ " : %s -Cv ELF | -cv ELF\n"
+#endif
+#if defined(PTPAX) && defined(XTPAX)
+ " : %s -Fv ELF | -fv ELF\n"
#endif
" : %s -v ELF | -h\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
@@ -70,6 +72,8 @@ print_help_exit(char *v)
#ifdef XTPAX
" : -C create XT_PAX with most secure setting\n"
" : -c create XT_PAX all default settings\n"
+#endif
+#if defined(PTPAX) && defined(XTPAX)
" : -F copy PT_PAX to XT_PAX\n"
" : -f copy XT_PAX to PT_PAX\n"
#endif
@@ -78,7 +82,12 @@ print_help_exit(char *v)
"Note : If both enabling and disabling flags are set, the default - is used\n\n",
basename(v),
basename(v),
+#ifdef XTPAX
+ basename(v),
+#endif
+#if defined(PTPAX) && defined(XTPAX)
basename(v),
+#endif
basename(v)
);
@@ -98,11 +107,21 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
*pax_flags = 0;
*verbose = 0;
*cp_flags = 0;
-#ifdef XTPAX
+
+/*
+#if !defined(PTPAX) && defined(XTPAX)
+ while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcvh")) != -1)
+#elif defined(PTPAX) && defined(XTPAX)
while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
#else
while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
#endif
+*/
+
+ //Accept all options and silently ignore irrelevant ones below
+ //so we can pass any parameter in scripts
+
+ while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
{
switch(oc)
{
@@ -166,6 +185,8 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
solitaire += 1;
*cp_flags = CREATE_XT_FLAGS_DEFAULT;
break;
+#endif
+#if defined(PTPAX) && defined(XTPAX)
case 'F':
solitaire += 1;
*cp_flags = COPY_PT_TO_XT_FLAGS;
^ permalink raw reply related [flat|nested] 5+ messages in thread* [gentoo-commits] proj/elfix:master commit in: src/, /
@ 2011-11-03 11:13 Anthony G. Basile
0 siblings, 0 replies; 5+ messages in thread
From: Anthony G. Basile @ 2011-11-03 11:13 UTC (permalink / raw
To: gentoo-commits
commit: 4c796b141f0c1f246371d54a3de83931b603f82b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 11:13:44 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov 3 11:13:44 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=4c796b14
src/paxctl-ng.c: if open(O_RDWR) fails, PT_PAX is readonly
---
ChangeLog | 4 ++++
TODO | 2 --
src/paxctl-ng.c | 35 ++++++++++++++++++++++-------------
3 files changed, 26 insertions(+), 15 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index c352f82..e30cb77 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+
+ * paxctl-ng: if a file fails to open O_RDWR then
+ don't do PT_PAX markings but continue with XT_PAX
+
2011-10-23
* add XT_PAX read/write in paxct-ng.c and paxmodule.c
diff --git a/TODO b/TODO
index 065b0f3..537326a 100644
--- a/TODO
+++ b/TODO
@@ -1,5 +1,3 @@
2011-11-02 Anthony G. Basile <blueness@gentoo.org>
* paxctl-ng: add file globbing
- * paxctl-ng: if a file fails to open O_RDWR then
- don't do PT_PAX markings but continue with XT_PAX
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 2b0946a..d3ddb2f 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -451,15 +451,18 @@ set_xt_flags(int fd, uint16_t xt_flags)
void
-set_flags(int fd, uint16_t *pax_flags)
+set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
{
uint16_t flags;
- flags = get_pt_flags(fd);
- if( flags == UINT16_MAX )
- flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
- flags = update_flags( flags, *pax_flags);
- set_pt_flags(fd, flags);
+ if(rdwr_pt_pax)
+ {
+ flags = get_pt_flags(fd);
+ if( flags == UINT16_MAX )
+ flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ flags = update_flags( flags, *pax_flags);
+ set_pt_flags(fd, flags);
+ }
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
@@ -470,7 +473,7 @@ set_flags(int fd, uint16_t *pax_flags)
void
-create_xt_flag(fd, cp_flags)
+create_xt_flags(fd, cp_flags)
{
uint16_t xt_flags;
@@ -485,7 +488,7 @@ create_xt_flag(fd, cp_flags)
void
-copy_xt_flag(fd, cp_flags)
+copy_xt_flags(fd, cp_flags)
{
uint16_t flags;
if(cp_flags == 3)
@@ -508,20 +511,26 @@ main( int argc, char *argv[])
int fd;
uint16_t flags;
int view_flags, cp_flags;
+ int rdwr_pt_pax = 1;
f_name = parse_cmd_args(argc, argv, &flags, &view_flags, &cp_flags);
if((fd = open(f_name, O_RDWR)) < 0)
- error(EXIT_FAILURE, 0, "open() fail.");
+ {
+ rdwr_pt_pax = 0;
+ printf("open(O_RDWR) failed: cannot change PT_PAX flags\n");
+ if((fd = open(f_name, O_RDONLY)) < 0)
+ error(EXIT_FAILURE, 0, "open() failed");
+ }
if(cp_flags == 1 || cp_flags == 2)
- create_xt_flag(fd, cp_flags);
+ create_xt_flags(fd, cp_flags);
- if(cp_flags == 3 || cp_flags == 4)
- copy_xt_flag(fd, cp_flags);
+ if(cp_flags == 3 || (cp_flags == 4 && rdwr_pt_pax))
+ copy_xt_flags(fd, cp_flags);
if(flags != 1)
- set_flags(fd, &flags);
+ set_flags(fd, &flags, rdwr_pt_pax);
if(view_flags == 1)
print_flags(fd);
^ permalink raw reply related [flat|nested] 5+ messages in thread
end of thread, other threads:[~2014-06-07 11:56 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-06-07 11:56 [gentoo-commits] proj/elfix:master commit in: src/, / Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2012-11-10 23:19 Anthony G. Basile
2012-11-10 20:02 Anthony G. Basile
2012-11-10 19:31 Anthony G. Basile
2011-11-03 11:13 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox