From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] proj/elfix:master commit in: src/, scripts/
Date: Fri, 21 Oct 2011 21:19:51 +0000 (UTC) [thread overview]
Message-ID: <140d0f2e1dac6d5c4c8943025d204bcb1d3bfe20.blueness@gentoo> (raw)
commit: 140d0f2e1dac6d5c4c8943025d204bcb1d3bfe20
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Oct 21 21:19:46 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Oct 21 21:19:46 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=140d0f2e
src/paxctl-ng.c: prepare -C -c -F -f flags
---
scripts/paxmodule.c | 1 -
src/paxctl-ng.c | 81 ++++++++++++++++++++++++++++----------------------
2 files changed, 45 insertions(+), 37 deletions(-)
diff --git a/scripts/paxmodule.c b/scripts/paxmodule.c
index ed74430..a106ff5 100644
--- a/scripts/paxmodule.c
+++ b/scripts/paxmodule.c
@@ -112,7 +112,6 @@ get_xt_flags(int fd)
uint16_t xt_flags = UINT16_MAX;
fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
-
return xt_flags;
}
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index dccd8ac..b77b6f8 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -46,7 +46,9 @@ print_help(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF | -h\n\n"
+ "Usage : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF\n"
+ " : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
+ " : %s -v ELF | -h\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
" : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
" : -M enable MPROTECT\t-m disable MPROTECT\n"
@@ -54,10 +56,16 @@ print_help(char *v)
" : -R enable RANDMMAP\t-r disable RANDMMAP\n"
" : -X enable RANDEXEC\t-x disable RANDEXEC\n"
" : -Z most secure settings\t-z all default settings\n"
- " : -v view the flags\n"
+ " : -C create XT_PAX with most secure setting\n"
+ " : -c create XT_PAX all default settings\n"
+ " : -F copy PT_PAX to XT_PAX\n"
+ " : -f copy XT_PAX to PT_PAX\n"
+ " : -v view the flags, along with any accompanying operation\n"
" : -h print out this help\n\n"
"Note : If both enabling and disabling flags are set, the default - is used\n\n",
basename(v),
+ basename(v),
+ basename(v),
basename(v)
);
@@ -69,13 +77,13 @@ char *
parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
{
int i, oc;
- int compat;
+ int compat, solitaire;
compat = 0;
-
+ solitaire = 0;
*pax_flags = 0;
*view_flags = 0;
- while((oc = getopt(c, v,":PpEeMmRrXxSsZzvh")) != -1)
+ while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
switch(oc)
{
case 'P':
@@ -129,17 +137,28 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
case 'Z':
*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
- compat += 1;
+ solitaire += 1;
break ;
case 'z':
*pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
- compat += 1;
+ solitaire += 1;
+ break;
+ case 'C':
+ solitaire += 1;
+ break;
+ case 'c':
+ solitaire += 1;
+ break;
+ case 'F':
+ solitaire += 1;
+ break;
+ case 'f':
+ solitaire += 1;
break;
case 'v':
*view_flags = 1;
- compat |= 1;
break;
case 'h':
print_help(v[0]);
@@ -149,10 +168,17 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
}
- if(compat != 1 || v[optind] == NULL)
+ if
+ (
+ (
+ (compat == 1 && solitaire == 0) ||
+ (compat == 0 && solitaire == 1) ||
+ (compat == 0 && solitaire == 0 && *view_flags == 1)
+ ) && v[optind] != NULL
+ )
+ return v[optind] ;
+ else
print_help(v[0]);
-
- return v[optind] ;
}
@@ -201,16 +227,7 @@ get_xt_flags(int fd)
{
uint16_t xt_flags = UINT16_MAX;
- if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1)
- {
- if(errno == ERANGE )
- printf("XT_PAX: corrupted\n");
- if( errno == ENOATTR)
- printf("XT_PAX: not present\n");
- if(errno == ENOTSUP)
- printf("XT_PAX: not supported\n");
- }
-
+ fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
return xt_flags;
}
@@ -268,7 +285,7 @@ print_flags(int fd)
uint16_t
-new_flags(uint16_t flags, uint16_t pax_flags)
+update_flags(uint16_t flags, uint16_t pax_flags)
{
//PAGEEXEC
if(pax_flags & PF_PAGEEXEC)
@@ -424,13 +441,7 @@ set_pt_flags(int fd, uint16_t pt_flags)
void
set_xt_flags(int fd, uint16_t xt_flags)
{
- if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
- {
- if(errno == ENOSPC || errno == EDQUOT)
- printf("XT_PAX: insufficient space\n");
- if(errno == ENOTSUP)
- printf("XT_PAX: not supported\n");
- }
+ fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_REPLACE);
}
@@ -441,16 +452,14 @@ set_flags(int fd, uint16_t *pax_flags)
flags = get_pt_flags(fd);
if( flags == UINT16_MAX )
- flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
- PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
- flags = new_flags( flags, *pax_flags);
+ flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ flags = update_flags( flags, *pax_flags);
set_pt_flags(fd, flags);
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
- flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
- PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
- flags = new_flags( flags, *pax_flags);
+ flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ flags = update_flags( flags, *pax_flags);
set_xt_flags(fd, flags);
}
@@ -468,7 +477,7 @@ main( int argc, char *argv[])
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
- if(flags != 0)
+ if(flags != 1)
set_flags(fd, &flags);
if(view_flags == 1)
next reply other threads:[~2011-10-21 21:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-10-21 21:19 Anthony G. Basile [this message]
-- strict thread matches above, loose matches on Subject: below --
2012-11-10 20:52 [gentoo-commits] proj/elfix:master commit in: src/, scripts/ Anthony G. Basile
2012-07-21 17:09 Anthony G. Basile
2011-10-20 18:12 Anthony G. Basile
2011-10-20 17:09 Anthony G. Basile
2011-10-20 14:12 Anthony G. Basile
2011-10-18 18:15 Anthony G. Basile
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=140d0f2e1dac6d5c4c8943025d204bcb1d3bfe20.blueness@gentoo \
--to=blueness@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox