From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-commits+bounces-342224-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1QI4Vu-0008La-HA
	for garchives@archives.gentoo.org; Thu, 05 May 2011 19:47:06 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id BCF7B1C01D;
	Thu,  5 May 2011 19:46:59 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 798A61C01D
	for <gentoo-commits@lists.gentoo.org>; Thu,  5 May 2011 19:46:59 +0000 (UTC)
Received: from pelican.gentoo.org (unknown [66.219.59.40])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id E4EBD1B402D
	for <gentoo-commits@lists.gentoo.org>; Thu,  5 May 2011 19:46:58 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by pelican.gentoo.org (Postfix) with ESMTP id 52DFE80507
	for <gentoo-commits@lists.gentoo.org>; Thu,  5 May 2011 19:46:58 +0000 (UTC)
From: "Anthony G. Basile" <blueness@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Anthony G. Basile" <blueness@gentoo.org>
Message-ID: <1fe9aab862a37ebb377333133560b7790324eb2b.blueness@gentoo>
Subject: [gentoo-commits] proj/elfix:master commit in: /
X-VCS-Repository: proj/elfix
X-VCS-Committer: blueness
X-VCS-Committer-Name: Anthony G. Basile
X-VCS-Revision: 1fe9aab862a37ebb377333133560b7790324eb2b
Date: Thu,  5 May 2011 19:46:58 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 390ded686b90f05a88e7969ce3f7791b

commit:     1fe9aab862a37ebb377333133560b7790324eb2b
Author:     Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu=
>
AuthorDate: Thu May  5 19:46:23 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu May  5 19:46:23 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=3Dproj/elfix.git;a=3D=
commit;h=3D1fe9aab8

poc/mangle-paxflags.c: remove EI_PAX and PT_PAX_FLAGS from an elf


 Makefile.am                            |    5 +-
 configure.ac                           |   14 +++
 poc/Makefile.am                        |   26 +++++
 tests/bad-gnustack.c =3D> poc/bad-mmap.c |   15 ++-
 poc/mangle-paxflags.c                  |  181 ++++++++++++++++++++++++++=
++++++
 tests/Makefile.am                      |    1 -
 tests/bad-gnustack.c                   |    2 +-
 tests/bad32.asm                        |    2 +-
 tests/bad64.asm                        |    2 +-
 9 files changed, 240 insertions(+), 8 deletions(-)

diff --cc poc/Makefile.am
index 0000000,b5d0ae7..e8c94d5
mode 000000,100644..100644
--- a/poc/Makefile.am
+++ b/poc/Makefile.am
@@@ -1,0 -1,4 +1,26 @@@
+ noinst_PROGRAMS =3D mangle-paxflags bad-mmap
+ mangle_paxflags_SOURCES =3D mangle-paxflags.c
+ mangle_paxflags_LDADD =3D -lelf
+ bad_mmap_SOURCES =3D bad-mmap.c
++
++check_SCRIPTS =3D poc.sh
++
++poc.sh:
++	@echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D"
++	@echo
++	./mangle-paxflags bad-mmap
++	./bad-mmap
++	@echo
++	@echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D"
++	@echo
++	./mangle-paxflags -p bad-mmap
++	./mangle-paxflags bad-mmap
++	./bad-mmap
++	@echo
++	@echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D"
++	@echo
++	./mangle-paxflags -e bad-mmap
++	./mangle-paxflags bad-mmap
++	./bad-mmap
++	@echo
++	@echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D"
diff --cc poc/bad-mmap.c
index 74105ed,c459abb..04df26d
--- a/poc/bad-mmap.c
+++ b/poc/bad-mmap.c
@@@ -1,24 -1,20 +1,33 @@@
 +/*
- 	bad.c: C source for sample elf with X on GNU_STACK
++	bad-mmap.c: create 4k anonymous mmap with RWX protection
 +	Copyright (C) 2011  Anthony G. Basile
 +
 +	This program is free software: you can redistribute it and/or modify
 +	it under the terms of the GNU General Public License as published by
 +	the Free Software Foundation, either version 3 of the License, or
 +	(at your option) any later version.
 +
 +	This program is distributed in the hope that it will be useful,
 +	but WITHOUT ANY WARRANTY; without even the implied warranty of
 +	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 +	GNU General Public License for more details.
 +
 +	You should have received a copy of the GNU General Public License
 +	along with this program.  If not, see <http://www.gnu.org/licenses/>.
 +*/
++
+ #include <stdio.h>
  #include <stdlib.h>
+ #include <sys/mman.h>
+ #include <errno.h>
+ #include <string.h>
 =20
- int main()
+ int
+ main()
  {
- 	badness();
+ 	if( mmap(NULL, 4096, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_A=
NONYMOUS, -1, 0) !=3D MAP_FAILED )
 -	{
+ 		printf("mmap(): succeeded\n");
 -		return 0;
 -	}
+ 	else
 -	{
+ 		printf("mmap(): %s\n", strerror(errno));
 -		return 1;
 -	}
 +	return 0;
  }
diff --cc poc/mangle-paxflags.c
index 0000000,9d59a96..76fe56b
mode 000000,100644..100644
--- a/poc/mangle-paxflags.c
+++ b/poc/mangle-paxflags.c
@@@ -1,0 -1,72 +1,181 @@@
+ /*
 -	fix-gnustack.c: check and optionally remove exec flag on Elf GNU_STACK
++	mangle-paxflags.c: check and optionally remove EI_PAX and/or PT_PAX_FL=
AGS
+ 	Copyright (C) 2011  Anthony G. Basile
+=20
+ 	This program is free software: you can redistribute it and/or modify
+ 	it under the terms of the GNU General Public License as published by
+ 	the Free Software Foundation, either version 3 of the License, or
+ 	(at your option) any later version.
+=20
+ 	This program is distributed in the hope that it will be useful,
+ 	but WITHOUT ANY WARRANTY; without even the implied warranty of
+ 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ 	GNU General Public License for more details.
+=20
+ 	You should have received a copy of the GNU General Public License
+ 	along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+=20
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <error.h>
+=20
+ #include <gelf.h>
+=20
+ #include <sys/types.h>
+ #include <sys/stat.h>
+ #include <fcntl.h>
+ #include <unistd.h>
+=20
++// From chpax.h
++#define EI_PAX			14	// Index in e_ident[] where to read flags
++#define HF_PAX_PAGEEXEC         1	// 0: Paging based non-exec pages
++#define HF_PAX_EMUTRAMP         2	// 0: Emulate trampolines
++#define HF_PAX_MPROTECT         4	// 0: Restrict mprotect()
++#define HF_PAX_RANDMMAP         8	// 0: Randomize mmap() base
++#define HF_PAX_RANDEXEC         16	// 1: Randomize ET_EXEC base
++#define HF_PAX_SEGMEXEC         32	// 0: Segmentation based non-exec pa=
ges
++
++
++#define PRINT(E,F,I) printf("%s: %s\n", #E, E & F ? ( I ? "enabled" : "=
disabled" ) : ( I ? "disabled" : "enabled" ) );
++#define CASE(N,P) case P: printf("%d: %s\n", (int)N, #P); break
++
++
++char *
++parse_cmd_args( int c, char *v[], int *flag_ei_pax, int *flag_pt_pax_fl=
ags  )
++{
++	int i, oc;
++
++	if((c !=3D 2)&&(c !=3D 3)&&(c !=3D 4))
++		error(EXIT_FAILURE, 0, "Usage: %s [-e] [-p] elffile", v[0]);
++
++	*flag_ei_pax =3D 0;
++	*flag_pt_pax_flags =3D 0;
++	while((oc =3D getopt(c, v,":ep")) !=3D -1)
++		switch(oc)
++		{
++			case 'e':
++				*flag_ei_pax =3D 1;
++				break ;
++			case 'p':
++				*flag_pt_pax_flags =3D 1;
++				break;
++			case '?':
++			default:
++				error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) =
;
++		}
++
++	return v[optind] ;
++}
+=20
+=20
+ int
+ main( int argc, char *argv[])
+ {
+ 	int fd;
++	int flag_ei_pax, flag_pt_pax_flags;
++	int found_ei_pax, found_pt_pax_flags;
+ 	char *f_name;
+ 	size_t i, phnum;
+=20
+ 	Elf *elf;
++	GElf_Ehdr ehdr;
+ 	GElf_Phdr phdr;
+=20
 -	f_name =3D argv[1];
++	f_name =3D parse_cmd_args( argc, argv, &flag_ei_pax, &flag_pt_pax_flag=
s );
+=20
+ 	if(elf_version(EV_CURRENT) =3D=3D EV_NONE)
+ 		error(EXIT_FAILURE, 0, "Library out of date.");
+=20
 -	if((fd =3D open(f_name, O_RDWR)) < 0)
 -		error(EXIT_FAILURE, 0, "open() fail.");
 -	if((elf =3D elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) =3D=3D NULL)
 -		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(-1));
++	if( flag_ei_pax || flag_pt_pax_flags )
++	{
++		if((fd =3D open(f_name, O_RDWR)) < 0)
++			error(EXIT_FAILURE, 0, "open() fail.");
++		if((elf =3D elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) =3D=3D NULL)
++			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno(=
)));
++	}
++	else
++	{
++		if((fd =3D open(f_name, O_RDONLY)) < 0)
++			error(EXIT_FAILURE, 0, "open() fail.");
++		if((elf =3D elf_begin(fd, ELF_C_READ, NULL)) =3D=3D NULL)
++			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno(=
)));
++	}
++
+ 	if(elf_kind(elf) !=3D ELF_K_ELF)
+ 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+=20
++	if(gelf_getehdr(elf,&ehdr) !=3D &ehdr)
++		error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()))=
;
++
++	found_ei_pax =3D ((u_long) ehdr.e_ident[EI_PAX + 1] << 8) + (u_long) e=
hdr.e_ident[EI_PAX];
++
++	printf("=3D=3D=3D=3D EI_PAX =3D=3D=3D=3D\n") ;
++	PRINT(HF_PAX_PAGEEXEC, found_ei_pax, 0);
++	PRINT(HF_PAX_EMUTRAMP, found_ei_pax, 1);
++	PRINT(HF_PAX_MPROTECT, found_ei_pax, 0);
++	PRINT(HF_PAX_RANDMMAP, found_ei_pax, 0);
++	PRINT(HF_PAX_RANDEXEC, found_ei_pax, 1);
++	PRINT(HF_PAX_SEGMEXEC, found_ei_pax, 0);
++	printf("\n");
++
++	if( flag_ei_pax )
++	{
++		printf("Disabling EI_PAX\n\n");
++		ehdr.e_ident[EI_PAX]     =3D 0xFF;
++		ehdr.e_ident[EI_PAX + 1] =3D 0xFF;
++		if(!gelf_update_ehdr(elf, &ehdr))
++			error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errn=
o()));
++	}
++
++	printf("=3D=3D=3D=3D PHRDs =3D=3D=3D=3D\n") ;
++	found_pt_pax_flags =3D 0 ;
+ 	elf_getphdrnum(elf, &phnum);
+ 	for(i=3D0; i<phnum; ++i)
+ 	{
+ 		if(gelf_getphdr(elf, i, &phdr) !=3D &phdr)
 -			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(-1));
++			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno())=
);
++
++		switch(phdr.p_type)
++		{
++			CASE(i,PT_NULL);
++			CASE(i,PT_LOAD);
++			CASE(i,PT_DYNAMIC);
++			CASE(i,PT_INTERP);
++			CASE(i,PT_NOTE);
++			CASE(i,PT_SHLIB);
++			CASE(i,PT_PHDR);
++			CASE(i,PT_TLS);
++			CASE(i,PT_NUM);
++			CASE(i,PT_LOOS);
++			CASE(i,PT_GNU_EH_FRAME);
++			CASE(i,PT_GNU_STACK);
++			CASE(i,PT_GNU_RELRO);
++			CASE(i,PT_PAX_FLAGS);
++			CASE(i,PT_LOSUNW);
++			//CASE(i,PT_SUNWBSS);
++			CASE(i,PT_SUNWSTACK);
++			CASE(i,PT_HISUNW);
++			//CASE(i,PT_HIOS);
++			CASE(i,PT_LOPROC);
++			CASE(i,PT_HIPROC);
++		}
+=20
 -		if(phdr.p_type =3D=3D PT_PAX_FLAGS)
++		if((phdr.p_type =3D=3D PT_PAX_FLAGS) && flag_pt_pax_flags )
+ 		{
 -			printf("Found PT_PAX_FLAGS\n");
++			found_pt_pax_flags =3D 1 ;
+ 			phdr.p_type =3D PT_NULL;
+ 			if(!gelf_update_phdr(elf, i, &phdr))
 -				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(-1));
++				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_err=
no()));
+ 		}
+ 	}
+=20
++	if( found_pt_pax_flags )
++		printf("Setting PT_PAX_FLAGS to PT_NULL\n\n");
++	else
++		printf("\n\n");
++
+ 	elf_end(elf);
+ 	close(fd);
+ }
diff --cc tests/Makefile.am
index ab23520,ab23520..59bf905
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@@ -20,7 -20,7 +20,6 @@@ test.sh
  	@echo
  	@echo "Fixed Bad GNU_STACK Elf"
  	@../src/fix-gnustack bad-gnustack
--	@rm -f good
  	@echo
  	@echo "=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D"
 =20
diff --cc tests/bad-gnustack.c
index 74105ed,74105ed..fa7bcf5
--- a/tests/bad-gnustack.c
+++ b/tests/bad-gnustack.c
@@@ -1,5 -1,5 +1,5 @@@
  /*
--	bad.c: C source for sample elf with X on GNU_STACK
++	bad-gnustack.c: C source for sample elf with X on GNU_STACK
  	Copyright (C) 2011  Anthony G. Basile
 =20
  	This program is free software: you can redistribute it and/or modify
diff --cc tests/bad32.asm
index df8296c,df8296c..8020ac7
--- a/tests/bad32.asm
+++ b/tests/bad32.asm
@@@ -1,4 -1,4 +1,4 @@@
--;test-bad32.asm: 32-bit asm source for sample elf with X on GNU_STACK
++;bad32.asm: 32-bit asm source for sample elf with X on GNU_STACK
  ;Copyright (C) 2011  Anthony G. Basile
  ;
  ;This program is free software: you can redistribute it and/or modify
diff --cc tests/bad64.asm
index 3a8af73,3a8af73..1164095
--- a/tests/bad64.asm
+++ b/tests/bad64.asm
@@@ -1,4 -1,4 +1,4 @@@
--;test-bad64.asm: 64-bit asm source for sample elf with X on GNU_STACK
++;bad64.asm: 64-bit asm source for sample elf with X on GNU_STACK
  ;Copyright (C) 2011  Anthony G. Basile
  ;
  ;This program is free software: you can redistribute it and/or modify