* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-04 2:15 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-04 2:15 UTC (permalink / raw
To: gentoo-commits
commit: af0ba40a9aeb5d5e735705755c4169e48e672478
Author: Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Wed May 4 02:14:55 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed May 4 02:14:55 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=af0ba40a
Cleaned out unnecessary call to get ehdr
---
src/fix-gnustack.c | 4 ----
1 files changed, 0 insertions(+), 4 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 00a0c02..8315873 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -63,7 +63,6 @@ main( int argc, char *argv[])
size_t i, phnum;
Elf *elf;
- GElf_Ehdr ehdr;
GElf_Phdr phdr;
f_name = parse_cmd_args( argc, argv, &flagv );
@@ -89,9 +88,6 @@ main( int argc, char *argv[])
if(elf_kind(elf) != ELF_K_ELF)
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
- if(gelf_getehdr(elf,&ehdr) == NULL)
- error(EXIT_FAILURE, 0, "gelf_getehdr() fail: %s", elf_errmsg(-1));
-
elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-05 22:40 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-05 22:40 UTC (permalink / raw
To: gentoo-commits
commit: ff3437254e74ee47897425b217541b8362f17a20
Author: Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Thu May 5 22:38:50 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu May 5 22:38:50 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=ff343725
src/fix-gnustack.c: improved error messages
---
src/fix-gnustack.c | 10 +++++-----
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 8315873..75d72ea 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -75,14 +75,14 @@ main( int argc, char *argv[])
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(-1));
+ error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
else
{
if((fd = open(f_name, O_RDONLY)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(-1));
+ error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
if(elf_kind(elf) != ELF_K_ELF)
@@ -92,7 +92,7 @@ main( int argc, char *argv[])
for(i=0; i<phnum; ++i)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(-1));
+ error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_GNU_STACK)
{
@@ -104,10 +104,10 @@ main( int argc, char *argv[])
if(flagv && (phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
{
- printf("W&X FOUND: flipping X flag ...\n");
+ printf("W&X FOUND: X flag removed\n");
phdr.p_flags ^= PF_X;
if(!gelf_update_phdr(elf, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(-1));
+ error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
}
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-13 12:01 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-13 12:01 UTC (permalink / raw
To: gentoo-commits
commit: 4a373e637f72ade1f8aa1e6b2c912baabbb7c3d9
Author: Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Fri May 13 12:01:49 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri May 13 12:01:49 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=4a373e63
src/fix-gnustack.c: minor syntactic change
---
src/fix-gnustack.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 3c12700..2ef1a5d 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -44,7 +44,8 @@ print_help(char *v)
"options : Print out protection flags on PT_GNU_STACK\n"
" : -f Remove X if WX flags are set on PT_GNU_STACK\n"
" : -h Print out this help\n",
- basename(v), basename(v)
+ basename(v),
+ basename(v)
);
exit(EXIT_SUCCESS);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:11 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:11 UTC (permalink / raw
To: gentoo-commits
commit: d26443ff1b6cdb411dd4f7c195e4dc7824d5fcee
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:11:06 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:11:06 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d26443ff
src/paxctl-ng.c: remove create_flags option
---
src/paxctl-ng.c | 112 ++++++++++++-------------------------------------------
1 files changed, 24 insertions(+), 88 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 0957e36..4a099ec 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,7 +54,6 @@ print_help(char *v)
" : -x Disable RANDEXEC\t-X Enable RANDEXEC\n"
" : -s Disable SEGMEXEC\t-X Enable SEGMEXEC\n"
" : -z Default least secure\t-Z Default most secure\n"
- " : -C Created PT_PAX_FLAGS program header\n"
" : -h Print out this help\n",
basename(v),
basename(v)
@@ -65,7 +64,7 @@ print_help(char *v)
char *
-parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
+parse_cmd_args( int c, char *v[], int *pax_flags )
{
int i, oc;
@@ -73,7 +72,6 @@ parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
*pax_flags = 0;
- *create_flag = 0;
while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
switch(oc)
{
@@ -105,9 +103,6 @@ parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
break ;
case 'Z':
break;
- case 'C':
- *create_flag = 1;
- break;
case 'h':
print_help(v[0]);
break;
@@ -139,112 +134,53 @@ no_pt_pax_flags(Elf *e)
int
-create_pt_pax_flags(Elf *e)
-{
- size_t i, phnum;
- GElf_Phdr phdr;
-
- elf_getphdrnum(e, &phnum);
- for(i=0; i<phnum; ++i)
- {
- if(gelf_getphdr(e, i, &phdr) != &phdr)
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
- if(phdr.p_type == PT_NULL)
- {
- phdr.p_type = PT_PAX_FLAGS;
- phdr.p_flags = PF_NOEMUTRAMP|PF_NORANDEXEC;
- if(!gelf_update_phdr(e, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
- return 1;
- }
- }
-
-
- /*
- if( !(phdr = gelf_newphdr(Elf *e, size_t phnum)) )
- {
- phdr.p_type = PT_PAX_FLAGS;
- //phdr.p_offset
- //phdr.p_vaddr
- //phdr.p_paddr
- //phdr.p_filesz
- //phdr.p_memsz
- phdr.p_flags = PF_NOEMUTRAMP|PF_NORANDEXEC;
- //phdr.p_align
-
- if(!gelf_update_phdr(e, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
- return 1;
- }
- error(EXIT_FAILURE, 0, "gelf_newphdr(): %s", elf_errmsg(elf_errno()));
- */
-
-}
-
-
-int
main( int argc, char *argv[])
{
int fd;
- int pax_flags, create_flag;
+ int pax_flags;
char *f_name;
Elf *elf;
GElf_Ehdr ehdr;
- f_name = parse_cmd_args(argc, argv, &pax_flags, &create_flag);
+ f_name = parse_cmd_args(argc, argv, &pax_flags);
if(elf_version(EV_CURRENT) == EV_NONE)
error(EXIT_FAILURE, 0, "Library out of date.");
- if(create_flag)
- {
- if((fd = open(f_name, O_RDWR)) < 0)
- error(EXIT_FAILURE, 0, "open() fail.");
- if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
- }
- else
- {
- if((fd = open(f_name, O_RDONLY)) < 0)
- error(EXIT_FAILURE, 0, "open() fail.");
- if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
- }
+ if((fd = open(f_name, O_RDWR)) < 0)
+ error(EXIT_FAILURE, 0, "open() fail.");
+ if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+ error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
if(elf_kind(elf) != ELF_K_ELF)
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+ /*
+ if(gelf_getehdr(elf, &ehdr) != &ehdr)
+ error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+ ehdr.e_ident[EI_PAX] = 0;
+ ehdr.e_ident[EI_PAX + 1] = 0;
+ if(!gelf_update_ehdr(elf, &ehdr))
+ error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
- if(create_flag)
+ if(no_pt_pax_flags(elf))
{
- //To be safe, let's make sure EI_PAX flags are zero-ed for most secure legacy
- if(gelf_getehdr(elf, &ehdr) != &ehdr)
- error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
- ehdr.e_ident[EI_PAX] = 0;
- ehdr.e_ident[EI_PAX + 1] = 0;
-
- if(!gelf_update_ehdr(elf, &ehdr))
- error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
-
- if(no_pt_pax_flags(elf))
+ printf("PT_PAX_FLAGS phdr not found: creating one\n");
+ if(create_pt_pax_flags(elf))
{
- printf("PT_PAX_FLAGS phdr not found: creating one\n");
- if(create_pt_pax_flags(elf))
- {
- printf("PT_PAX_FLAGS phdr create: succeeded\n");
- }
- else
- error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
+ printf("PT_PAX_FLAGS phdr create: succeeded\n");
}
else
- error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
- }
-
+ error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
+ }
+ else
+ error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
+ }
+ */
/*
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:35 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:35 UTC (permalink / raw
To: gentoo-commits
commit: 4d1278d1d5b52aa9a0e10fd660473243269e52da
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:35:32 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:35:32 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=4d1278d1
src/paxctl-ng.c: remove create PAX_FLAGS and read flags option
---
src/paxctl-ng.c | 18 +++++++++++++-----
1 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4a099ec..5f33ebe 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,6 +54,7 @@ print_help(char *v)
" : -x Disable RANDEXEC\t-X Enable RANDEXEC\n"
" : -s Disable SEGMEXEC\t-X Enable SEGMEXEC\n"
" : -z Default least secure\t-Z Default most secure\n"
+ " : -v view the flags\n"
" : -h Print out this help\n",
basename(v),
basename(v)
@@ -69,10 +70,10 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
int i, oc;
if((c != 2)&&(c != 3)&&(c != 4))
- error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
+ error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
*pax_flags = 0;
- while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
+ while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
switch(oc)
{
case 'p':
@@ -103,6 +104,9 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
break ;
case 'Z':
break;
+ case 'v':
+ *pax_flags = -1; // Invalid flag signal read flags, not set
+ break;
case 'h':
print_help(v[0]);
break;
@@ -115,8 +119,11 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
}
+/*
+ * return 1 if PAX_FLAGS program header exists, 0 otherwise
+ */
int
-no_pt_pax_flags(Elf *e)
+pt_pax_flags(Elf *e)
{
size_t i, phnum;
GElf_Phdr phdr;
@@ -127,9 +134,9 @@ no_pt_pax_flags(Elf *e)
if(gelf_getphdr(e, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_PAX_FLAGS)
- return 0;
+ return 1;
}
- return 1;
+ return 0;
}
@@ -150,6 +157,7 @@ main( int argc, char *argv[])
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
+
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:36 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:36 UTC (permalink / raw
To: gentoo-commits
commit: 6dce7c7ae76c8f3b07e799cfbe2cef2d4952afff
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:35:32 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:36:22 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=6dce7c7a
src/paxctl-ng.c: remove create PAX_FLAGS and add read flags option
---
src/paxctl-ng.c | 18 +++++++++++++-----
1 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4a099ec..5f33ebe 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,6 +54,7 @@ print_help(char *v)
" : -x Disable RANDEXEC\t-X Enable RANDEXEC\n"
" : -s Disable SEGMEXEC\t-X Enable SEGMEXEC\n"
" : -z Default least secure\t-Z Default most secure\n"
+ " : -v view the flags\n"
" : -h Print out this help\n",
basename(v),
basename(v)
@@ -69,10 +70,10 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
int i, oc;
if((c != 2)&&(c != 3)&&(c != 4))
- error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
+ error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
*pax_flags = 0;
- while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
+ while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
switch(oc)
{
case 'p':
@@ -103,6 +104,9 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
break ;
case 'Z':
break;
+ case 'v':
+ *pax_flags = -1; // Invalid flag signal read flags, not set
+ break;
case 'h':
print_help(v[0]);
break;
@@ -115,8 +119,11 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
}
+/*
+ * return 1 if PAX_FLAGS program header exists, 0 otherwise
+ */
int
-no_pt_pax_flags(Elf *e)
+pt_pax_flags(Elf *e)
{
size_t i, phnum;
GElf_Phdr phdr;
@@ -127,9 +134,9 @@ no_pt_pax_flags(Elf *e)
if(gelf_getphdr(e, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_PAX_FLAGS)
- return 0;
+ return 1;
}
- return 1;
+ return 0;
}
@@ -150,6 +157,7 @@ main( int argc, char *argv[])
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
+
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 0:23 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 0:23 UTC (permalink / raw
To: gentoo-commits
commit: 24a916492fd0d5641f69ade39ae2f9ae2b838303
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 00:22:51 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 00:22:51 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=24a91649
src/paxctl-ng.c: added read EI/PT_PAX flags
---
src/paxctl-ng.c | 156 ++++++++++++++++++++++++------------------------------
1 files changed, 69 insertions(+), 87 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5f33ebe..d7c58a5 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -17,6 +17,7 @@
*/
#include <stdio.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <error.h>
@@ -31,10 +32,14 @@
#include <config.h>
-#define EI_PAX 14 // Index in e_ident[] where to read flags - from chpax.h
+#define HF_PAX_PAGEEXEC 1
+#define HF_PAX_EMUTRAMP 2
+#define HF_PAX_MPROTECT 4
+#define HF_PAX_RANDMMAP 8
+#define HF_PAX_RANDEXEC 16
+#define HF_PAX_SEGMEXEC 32
-#define PRINT(E,F,I) printf("%s:\t%s\n", #E, E & F ? ( I ? "enabled" : "disabled" ) : ( I ? "disabled" : "enabled" ) );
-#define CASE(N,P) case P: printf("%d: %s\n", (int)N, #P); break
+#define EI_PAX 14 // Index to read the PaX flags into ELF header e_ident[] array
void
@@ -65,7 +70,7 @@ print_help(char *v)
char *
-parse_cmd_args( int c, char *v[], int *pax_flags )
+parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
{
int i, oc;
@@ -73,6 +78,7 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
*pax_flags = 0;
+ *view_flags = 0;
while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
switch(oc)
{
@@ -105,7 +111,7 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
case 'Z':
break;
case 'v':
- *pax_flags = -1; // Invalid flag signal read flags, not set
+ *view_flags = 1;
break;
case 'h':
print_help(v[0]);
@@ -119,24 +125,69 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
}
-/*
- * return 1 if PAX_FLAGS program header exists, 0 otherwise
- */
-int
-pt_pax_flags(Elf *e)
+#define BUF_SIZE 7
+void
+print_flags(Elf *e, GElf_Ehdr *eh)
{
+ char ei_buf[BUF_SIZE];
+ char pt_buf[BUF_SIZE];
+ uint16_t ei_flags;
+
+ char found_pt_pax;
size_t i, phnum;
GElf_Phdr phdr;
+ memset(ei_buf, 0, BUF_SIZE);
+ memset(pt_buf, 0, BUF_SIZE);
+
+ ei_flags = eh->e_ident[EI_PAX] + (eh->e_ident[EI_PAX + 1] << 8);
+
+ ei_buf[0] = ei_flags & HF_PAX_PAGEEXEC ? 'p' : 'P';
+ ei_buf[1] = ei_flags & HF_PAX_SEGMEXEC ? 's' : 'S';
+ ei_buf[2] = ei_flags & HF_PAX_MPROTECT ? 'm' : 'M';
+ ei_buf[3] = ei_flags & HF_PAX_EMUTRAMP ? 'E' : 'e';
+ ei_buf[4] = ei_flags & HF_PAX_RANDMMAP ? 'r' : 'R';
+ ei_buf[5] = ei_flags & HF_PAX_RANDEXEC ? 'X' : 'x';
+
+ printf("EI_PAX: %s\n", ei_buf);
+
+ found_pt_pax = 0;
elf_getphdrnum(e, &phnum);
for(i=0; i<phnum; ++i)
{
if(gelf_getphdr(e, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_PAX_FLAGS)
- return 1;
+ {
+ found_pt_pax = 1;
+
+ pt_buf[0] = phdr.p_flags & PF_PAGEEXEC ? 'P' :
+ phdr.p_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+
+ pt_buf[1] = phdr.p_flags & PF_SEGMEXEC ? 'S' :
+ phdr.p_flags & PF_NOSEGMEXEC ? 's' : '-';
+
+ pt_buf[2] = phdr.p_flags & PF_MPROTECT ? 'M' :
+ phdr.p_flags & PF_NOMPROTECT ? 'm' : '-';
+
+ pt_buf[3] = phdr.p_flags & PF_EMUTRAMP ? 'E' :
+ phdr.p_flags & PF_NOEMUTRAMP ? 'e' : '-';
+
+ pt_buf[4] = phdr.p_flags & PF_RANDMMAP ? 'R' :
+ phdr.p_flags & PF_NORANDMMAP ? 'r' : '-';
+
+ pt_buf[5] = phdr.p_flags & PF_RANDEXEC ? 'X' :
+ phdr.p_flags & PF_NORANDEXEC ? 'x' : '-';
+ }
}
- return 0;
+
+ if(found_pt_pax)
+ printf("PT_PAX: %s\n", pt_buf);
+ else
+ printf("PT_PAX: not found\n");
+
+ if(strcmp(ei_buf, pt_buf))
+ printf("EI_PAX != PT_PAX\n");
}
@@ -144,13 +195,13 @@ int
main( int argc, char *argv[])
{
int fd;
- int pax_flags;
+ int pax_flags, view_flags;
char *f_name;
Elf *elf;
GElf_Ehdr ehdr;
- f_name = parse_cmd_args(argc, argv, &pax_flags);
+ f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags);
if(elf_version(EV_CURRENT) == EV_NONE)
error(EXIT_FAILURE, 0, "Library out of date.");
@@ -164,92 +215,23 @@ main( int argc, char *argv[])
if(elf_kind(elf) != ELF_K_ELF)
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
-
- /*
+ // get ehdr
if(gelf_getehdr(elf, &ehdr) != &ehdr)
error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
- ehdr.e_ident[EI_PAX] = 0;
- ehdr.e_ident[EI_PAX + 1] = 0;
+ if(view_flags == 1)
+ print_flags(elf, &ehdr);
+ /*
if(!gelf_update_ehdr(elf, &ehdr))
error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
- if(no_pt_pax_flags(elf))
- {
- printf("PT_PAX_FLAGS phdr not found: creating one\n");
- if(create_pt_pax_flags(elf))
- {
- printf("PT_PAX_FLAGS phdr create: succeeded\n");
- }
- else
- error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
- }
- else
- error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
- }
- */
-
-
- /*
- printf("==== EI_PAX ====\n") ;
- PRINT(HF_PAX_PAGEEXEC, found_ei_pax, 0);
- PRINT(HF_PAX_EMUTRAMP, found_ei_pax, 1);
- PRINT(HF_PAX_MPROTECT, found_ei_pax, 0);
- PRINT(HF_PAX_RANDMMAP, found_ei_pax, 0);
- PRINT(HF_PAX_RANDEXEC, found_ei_pax, 1);
- PRINT(HF_PAX_SEGMEXEC, found_ei_pax, 0);
- printf("\n");
-
-
- printf("==== PHRDs ====\n") ;
elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
- switch(phdr.p_type)
- {
- CASE(i,PT_NULL);
- CASE(i,PT_LOAD);
- CASE(i,PT_DYNAMIC);
- CASE(i,PT_INTERP);
- CASE(i,PT_NOTE);
- CASE(i,PT_SHLIB);
- CASE(i,PT_PHDR);
- CASE(i,PT_TLS);
- CASE(i,PT_NUM);
- CASE(i,PT_LOOS);
- CASE(i,PT_GNU_EH_FRAME);
- CASE(i,PT_GNU_STACK);
- CASE(i,PT_GNU_RELRO);
- CASE(i,PT_PAX_FLAGS);
- CASE(i,PT_LOSUNW);
- //CASE(i,PT_SUNWBSS);
- CASE(i,PT_SUNWSTACK);
- CASE(i,PT_HISUNW);
- //CASE(i,PT_HIOS);
- CASE(i,PT_LOPROC);
- CASE(i,PT_HIPROC);
- }
-
- if(phdr.p_type == PT_PAX_FLAGS)
- {
- PRINT(PF_PAGEEXEC, phdr.p_flags, 1);
- PRINT(PF_NOPAGEEXEC, phdr.p_flags, 1);
- PRINT(PF_SEGMEXEC, phdr.p_flags, 1);
- PRINT(PF_NOSEGMEXEC, phdr.p_flags, 1);
- PRINT(PF_MPROTECT, phdr.p_flags, 1);
- PRINT(PF_NOMPROTECT, phdr.p_flags, 1);
- PRINT(PF_RANDEXEC, phdr.p_flags, 1);
- PRINT(PF_NORANDEXEC, phdr.p_flags, 1);
- PRINT(PF_EMUTRAMP, phdr.p_flags, 1);
- PRINT(PF_NOEMUTRAMP, phdr.p_flags, 1);
- PRINT(PF_RANDMMAP, phdr.p_flags, 1);
- PRINT(PF_NORANDMMAP, phdr.p_flags, 1);
- }
-
if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
{
printf("CONVERTED -> PT_NULL\n\n");
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 1:54 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 1:54 UTC (permalink / raw
To: gentoo-commits
commit: 9479f0ca040e95f24da74818242850f0cf8fff29
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 01:54:00 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 01:54:00 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=9479f0ca
src/paxctl-ng.c: construct pax flags from command line
---
src/paxctl-ng.c | 51 +++++++++++++++++++++++++++++++++++----------------
1 files changed, 35 insertions(+), 16 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d7c58a5..c7206c3 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -50,7 +50,7 @@ print_help(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}\n"
+ "Usage : %s {[-PpEeMmRrXxSsZzv] ELFfile | [-h]}\n"
"options : Print out pax flag information\n"
" : -p Disable PAGEEXEC\t-P Enable PAGEEXEC\n"
" : -e Disable EMUTRAMP\t-E Enable EMUTRAMP\n"
@@ -74,41 +74,54 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
{
int i, oc;
- if((c != 2)&&(c != 3)&&(c != 4))
- error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
-
*pax_flags = 0;
*view_flags = 0;
- while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
+ while((oc = getopt(c, v,":PpEeMmRrXxSsZzvh")) != -1)
switch(oc)
{
+ case 'P':
+ *pax_flags |= PF_PAGEEXEC;
+ break;
case 'p':
+ *pax_flags |= PF_NOPAGEEXEC;
break ;
- case 'P':
+ case 'S':
+ *pax_flags |= PF_SEGMEXEC;
break;
- case 'e':
+ case 's':
+ *pax_flags |= PF_NOSEGMEXEC;
break ;
- case 'E':
+ case 'M':
+ *pax_flags |= PF_MPROTECT;
break;
case 'm':
+ *pax_flags |= PF_NOMPROTECT;
break ;
- case 'M':
+ case 'E':
+ *pax_flags |= PF_EMUTRAMP;
break;
- case 'r':
+ case 'e':
+ *pax_flags |= PF_NOEMUTRAMP;
break ;
case 'R':
+ *pax_flags |= PF_RANDMMAP;
break;
- case 'x':
+ case 'r':
+ *pax_flags |= PF_NORANDMMAP;
break ;
case 'X':
+ *pax_flags |= PF_RANDEXEC;
break;
- case 's':
- break ;
- case 'S':
- break;
- case 'z':
+ case 'x':
+ *pax_flags |= PF_NORANDEXEC;
break ;
case 'Z':
+ *pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
+ PF_NOEMUTRAMP | PF_RANDMMAP | PF_RANDEXEC;
+ break ;
+ case 'z':
+ *pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
+ PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
break;
case 'v':
*view_flags = 1;
@@ -121,6 +134,12 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
}
+// if((c != 2)&&(c != 3)&&(c != 4))
+// error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+
+ if(v[optind] == NULL)
+ error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+
return v[optind] ;
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 2:32 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 2:32 UTC (permalink / raw
To: gentoo-commits
commit: b2b949773957407f80276281b3bbb927bd007ec4
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 02:32:32 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 02:32:32 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b2b94977
src/paxctl-ng.c: add constraints on command line flags
---
src/paxctl-ng.c | 63 +++++++++++++++++++++++++++++++++++++++++-------------
1 files changed, 48 insertions(+), 15 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index c7206c3..361e9a7 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -46,21 +46,21 @@ void
print_help(char *v)
{
printf(
+ "\n"
"Package Name : " PACKAGE_STRING "\n"
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s {[-PpEeMmRrXxSsZzv] ELFfile | [-h]}\n"
- "options : Print out pax flag information\n"
- " : -p Disable PAGEEXEC\t-P Enable PAGEEXEC\n"
- " : -e Disable EMUTRAMP\t-E Enable EMUTRAMP\n"
- " : -m Disable MPROTECT\t-M Enable MPROTECT\n"
- " : -r Disable RANDMMAP\t-R Enable RANDMMAP\n"
- " : -x Disable RANDEXEC\t-X Enable RANDEXEC\n"
- " : -s Disable SEGMEXEC\t-X Enable SEGMEXEC\n"
- " : -z Default least secure\t-Z Default most secure\n"
- " : -v view the flags\n"
- " : -h Print out this help\n",
+ "Usage : %s [-{Pp}{Ee}{Mm}{Rr}{Xx}{Ss}v ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
+ "options : -P Enable PAGEEXEC\tor\t-p disable PAGEEXEC\n"
+ " : -E Enable EMUTRAMP\tor\t-e disable EMUTRAMP\n"
+ " : -M Enable MPROTECT\tor\t-m disable MPROTECT\n"
+ " : -R Enable RANDMMAP\tor\t-r disable RANDMMAP\n"
+ " : -X Enable RANDEXEC\tor\t-x disable RANDEXEC\n"
+ " : -S Enable SEGMEXEC\tor\t-s disable SEGMEXEC\n"
+ " : -Z Default most secure\tor\t-z Default least secure\n"
+ " : -v view the flags\n"
+ " : -h Print out this help\n\n",
basename(v),
basename(v)
);
@@ -73,6 +73,9 @@ char *
parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
{
int i, oc;
+ int compat;
+
+ compat = 0;
*pax_flags = 0;
*view_flags = 0;
@@ -81,50 +84,65 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
{
case 'P':
*pax_flags |= PF_PAGEEXEC;
+ compat |= 1;
break;
case 'p':
*pax_flags |= PF_NOPAGEEXEC;
+ compat |= 1;
break ;
case 'S':
*pax_flags |= PF_SEGMEXEC;
+ compat |= 1;
break;
case 's':
*pax_flags |= PF_NOSEGMEXEC;
+ compat |= 1;
break ;
case 'M':
*pax_flags |= PF_MPROTECT;
+ compat |= 1;
break;
case 'm':
*pax_flags |= PF_NOMPROTECT;
+ compat |= 1;
break ;
case 'E':
*pax_flags |= PF_EMUTRAMP;
+ compat |= 1;
break;
case 'e':
*pax_flags |= PF_NOEMUTRAMP;
+ compat |= 1;
break ;
case 'R':
*pax_flags |= PF_RANDMMAP;
+ compat |= 1;
break;
case 'r':
*pax_flags |= PF_NORANDMMAP;
+ compat |= 1;
break ;
case 'X':
*pax_flags |= PF_RANDEXEC;
+ compat |= 1;
break;
case 'x':
*pax_flags |= PF_NORANDEXEC;
+ compat |= 1;
break ;
case 'Z':
*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
PF_NOEMUTRAMP | PF_RANDMMAP | PF_RANDEXEC;
+ compat += 1;
break ;
case 'z':
*pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
+ compat += 1;
break;
case 'v':
*view_flags = 1;
+ compat |= 1;
break;
case 'h':
print_help(v[0]);
@@ -134,11 +152,26 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
}
-// if((c != 2)&&(c != 3)&&(c != 4))
-// error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+ if( (*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+ compat = 2;
+
+ if( (*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+ compat = 2;
+
+ if( (*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+ compat = 2;
+
+ if( (*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+ compat = 2;
+
+ if( (*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+ compat = 2;
+
+ if( (*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+ compat = 2;
- if(v[optind] == NULL)
- error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+ if(compat != 1 || v[optind] == NULL)
+ print_help(v[0]);
return v[optind] ;
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 3:40 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 3:40 UTC (permalink / raw
To: gentoo-commits
commit: 657823f4a515099433694e8a1aad7f9f2a107c23
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 03:40:44 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 03:40:44 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=657823f4
src/paxctl-ng.c: enable+disable flag means default setting
---
src/paxctl-ng.c | 129 ++++++++++++++++++++++++++++---------------------------
1 files changed, 66 insertions(+), 63 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 361e9a7..cbb4084 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -51,16 +51,17 @@ print_help(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s [-{Pp}{Ee}{Mm}{Rr}{Xx}{Ss}v ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
- "options : -P Enable PAGEEXEC\tor\t-p disable PAGEEXEC\n"
- " : -E Enable EMUTRAMP\tor\t-e disable EMUTRAMP\n"
- " : -M Enable MPROTECT\tor\t-m disable MPROTECT\n"
- " : -R Enable RANDMMAP\tor\t-r disable RANDMMAP\n"
- " : -X Enable RANDEXEC\tor\t-x disable RANDEXEC\n"
- " : -S Enable SEGMEXEC\tor\t-s disable SEGMEXEC\n"
- " : -Z Default most secure\tor\t-z Default least secure\n"
+ "Usage : %s [-PpEeMmRrXxSsv ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
+ "Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
+ " : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
+ " : -M enable MPROTECT\t-m disable MPROTECT\n"
+ " : -R enable RANDMMAP\t-r disable RANDMMAP\n"
+ " : -X enable RANDEXEC\t-x disable RANDEXEC\n"
+ " : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
+ " : -Z most secure settings\t-z all default settings\n"
" : -v view the flags\n"
- " : -h Print out this help\n\n",
+ " : -h print out this help\n\n"
+ "Note : If both enabling and disabling flags are set, the default - is used\n\n",
basename(v),
basename(v)
);
@@ -136,8 +137,7 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
compat += 1;
break ;
case 'z':
- *pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
- PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
+ *pax_flags = -1;
compat += 1;
break;
case 'v':
@@ -152,24 +152,6 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
}
- if( (*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
- compat = 2;
-
- if( (*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
- compat = 2;
-
- if( (*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
- compat = 2;
-
- if( (*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
- compat = 2;
-
- if( (*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
- compat = 2;
-
- if( (*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
- compat = 2;
-
if(compat != 1 || v[optind] == NULL)
print_help(v[0]);
@@ -179,20 +161,25 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
#define BUF_SIZE 7
void
-print_flags(Elf *e, GElf_Ehdr *eh)
+print_flags(Elf *elf)
{
+ GElf_Ehdr ehdr;
char ei_buf[BUF_SIZE];
- char pt_buf[BUF_SIZE];
uint16_t ei_flags;
+ GElf_Phdr phdr;
+ char pt_buf[BUF_SIZE];
char found_pt_pax;
size_t i, phnum;
- GElf_Phdr phdr;
+
memset(ei_buf, 0, BUF_SIZE);
memset(pt_buf, 0, BUF_SIZE);
- ei_flags = eh->e_ident[EI_PAX] + (eh->e_ident[EI_PAX + 1] << 8);
+ if(gelf_getehdr(elf, &ehdr) != &ehdr)
+ error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+ ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
ei_buf[0] = ei_flags & HF_PAX_PAGEEXEC ? 'p' : 'P';
ei_buf[1] = ei_flags & HF_PAX_SEGMEXEC ? 's' : 'S';
@@ -204,10 +191,10 @@ print_flags(Elf *e, GElf_Ehdr *eh)
printf("EI_PAX: %s\n", ei_buf);
found_pt_pax = 0;
- elf_getphdrnum(e, &phnum);
+ elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
- if(gelf_getphdr(e, i, &phdr) != &phdr)
+ if(gelf_getphdr(elf, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_PAX_FLAGS)
{
@@ -238,8 +225,47 @@ print_flags(Elf *e, GElf_Ehdr *eh)
else
printf("PT_PAX: not found\n");
- if(strcmp(ei_buf, pt_buf))
- printf("EI_PAX != PT_PAX\n");
+ //Only compare non default flags
+ //if(strcmp(ei_buf, pt_buf))
+ // printf("EI_PAX != PT_PAX\n");
+}
+
+
+void
+set_flags(Elf *elf)
+{
+ GElf_Ehdr ehdr;
+ char ei_buf[BUF_SIZE];
+ uint16_t ei_flags;
+
+ GElf_Phdr phdr;
+ char pt_buf[BUF_SIZE];
+ char found_pt_pax;
+ size_t i, phnum;
+
+
+ memset(ei_buf, 0, BUF_SIZE);
+ memset(pt_buf, 0, BUF_SIZE);
+
+ /*
+ if(!gelf_update_ehdr(e, &ehdr))
+ error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
+
+ elf_getphdrnum(elf, &phnum);
+ for(i=0; i<phnum; ++i)
+ {
+ if(gelf_getphdr(elf, i, &phdr) != &phdr)
+ error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+
+ if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
+ {
+ printf("CONVERTED -> PT_NULL\n\n");
+ phdr.p_type = PT_NULL;
+ if(!gelf_update_phdr(elf, i, &phdr))
+ error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ }
+ }
+ */
}
@@ -251,7 +277,6 @@ main( int argc, char *argv[])
char *f_name;
Elf *elf;
- GElf_Ehdr ehdr;
f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags);
@@ -267,33 +292,11 @@ main( int argc, char *argv[])
if(elf_kind(elf) != ELF_K_ELF)
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
- // get ehdr
- if(gelf_getehdr(elf, &ehdr) != &ehdr)
- error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
if(view_flags == 1)
- print_flags(elf, &ehdr);
+ print_flags(elf);
- /*
- if(!gelf_update_ehdr(elf, &ehdr))
- error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
-
- elf_getphdrnum(elf, &phnum);
- for(i=0; i<phnum; ++i)
- {
- if(gelf_getphdr(elf, i, &phdr) != &phdr)
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
-
- if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
- {
- printf("CONVERTED -> PT_NULL\n\n");
- phdr.p_type = PT_NULL;
- if(!gelf_update_phdr(elf, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
- }
- }
- printf("\n\n");
- */
+ if(pax_flags != 0)
+ set_flags(elf);
elf_end(elf);
close(fd);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 21:12 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 21:12 UTC (permalink / raw
To: gentoo-commits
commit: ee8a46401830c8ce6256b906cc831bd66a8c370c
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 21:12:12 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 21:12:12 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=ee8a4640
src/paxctl-ng.c: set EI_PAX flags
---
src/paxctl-ng.c | 56 ++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 49 insertions(+), 7 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index cbb4084..3842d08 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -232,7 +232,7 @@ print_flags(Elf *elf)
void
-set_flags(Elf *elf)
+set_flags(Elf *elf, int *pax_flags)
{
GElf_Ehdr ehdr;
char ei_buf[BUF_SIZE];
@@ -240,17 +240,59 @@ set_flags(Elf *elf)
GElf_Phdr phdr;
char pt_buf[BUF_SIZE];
+ uint16_t pt_flags;
char found_pt_pax;
size_t i, phnum;
-
memset(ei_buf, 0, BUF_SIZE);
memset(pt_buf, 0, BUF_SIZE);
- /*
- if(!gelf_update_ehdr(e, &ehdr))
+ if(gelf_getehdr(elf, &ehdr) != &ehdr)
+ error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+ ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
+
+ if(*pax_flags & PF_PAGEEXEC)
+ ei_flags &= ~HF_PAX_PAGEEXEC;
+ if(*pax_flags & PF_NOPAGEEXEC)
+ ei_flags |= HF_PAX_PAGEEXEC;
+
+ if(*pax_flags & PF_SEGMEXEC)
+ ei_flags &= ~HF_PAX_SEGMEXEC;
+ if(*pax_flags & PF_NOSEGMEXEC)
+ ei_flags |= HF_PAX_SEGMEXEC;
+
+ if(*pax_flags & PF_MPROTECT)
+ ei_flags &= ~HF_PAX_MPROTECT;
+ if(*pax_flags & PF_NOMPROTECT)
+ ei_flags |= HF_PAX_MPROTECT;
+
+ if(*pax_flags & PF_EMUTRAMP)
+ ei_flags |= HF_PAX_EMUTRAMP;
+ if(*pax_flags & PF_NOEMUTRAMP)
+ ei_flags &= ~HF_PAX_EMUTRAMP;
+
+ if(*pax_flags & PF_RANDMMAP)
+ ei_flags &= ~HF_PAX_RANDMMAP;
+ if(*pax_flags & PF_NORANDMMAP)
+ ei_flags |= HF_PAX_RANDMMAP;
+
+ if(*pax_flags & PF_RANDEXEC)
+ ei_flags |= HF_PAX_RANDEXEC;
+ if(*pax_flags & PF_NORANDEXEC)
+ ei_flags &= ~HF_PAX_RANDEXEC;
+
+
+ if(gelf_getehdr(elf, &ehdr) != &ehdr)
+ error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+ ehdr.e_ident[EI_PAX] = (uint8_t)ei_flags ;
+ ehdr.e_ident[EI_PAX + 1] = (uint8_t)(ei_flags >> 8) ;
+
+ if(!gelf_update_ehdr(elf, &ehdr))
error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
+ /*
elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
@@ -292,12 +334,12 @@ main( int argc, char *argv[])
if(elf_kind(elf) != ELF_K_ELF)
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+ if(pax_flags != 0)
+ set_flags(elf, &pax_flags);
+
if(view_flags == 1)
print_flags(elf);
- if(pax_flags != 0)
- set_flags(elf);
-
elf_end(elf);
close(fd);
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-18 14:20 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-18 14:20 UTC (permalink / raw
To: gentoo-commits
commit: d7add1d5f80d33c20b636e4cce0cdd03a5155d35
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 18 14:20:22 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 18 14:20:22 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d7add1d5
src/paxctl-ng.c: set PT_PAX flags
---
src/paxctl-ng.c | 49 ++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 42 insertions(+), 7 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 3842d08..9d6a76e 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -53,11 +53,11 @@ print_help(char *v)
"Description : Get or set pax flags on an ELF object\n\n"
"Usage : %s [-PpEeMmRrXxSsv ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
- " : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
+ " : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
" : -M enable MPROTECT\t-m disable MPROTECT\n"
+ " : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
" : -R enable RANDMMAP\t-r disable RANDMMAP\n"
" : -X enable RANDEXEC\t-x disable RANDEXEC\n"
- " : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
" : -Z most secure settings\t-z all default settings\n"
" : -v view the flags\n"
" : -h print out this help\n\n"
@@ -292,22 +292,57 @@ set_flags(Elf *elf, int *pax_flags)
if(!gelf_update_ehdr(elf, &ehdr))
error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
- /*
elf_getphdrnum(elf, &phnum);
for(i=0; i<phnum; ++i)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
- if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
+ if(phdr.p_type == PT_PAX_FLAGS)
{
- printf("CONVERTED -> PT_NULL\n\n");
- phdr.p_type = PT_NULL;
+ //Take and Pp flags and conver them to -
+ if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+ {
+ *pax_flags ^= PF_PAGEEXEC;
+ *pax_flags ^= PF_NOPAGEEXEC;
+ }
+
+ if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+ {
+ *pax_flags ^= PF_SEGMEXEC;
+ *pax_flags ^= PF_NOSEGMEXEC;
+ }
+
+ if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+ {
+ *pax_flags ^= PF_MPROTECT;
+ *pax_flags ^= PF_NOMPROTECT;
+ }
+
+ if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+ {
+ *pax_flags ^= PF_EMUTRAMP;
+ *pax_flags ^= PF_NOEMUTRAMP;
+ }
+
+ if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+ {
+ *pax_flags ^= PF_RANDMMAP;
+ *pax_flags ^= PF_NORANDMMAP;
+ }
+
+ if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+ {
+ *pax_flags ^= PF_RANDEXEC;
+ *pax_flags ^= PF_NORANDEXEC;
+ }
+
+ phdr.p_flags = *pax_flags ;
+
if(!gelf_update_phdr(elf, i, &phdr))
error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
}
- */
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-18 22:48 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-18 22:48 UTC (permalink / raw
To: gentoo-commits
commit: de1da3fd4db48fe47b81be2bbdc7ad66ac609105
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 18 22:48:10 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 18 22:48:10 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=de1da3fd
src/paxctl-ng.c: fix EI_PAX when -Pp etc is given
---
src/fix-gnustack.c | 2 +-
src/paxctl-ng.c | 16 +++++++++++++++-
2 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 6ca7d5b..93aab1c 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -40,7 +40,7 @@ print_help(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Check for, or conditionally remove, executable flag from PT_GNU_STACK\n\n"
- "Usage : %s {[-f] ELF | [-h]}\n"
+ "Usage : %s [-f] ELF | [-h]\n"
"options : Print out protection flags on PT_GNU_STACK\n"
" : -f Remove X if WX flags are set on PT_GNU_STACK\n"
" : -h Print out this help\n",
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 9d6a76e..fd04dec 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -137,7 +137,9 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
compat += 1;
break ;
case 'z':
- *pax_flags = -1;
+ *pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
+ PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
+ PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
compat += 1;
break;
case 'v':
@@ -256,31 +258,43 @@ set_flags(Elf *elf, int *pax_flags)
ei_flags &= ~HF_PAX_PAGEEXEC;
if(*pax_flags & PF_NOPAGEEXEC)
ei_flags |= HF_PAX_PAGEEXEC;
+ if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+ ei_flags &= ~HF_PAX_PAGEEXEC;
if(*pax_flags & PF_SEGMEXEC)
ei_flags &= ~HF_PAX_SEGMEXEC;
if(*pax_flags & PF_NOSEGMEXEC)
ei_flags |= HF_PAX_SEGMEXEC;
+ if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+ ei_flags &= ~HF_PAX_SEGMEXEC;
if(*pax_flags & PF_MPROTECT)
ei_flags &= ~HF_PAX_MPROTECT;
if(*pax_flags & PF_NOMPROTECT)
ei_flags |= HF_PAX_MPROTECT;
+ if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+ ei_flags &= ~HF_PAX_MPROTECT;
if(*pax_flags & PF_EMUTRAMP)
ei_flags |= HF_PAX_EMUTRAMP;
if(*pax_flags & PF_NOEMUTRAMP)
ei_flags &= ~HF_PAX_EMUTRAMP;
+ if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+ ei_flags &= ~HF_PAX_EMUTRAMP;
if(*pax_flags & PF_RANDMMAP)
ei_flags &= ~HF_PAX_RANDMMAP;
if(*pax_flags & PF_NORANDMMAP)
ei_flags |= HF_PAX_RANDMMAP;
+ if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+ ei_flags &= ~HF_PAX_RANDMMAP;
if(*pax_flags & PF_RANDEXEC)
ei_flags |= HF_PAX_RANDEXEC;
if(*pax_flags & PF_NORANDEXEC)
ei_flags &= ~HF_PAX_RANDEXEC;
+ if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+ ei_flags |= HF_PAX_RANDEXEC;
if(gelf_getehdr(elf, &ehdr) != &ehdr)
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 17:30 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 17:30 UTC (permalink / raw
To: gentoo-commits
commit: 61095593e9476fa959646c1ecb5de47205a1ff09
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 17:29:53 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 17:29:53 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=61095593
src/paxctl-ng.c: remove redundand call to gelf_getehdr
---
src/paxctl-ng.c | 3 ---
1 files changed, 0 insertions(+), 3 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index fd04dec..fea0832 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -297,9 +297,6 @@ set_flags(Elf *elf, int *pax_flags)
ei_flags |= HF_PAX_RANDEXEC;
- if(gelf_getehdr(elf, &ehdr) != &ehdr)
- error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
ehdr.e_ident[EI_PAX] = (uint8_t)ei_flags ;
ehdr.e_ident[EI_PAX + 1] = (uint8_t)(ei_flags >> 8) ;
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 17:58 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 17:58 UTC (permalink / raw
To: gentoo-commits
commit: 83957c336a4cff7d5a8278f21b47b5486d968041
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 17:57:55 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 17:57:55 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=83957c33
src/paxctl-ng.c: fix PT_PAX flag setting
---
src/paxctl-ng.c | 99 ++++++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 84 insertions(+), 15 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index fea0832..c565ffa 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -254,6 +254,7 @@ set_flags(Elf *elf, int *pax_flags)
ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
+ //PAGEEXEC
if(*pax_flags & PF_PAGEEXEC)
ei_flags &= ~HF_PAX_PAGEEXEC;
if(*pax_flags & PF_NOPAGEEXEC)
@@ -261,6 +262,7 @@ set_flags(Elf *elf, int *pax_flags)
if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
ei_flags &= ~HF_PAX_PAGEEXEC;
+ //SEGMEXEC
if(*pax_flags & PF_SEGMEXEC)
ei_flags &= ~HF_PAX_SEGMEXEC;
if(*pax_flags & PF_NOSEGMEXEC)
@@ -268,6 +270,7 @@ set_flags(Elf *elf, int *pax_flags)
if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
ei_flags &= ~HF_PAX_SEGMEXEC;
+ //MPROTECT
if(*pax_flags & PF_MPROTECT)
ei_flags &= ~HF_PAX_MPROTECT;
if(*pax_flags & PF_NOMPROTECT)
@@ -275,6 +278,7 @@ set_flags(Elf *elf, int *pax_flags)
if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
ei_flags &= ~HF_PAX_MPROTECT;
+ //EMUTRAMP
if(*pax_flags & PF_EMUTRAMP)
ei_flags |= HF_PAX_EMUTRAMP;
if(*pax_flags & PF_NOEMUTRAMP)
@@ -282,6 +286,7 @@ set_flags(Elf *elf, int *pax_flags)
if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
ei_flags &= ~HF_PAX_EMUTRAMP;
+ //RANDMMAP
if(*pax_flags & PF_RANDMMAP)
ei_flags &= ~HF_PAX_RANDMMAP;
if(*pax_flags & PF_NORANDMMAP)
@@ -289,6 +294,7 @@ set_flags(Elf *elf, int *pax_flags)
if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
ei_flags &= ~HF_PAX_RANDMMAP;
+ //RANDEXEC
if(*pax_flags & PF_RANDEXEC)
ei_flags |= HF_PAX_RANDEXEC;
if(*pax_flags & PF_NORANDEXEC)
@@ -311,45 +317,108 @@ set_flags(Elf *elf, int *pax_flags)
if(phdr.p_type == PT_PAX_FLAGS)
{
- //Take and Pp flags and conver them to -
+ //PAGEEXEC
+ if(*pax_flags & PF_PAGEEXEC)
+ {
+ phdr.p_flags |= PF_PAGEEXEC;
+ phdr.p_flags &= ~PF_NOPAGEEXEC;
+ }
+ if(*pax_flags & PF_NOPAGEEXEC)
+ {
+ phdr.p_flags &= ~PF_PAGEEXEC;
+ phdr.p_flags |= PF_NOPAGEEXEC;
+ }
if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
{
- *pax_flags ^= PF_PAGEEXEC;
- *pax_flags ^= PF_NOPAGEEXEC;
+ phdr.p_flags &= ~PF_PAGEEXEC;
+ phdr.p_flags &= ~PF_NOPAGEEXEC;
}
+ //SEGMEXEC
+ if(*pax_flags & PF_SEGMEXEC)
+ {
+ phdr.p_flags |= PF_SEGMEXEC;
+ phdr.p_flags &= ~PF_NOSEGMEXEC;
+ }
+ if(*pax_flags & PF_NOSEGMEXEC)
+ {
+ phdr.p_flags &= ~PF_SEGMEXEC;
+ phdr.p_flags |= PF_NOSEGMEXEC;
+ }
if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
{
- *pax_flags ^= PF_SEGMEXEC;
- *pax_flags ^= PF_NOSEGMEXEC;
+ phdr.p_flags &= ~PF_SEGMEXEC;
+ phdr.p_flags &= ~PF_NOSEGMEXEC;
}
+ //MPROTECT
+ if(*pax_flags & PF_MPROTECT)
+ {
+ phdr.p_flags |= PF_MPROTECT;
+ phdr.p_flags &= ~PF_NOMPROTECT;
+ }
+ if(*pax_flags & PF_NOMPROTECT)
+ {
+ phdr.p_flags &= ~PF_MPROTECT;
+ phdr.p_flags |= PF_NOMPROTECT;
+ }
if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
{
- *pax_flags ^= PF_MPROTECT;
- *pax_flags ^= PF_NOMPROTECT;
+ phdr.p_flags &= ~PF_MPROTECT;
+ phdr.p_flags &= ~PF_NOMPROTECT;
}
+ //EMUTRAMP
+ if(*pax_flags & PF_EMUTRAMP)
+ {
+ phdr.p_flags |= PF_EMUTRAMP;
+ phdr.p_flags &= ~PF_NOEMUTRAMP;
+ }
+ if(*pax_flags & PF_NOEMUTRAMP)
+ {
+ phdr.p_flags &= ~PF_EMUTRAMP;
+ phdr.p_flags |= PF_NOEMUTRAMP;
+ }
if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
{
- *pax_flags ^= PF_EMUTRAMP;
- *pax_flags ^= PF_NOEMUTRAMP;
+ phdr.p_flags &= ~PF_EMUTRAMP;
+ phdr.p_flags &= ~PF_NOEMUTRAMP;
}
+ //RANDMMAP
+ if(*pax_flags & PF_RANDMMAP)
+ {
+ phdr.p_flags |= PF_RANDMMAP;
+ phdr.p_flags &= ~PF_NORANDMMAP;
+ }
+ if(*pax_flags & PF_NORANDMMAP)
+ {
+ phdr.p_flags &= ~PF_RANDMMAP;
+ phdr.p_flags |= PF_NORANDMMAP;
+ }
if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
{
- *pax_flags ^= PF_RANDMMAP;
- *pax_flags ^= PF_NORANDMMAP;
+ phdr.p_flags &= ~PF_RANDMMAP;
+ phdr.p_flags &= ~PF_NORANDMMAP;
}
+ //RANDEXEC
+ if(*pax_flags & PF_RANDEXEC)
+ {
+ phdr.p_flags |= PF_RANDEXEC;
+ phdr.p_flags &= ~PF_NORANDEXEC;
+ }
+ if(*pax_flags & PF_NORANDEXEC)
+ {
+ phdr.p_flags &= ~PF_RANDEXEC;
+ phdr.p_flags |= PF_NORANDEXEC;
+ }
if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
{
- *pax_flags ^= PF_RANDEXEC;
- *pax_flags ^= PF_NORANDEXEC;
+ phdr.p_flags &= ~PF_RANDEXEC;
+ phdr.p_flags &= ~PF_NORANDEXEC;
}
- phdr.p_flags = *pax_flags ;
-
if(!gelf_update_phdr(elf, i, &phdr))
error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 18:49 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 18:49 UTC (permalink / raw
To: gentoo-commits
commit: 0eec768701b0087fb489a532cb28889280f2509a
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 18:49:37 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 18:49:37 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=0eec7687
src/paxctl-ng.c: removed unused ei_buf[] and pt_buf[]
---
src/paxctl-ng.c | 7 -------
1 files changed, 0 insertions(+), 7 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index c565ffa..5d92d58 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -237,18 +237,11 @@ void
set_flags(Elf *elf, int *pax_flags)
{
GElf_Ehdr ehdr;
- char ei_buf[BUF_SIZE];
uint16_t ei_flags;
GElf_Phdr phdr;
- char pt_buf[BUF_SIZE];
- uint16_t pt_flags;
- char found_pt_pax;
size_t i, phnum;
- memset(ei_buf, 0, BUF_SIZE);
- memset(pt_buf, 0, BUF_SIZE);
-
if(gelf_getehdr(elf, &ehdr) != &ehdr)
error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-10-18 22:48 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-10-18 22:48 UTC (permalink / raw
To: gentoo-commits
commit: e51a1cb0fe4635751e74683f43b0093049700b97
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 18 22:48:33 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Oct 18 22:48:33 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=e51a1cb0
src/paxctl-ng.c: add XT_PAX flag support
---
src/paxctl-ng.c | 375 ++++++++++++++++++++++++++++++++++++-------------------
1 files changed, 246 insertions(+), 129 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 9114d4e..f5d9048 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -24,6 +24,7 @@
#include <libgen.h>
#include <gelf.h>
+#include <attr/xattr.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -32,6 +33,10 @@
#include <config.h>
+
+#define PAX_NAMESPACE "trusted.pax"
+#define BUF_SIZE 7
+
void
print_help(char *v)
{
@@ -61,7 +66,7 @@ print_help(char *v)
char *
-parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
+parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
{
int i, oc;
int compat;
@@ -151,174 +156,285 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
}
-#define BUF_SIZE 7
-
-void
-print_flags(Elf *elf)
+uint16_t
+read_pt_flags(Elf *elf)
{
GElf_Phdr phdr;
- char pt_buf[BUF_SIZE];
- char found_pt_pax;
size_t i, phnum;
- memset(pt_buf, 0, BUF_SIZE);
+ uint16_t pt_flags;
+ char found_pt_pax;
found_pt_pax = 0;
elf_getphdrnum(elf, &phnum);
- for(i=0; i<phnum; ++i)
+
+ for(i=0; i<phnum; i++)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+
if(phdr.p_type == PT_PAX_FLAGS)
{
found_pt_pax = 1;
+ pt_flags = phdr.p_flags;
+ }
+ }
- pt_buf[0] = phdr.p_flags & PF_PAGEEXEC ? 'P' :
- phdr.p_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+ if(!found_pt_pax)
+ {
+ printf("PT_PAX: not found\n");
+ pt_flags = UINT16_MAX;
+ }
- pt_buf[1] = phdr.p_flags & PF_SEGMEXEC ? 'S' :
- phdr.p_flags & PF_NOSEGMEXEC ? 's' : '-';
+ return pt_flags;
+}
- pt_buf[2] = phdr.p_flags & PF_MPROTECT ? 'M' :
- phdr.p_flags & PF_NOMPROTECT ? 'm' : '-';
- pt_buf[3] = phdr.p_flags & PF_EMUTRAMP ? 'E' :
- phdr.p_flags & PF_NOEMUTRAMP ? 'e' : '-';
+uint16_t
+read_xt_flags(int fd)
+{
+ uint16_t xt_flags;
- pt_buf[4] = phdr.p_flags & PF_RANDMMAP ? 'R' :
- phdr.p_flags & PF_NORANDMMAP ? 'r' : '-';
+ if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1)
+ {
- pt_buf[5] = phdr.p_flags & PF_RANDEXEC ? 'X' :
- phdr.p_flags & PF_NORANDEXEC ? 'x' : '-';
+ // ERANGE = xattrs supported, PAX_NAMESPACE present, but wrong size
+ // ENOATTR = xattrs supported, PAX_NAMESPACE not present
+ if(errno == ERANGE || errno == ENOATTR)
+ {
+ printf("XT_PAX: creating/repairing flags\n");
+ xt_flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
+ {
+ if(errno == ENOSPC || errno == EDQUOT)
+ printf("XT_PAX: access error\n");
+ if(errno == ENOTSUP)
+ printf("XT_PAX: not supported\n");
+ }
+ }
+
+ // ENOTSUP = xattrs not supported
+ if(errno == ENOTSUP)
+ {
+ xt_flags = UINT16_MAX; //invalid value
+ printf("XT_PAX: not supported\n");
}
}
- if(found_pt_pax)
- printf("PT_PAX: %s\n", pt_buf);
- else
- printf("PT_PAX: not found\n");
+ return xt_flags;
+}
+
+
+void
+bin2string(uint16_t flags, char *buf)
+{
+ buf[0] = flags & PF_PAGEEXEC ? 'P' :
+ flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+
+ buf[1] = flags & PF_SEGMEXEC ? 'S' :
+ flags & PF_NOSEGMEXEC ? 's' : '-';
+
+ buf[2] = flags & PF_MPROTECT ? 'M' :
+ flags & PF_NOMPROTECT ? 'm' : '-';
+
+ buf[3] = flags & PF_EMUTRAMP ? 'E' :
+ flags & PF_NOEMUTRAMP ? 'e' : '-';
+
+ buf[4] = flags & PF_RANDMMAP ? 'R' :
+ flags & PF_NORANDMMAP ? 'r' : '-';
+
+ buf[5] = flags & PF_RANDEXEC ? 'X' :
+ flags & PF_NORANDEXEC ? 'x' : '-';
+}
+
+
+void
+print_flags(int fd, Elf *elf)
+{
+ uint16_t flags;
+ char buf[BUF_SIZE];
+
+ flags = read_pt_flags(elf);
+ if( flags != UINT16_MAX )
+ {
+ memset(buf, 0, BUF_SIZE);
+ bin2string(flags, buf);
+ printf("PT_PAX: %s\n", buf);
+ }
+
+ flags = read_xt_flags(fd);
+ if( flags != UINT16_MAX )
+ {
+ memset(buf, 0, BUF_SIZE);
+ bin2string(flags, buf);
+ printf("XT_PAX: %s\n", buf);
+ }
+}
+
+
+
+uint16_t
+new_flags(uint16_t flags, uint16_t pax_flags)
+{
+ //PAGEEXEC
+ if(pax_flags & PF_PAGEEXEC)
+ {
+ flags |= PF_PAGEEXEC;
+ flags &= ~PF_NOPAGEEXEC;
+ }
+ if(pax_flags & PF_NOPAGEEXEC)
+ {
+ flags &= ~PF_PAGEEXEC;
+ flags |= PF_NOPAGEEXEC;
+ }
+ if((pax_flags & PF_PAGEEXEC) && (pax_flags & PF_NOPAGEEXEC))
+ {
+ flags &= ~PF_PAGEEXEC;
+ flags &= ~PF_NOPAGEEXEC;
+ }
+
+ //SEGMEXEC
+ if(pax_flags & PF_SEGMEXEC)
+ {
+ flags |= PF_SEGMEXEC;
+ flags &= ~PF_NOSEGMEXEC;
+ }
+ if(pax_flags & PF_NOSEGMEXEC)
+ {
+ flags &= ~PF_SEGMEXEC;
+ flags |= PF_NOSEGMEXEC;
+ }
+ if((pax_flags & PF_SEGMEXEC) && (pax_flags & PF_NOSEGMEXEC))
+ {
+ flags &= ~PF_SEGMEXEC;
+ flags &= ~PF_NOSEGMEXEC;
+ }
+
+ //MPROTECT
+ if(pax_flags & PF_MPROTECT)
+ {
+ flags |= PF_MPROTECT;
+ flags &= ~PF_NOMPROTECT;
+ }
+ if(pax_flags & PF_NOMPROTECT)
+ {
+ flags &= ~PF_MPROTECT;
+ flags |= PF_NOMPROTECT;
+ }
+ if((pax_flags & PF_MPROTECT) && (pax_flags & PF_NOMPROTECT))
+ {
+ flags &= ~PF_MPROTECT;
+ flags &= ~PF_NOMPROTECT;
+ }
+
+ //EMUTRAMP
+ if(pax_flags & PF_EMUTRAMP)
+ {
+ flags |= PF_EMUTRAMP;
+ flags &= ~PF_NOEMUTRAMP;
+ }
+ if(pax_flags & PF_NOEMUTRAMP)
+ {
+ flags &= ~PF_EMUTRAMP;
+ flags |= PF_NOEMUTRAMP;
+ }
+ if((pax_flags & PF_EMUTRAMP) && (pax_flags & PF_NOEMUTRAMP))
+ {
+ flags &= ~PF_EMUTRAMP;
+ flags &= ~PF_NOEMUTRAMP;
+ }
+
+ //RANDMMAP
+ if(pax_flags & PF_RANDMMAP)
+ {
+ flags |= PF_RANDMMAP;
+ flags &= ~PF_NORANDMMAP;
+ }
+ if(pax_flags & PF_NORANDMMAP)
+ {
+ flags &= ~PF_RANDMMAP;
+ flags |= PF_NORANDMMAP;
+ }
+ if((pax_flags & PF_RANDMMAP) && (pax_flags & PF_NORANDMMAP))
+ {
+ flags &= ~PF_RANDMMAP;
+ flags &= ~PF_NORANDMMAP;
+ }
+
+ //RANDEXEC
+ if(pax_flags & PF_RANDEXEC)
+ {
+ flags |= PF_RANDEXEC;
+ flags &= ~PF_NORANDEXEC;
+ }
+ if(pax_flags & PF_NORANDEXEC)
+ {
+ flags &= ~PF_RANDEXEC;
+ flags |= PF_NORANDEXEC;
+ }
+ if((pax_flags & PF_RANDEXEC) && (pax_flags & PF_NORANDEXEC))
+ {
+ flags &= ~PF_RANDEXEC;
+ flags &= ~PF_NORANDEXEC;
+ }
+
+ return flags;
}
void
-set_flags(Elf *elf, int *pax_flags)
+set_pt_flags(Elf *elf, uint16_t pt_flags)
{
GElf_Phdr phdr;
size_t i, phnum;
elf_getphdrnum(elf, &phnum);
- for(i=0; i<phnum; ++i)
+
+ for(i=0; i<phnum; i++)
{
if(gelf_getphdr(elf, i, &phdr) != &phdr)
error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
if(phdr.p_type == PT_PAX_FLAGS)
{
- //PAGEEXEC
- if(*pax_flags & PF_PAGEEXEC)
- {
- phdr.p_flags |= PF_PAGEEXEC;
- phdr.p_flags &= ~PF_NOPAGEEXEC;
- }
- if(*pax_flags & PF_NOPAGEEXEC)
- {
- phdr.p_flags &= ~PF_PAGEEXEC;
- phdr.p_flags |= PF_NOPAGEEXEC;
- }
- if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
- {
- phdr.p_flags &= ~PF_PAGEEXEC;
- phdr.p_flags &= ~PF_NOPAGEEXEC;
- }
+ phdr.p_flags = pt_flags;
+ if(!gelf_update_phdr(elf, i, &phdr))
+ error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ }
+ }
+}
- //SEGMEXEC
- if(*pax_flags & PF_SEGMEXEC)
- {
- phdr.p_flags |= PF_SEGMEXEC;
- phdr.p_flags &= ~PF_NOSEGMEXEC;
- }
- if(*pax_flags & PF_NOSEGMEXEC)
- {
- phdr.p_flags &= ~PF_SEGMEXEC;
- phdr.p_flags |= PF_NOSEGMEXEC;
- }
- if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
- {
- phdr.p_flags &= ~PF_SEGMEXEC;
- phdr.p_flags &= ~PF_NOSEGMEXEC;
- }
- //MPROTECT
- if(*pax_flags & PF_MPROTECT)
- {
- phdr.p_flags |= PF_MPROTECT;
- phdr.p_flags &= ~PF_NOMPROTECT;
- }
- if(*pax_flags & PF_NOMPROTECT)
- {
- phdr.p_flags &= ~PF_MPROTECT;
- phdr.p_flags |= PF_NOMPROTECT;
- }
- if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
- {
- phdr.p_flags &= ~PF_MPROTECT;
- phdr.p_flags &= ~PF_NOMPROTECT;
- }
+void
+set_xt_flags(int fd, uint16_t xt_flags)
+{
+ if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
+ {
+ if(errno == ENOSPC || errno == EDQUOT)
+ printf("XT_PAX: access error\n");
+ if(errno == ENOTSUP)
+ printf("XT_PAX: not supported\n");
+ }
+}
- //EMUTRAMP
- if(*pax_flags & PF_EMUTRAMP)
- {
- phdr.p_flags |= PF_EMUTRAMP;
- phdr.p_flags &= ~PF_NOEMUTRAMP;
- }
- if(*pax_flags & PF_NOEMUTRAMP)
- {
- phdr.p_flags &= ~PF_EMUTRAMP;
- phdr.p_flags |= PF_NOEMUTRAMP;
- }
- if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
- {
- phdr.p_flags &= ~PF_EMUTRAMP;
- phdr.p_flags &= ~PF_NOEMUTRAMP;
- }
- //RANDMMAP
- if(*pax_flags & PF_RANDMMAP)
- {
- phdr.p_flags |= PF_RANDMMAP;
- phdr.p_flags &= ~PF_NORANDMMAP;
- }
- if(*pax_flags & PF_NORANDMMAP)
- {
- phdr.p_flags &= ~PF_RANDMMAP;
- phdr.p_flags |= PF_NORANDMMAP;
- }
- if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
- {
- phdr.p_flags &= ~PF_RANDMMAP;
- phdr.p_flags &= ~PF_NORANDMMAP;
- }
+void
+set_flags(int fd, Elf *elf, uint16_t *pax_flags)
+{
+ uint16_t flags;
- //RANDEXEC
- if(*pax_flags & PF_RANDEXEC)
- {
- phdr.p_flags |= PF_RANDEXEC;
- phdr.p_flags &= ~PF_NORANDEXEC;
- }
- if(*pax_flags & PF_NORANDEXEC)
- {
- phdr.p_flags &= ~PF_RANDEXEC;
- phdr.p_flags |= PF_NORANDEXEC;
- }
- if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
- {
- phdr.p_flags &= ~PF_RANDEXEC;
- phdr.p_flags &= ~PF_NORANDEXEC;
- }
+ flags = read_pt_flags(elf);
+ if( flags != UINT16_MAX )
+ {
+ flags = new_flags( flags, *pax_flags);
+ set_pt_flags(elf, flags);
+ }
- if(!gelf_update_phdr(elf, i, &phdr))
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
- }
+ flags = read_xt_flags(fd);
+ if( flags != UINT16_MAX )
+ {
+ flags = new_flags( flags, *pax_flags);
+ set_xt_flags(fd, flags);
}
}
@@ -327,7 +443,8 @@ int
main( int argc, char *argv[])
{
int fd;
- int pax_flags, view_flags;
+ uint16_t pax_flags;
+ int view_flags;
char *f_name;
Elf *elf;
@@ -347,10 +464,10 @@ main( int argc, char *argv[])
error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
if(pax_flags != 0)
- set_flags(elf, &pax_flags);
+ set_flags(fd, elf, &pax_flags);
if(view_flags == 1)
- print_flags(elf);
+ print_flags(fd, elf);
elf_end(elf);
close(fd);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-10-22 19:51 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-10-22 19:51 UTC (permalink / raw
To: gentoo-commits
commit: 3756d21245b0876cd7cae0252df1a87e2b1a0cdc
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 22 19:51:25 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 22 19:51:25 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=3756d212
src/paxctl-ng.c: create and copy XT_PAX flags
---
src/paxctl-ng.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
1 files changed, 46 insertions(+), 3 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index b77b6f8..2b0946a 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -74,7 +74,7 @@ print_help(char *v)
char *
-parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
+parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_flags)
{
int i, oc;
int compat, solitaire;
@@ -83,6 +83,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
solitaire = 0;
*pax_flags = 0;
*view_flags = 0;
+ *cp_flags = 0;
while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
switch(oc)
{
@@ -147,15 +148,19 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
break;
case 'C':
solitaire += 1;
+ *cp_flags = 1;
break;
case 'c':
solitaire += 1;
+ *cp_flags = 2;
break;
case 'F':
solitaire += 1;
+ *cp_flags = 3;
break;
case 'f':
solitaire += 1;
+ *cp_flags = 4;
break;
case 'v':
*view_flags = 1;
@@ -464,19 +469,57 @@ set_flags(int fd, uint16_t *pax_flags)
}
+void
+create_xt_flag(fd, cp_flags)
+{
+ uint16_t xt_flags;
+
+ if(cp_flags == 1)
+ xt_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
+ PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+ else if(cp_flags == 2)
+ xt_flags = 0;
+
+ fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_CREATE);
+}
+
+
+void
+copy_xt_flag(fd, cp_flags)
+{
+ uint16_t flags;
+ if(cp_flags == 3)
+ {
+ flags = get_pt_flags(fd);
+ set_xt_flags(fd, flags);
+ }
+ else if(cp_flags == 4)
+ {
+ flags = get_xt_flags(fd);
+ set_pt_flags(fd, flags);
+ }
+}
+
+
int
main( int argc, char *argv[])
{
const char *f_name;
int fd;
uint16_t flags;
- int view_flags;
+ int view_flags, cp_flags;
- f_name = parse_cmd_args(argc, argv, &flags, &view_flags);
+ f_name = parse_cmd_args(argc, argv, &flags, &view_flags, &cp_flags);
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
+ if(cp_flags == 1 || cp_flags == 2)
+ create_xt_flag(fd, cp_flags);
+
+ if(cp_flags == 3 || cp_flags == 4)
+ copy_xt_flag(fd, cp_flags);
+
if(flags != 1)
set_flags(fd, &flags);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 12:33 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 12:33 UTC (permalink / raw
To: gentoo-commits
commit: d632f1a385d1295c5bdb25cdc0a3e6a31d01e7a9
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 12:32:54 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov 3 12:32:54 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d632f1a3
src/paxctl-ng.c: #defined values for cp_flags
---
src/paxctl-ng.c | 27 +++++++++++++++++----------
1 files changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d3ddb2f..94dea09 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -37,6 +37,11 @@
#define PAX_NAMESPACE "user.pax"
#define BUF_SIZE 7
+#define CREATE_XT_FLAGS_SECURE 1
+#define CREATE_XT_FLAGS_DEFAULT 2
+#define COPY_PT_TO_XT_FLAGS 3
+#define COPY_XT_TO_PT_FLAGS 4
+
void
print_help(char *v)
{
@@ -85,6 +90,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
*view_flags = 0;
*cp_flags = 0;
while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+ {
switch(oc)
{
case 'P':
@@ -148,19 +154,19 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
break;
case 'C':
solitaire += 1;
- *cp_flags = 1;
+ *cp_flags = CREATE_XT_FLAGS_SECURE;
break;
case 'c':
solitaire += 1;
- *cp_flags = 2;
+ *cp_flags = CREATE_XT_FLAGS_DEFAULT;
break;
case 'F':
solitaire += 1;
- *cp_flags = 3;
+ *cp_flags = COPY_PT_TO_XT_FLAGS;
break;
case 'f':
solitaire += 1;
- *cp_flags = 4;
+ *cp_flags = COPY_XT_TO_PT_FLAGS;
break;
case 'v':
*view_flags = 1;
@@ -172,6 +178,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
default:
error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
}
+ }
if
(
@@ -509,11 +516,11 @@ main( int argc, char *argv[])
{
const char *f_name;
int fd;
- uint16_t flags;
+ uint16_t pax_flags;
int view_flags, cp_flags;
int rdwr_pt_pax = 1;
- f_name = parse_cmd_args(argc, argv, &flags, &view_flags, &cp_flags);
+ f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags);
if((fd = open(f_name, O_RDWR)) < 0)
{
@@ -523,14 +530,14 @@ main( int argc, char *argv[])
error(EXIT_FAILURE, 0, "open() failed");
}
- if(cp_flags == 1 || cp_flags == 2)
+ if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
create_xt_flags(fd, cp_flags);
- if(cp_flags == 3 || (cp_flags == 4 && rdwr_pt_pax))
+ if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
copy_xt_flags(fd, cp_flags);
- if(flags != 1)
- set_flags(fd, &flags, rdwr_pt_pax);
+ if(pax_flags != 1)
+ set_flags(fd, &pax_flags, rdwr_pt_pax);
if(view_flags == 1)
print_flags(fd);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 18:16 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 18:16 UTC (permalink / raw
To: gentoo-commits
commit: 490d000a2d2538ca44cf9647e326caa15958e07e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 18:16:31 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov 3 18:16:31 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=490d000a
src/paxctl-ng.c: added file globbing
---
src/paxctl-ng.c | 119 +++++++++++++++++++++++++++++++++----------------------
1 files changed, 71 insertions(+), 48 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 94dea09..bc1933b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -35,7 +35,8 @@
#define PAX_NAMESPACE "user.pax"
-#define BUF_SIZE 7
+#define BUF_SIZE 8
+#define FILE_NAME_SIZE 32768
#define CREATE_XT_FLAGS_SECURE 1
#define CREATE_XT_FLAGS_DEFAULT 2
@@ -43,7 +44,7 @@
#define COPY_XT_TO_PT_FLAGS 4
void
-print_help(char *v)
+print_help_exit(char *v)
{
printf(
"\n"
@@ -78,8 +79,9 @@ print_help(char *v)
}
-char *
-parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_flags)
+void
+parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int *cp_flags,
+ int *begin, int *end)
{
int i, oc;
int compat, solitaire;
@@ -89,7 +91,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
*pax_flags = 0;
*view_flags = 0;
*cp_flags = 0;
- while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+ while((oc = getopt(argc, argv,":PpEeMmRrXxSsZzCcFfvh")) != -1)
{
switch(oc)
{
@@ -172,7 +174,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
*view_flags = 1;
break;
case 'h':
- print_help(v[0]);
+ print_help_exit(argv[0]);
break;
case '?':
default:
@@ -180,17 +182,16 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
}
}
- if
- (
- (
- (compat == 1 && solitaire == 0) ||
- (compat == 0 && solitaire == 1) ||
- (compat == 0 && solitaire == 0 && *view_flags == 1)
- ) && v[optind] != NULL
- )
- return v[optind] ;
+ if( ((compat == 1 && solitaire == 0) ||
+ (compat == 0 && solitaire == 1) ||
+ (compat == 0 && solitaire == 0 && *view_flags == 1)
+ ) && argv[optind] != NULL)
+ {
+ *begin = optind;
+ *end = argc;
+ }
else
- print_help(v[0]);
+ print_help_exit(argv[0]);
}
@@ -204,15 +205,22 @@ get_pt_flags(int fd)
uint16_t pt_flags = UINT16_MAX;
if(elf_version(EV_CURRENT) == EV_NONE)
- error(EXIT_FAILURE, 0, "Library out of date.");
+ {
+ printf("\tELF ERROR: Library out of date.\n");
+ return pt_flags;
+ }
if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+ {
+ printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+ return pt_flags;
+ }
if(elf_kind(elf) != ELF_K_ELF)
{
elf_end(elf);
- error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+ printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+ return pt_flags;
}
elf_getphdrnum(elf, &phnum);
@@ -222,7 +230,8 @@ get_pt_flags(int fd)
if(gelf_getphdr(elf, i, &phdr) != &phdr)
{
elf_end(elf);
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+ printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+ return pt_flags;
}
if(phdr.p_type == PT_PAX_FLAGS)
@@ -275,23 +284,25 @@ print_flags(int fd)
flags = get_pt_flags(fd);
if( flags == UINT16_MAX )
- printf("PT_PAX: not found\n");
+ printf("\tPT_PAX: not found\n");
else
{
memset(buf, 0, BUF_SIZE);
bin2string(flags, buf);
- printf("PT_PAX: %s\n", buf);
+ printf("\tPT_PAX: %s\n", buf);
}
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
- printf("XT_PAX: not found\n");
+ printf("\tXT_PAX: not found\n");
else
{
memset(buf, 0, BUF_SIZE);
bin2string(flags, buf);
- printf("XT_PAX: %s\n", buf);
+ printf("\tXT_PAX: %s\n", buf);
}
+
+ printf("\n");
}
@@ -413,15 +424,22 @@ set_pt_flags(int fd, uint16_t pt_flags)
size_t i, phnum;
if(elf_version(EV_CURRENT) == EV_NONE)
- error(EXIT_FAILURE, 0, "Library out of date.");
+ {
+ printf("\tELF ERROR: Library out of date.\n");
+ return;
+ }
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
- error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+ {
+ printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+ return;
+ }
if(elf_kind(elf) != ELF_K_ELF)
{
elf_end(elf);
- error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+ printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+ return;
}
elf_getphdrnum(elf, &phnum);
@@ -431,7 +449,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
if(gelf_getphdr(elf, i, &phdr) != &phdr)
{
elf_end(elf);
- error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+ printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+ return;
}
if(phdr.p_type == PT_PAX_FLAGS)
@@ -441,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags)
if(!gelf_update_phdr(elf, i, &phdr))
{
elf_end(elf);
- error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
}
}
@@ -514,33 +533,37 @@ copy_xt_flags(fd, cp_flags)
int
main( int argc, char *argv[])
{
- const char *f_name;
- int fd;
+ int fd, fi;
uint16_t pax_flags;
- int view_flags, cp_flags;
+ int view_flags, cp_flags, begin, end;
int rdwr_pt_pax = 1;
- f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags);
+ parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags, &begin, &end);
- if((fd = open(f_name, O_RDWR)) < 0)
+ for(fi = begin; fi < end; fi++)
{
- rdwr_pt_pax = 0;
- printf("open(O_RDWR) failed: cannot change PT_PAX flags\n");
- if((fd = open(f_name, O_RDONLY)) < 0)
- error(EXIT_FAILURE, 0, "open() failed");
- }
+ printf("%s:\n", argv[fi]);
- if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
- create_xt_flags(fd, cp_flags);
+ if((fd = open(argv[fi], O_RDWR)) < 0)
+ {
+ rdwr_pt_pax = 0;
+ printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+ if((fd = open(argv[fi], O_RDONLY)) < 0)
+ error(EXIT_FAILURE, 0, "open() failed");
+ }
- if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
- copy_xt_flags(fd, cp_flags);
+ if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
+ create_xt_flags(fd, cp_flags);
- if(pax_flags != 1)
- set_flags(fd, &pax_flags, rdwr_pt_pax);
+ if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
+ copy_xt_flags(fd, cp_flags);
- if(view_flags == 1)
- print_flags(fd);
+ if(pax_flags != 1)
+ set_flags(fd, &pax_flags, rdwr_pt_pax);
- close(fd);
+ if(view_flags == 1)
+ print_flags(fd);
+
+ close(fd);
+ }
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 18:45 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 18:45 UTC (permalink / raw
To: gentoo-commits
commit: 44313c38544af6a6fef8889fbb630bf468093890
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov 3 18:45:38 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov 3 18:45:38 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=44313c38
src/paxctl-ng.c: skip to next file on any error
---
src/paxctl-ng.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index bc1933b..8f5bf62 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -301,8 +301,6 @@ print_flags(int fd)
bin2string(flags, buf);
printf("\tXT_PAX: %s\n", buf);
}
-
- printf("\n");
}
@@ -549,7 +547,10 @@ main( int argc, char *argv[])
rdwr_pt_pax = 0;
printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
if((fd = open(argv[fi], O_RDONLY)) < 0)
- error(EXIT_FAILURE, 0, "open() failed");
+ {
+ printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+ continue;
+ }
}
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
@@ -565,5 +566,7 @@ main( int argc, char *argv[])
print_flags(fd);
close(fd);
+
+ printf("\n");
}
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-15 16:07 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-15 16:07 UTC (permalink / raw
To: gentoo-commits
commit: 838bf16eef6d92fc46279cc07b9be2dbe4909ce2
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 16:07:15 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 16:07:15 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=838bf16e
src/{fix-gnustack.c,paxctl-ng.c}: fix exit code
---
src/fix-gnustack.c | 2 ++
src/paxctl-ng.c | 2 ++
2 files changed, 4 insertions(+), 0 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 8a43551..15e23e0 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -139,4 +139,6 @@ main( int argc, char *argv[])
elf_end(elf);
close(fd);
+
+ exit(EXIT_SUCCESS);
}
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 8f5bf62..5527e40 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -569,4 +569,6 @@ main( int argc, char *argv[])
printf("\n");
}
+
+ exit(EXIT_SUCCESS);
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-27 0:26 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-27 0:26 UTC (permalink / raw
To: gentoo-commits
commit: 43c2929f6a7e29a32cc812f3974857fc08544dd7
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 27 00:26:27 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 00:26:27 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=43c2929f
src/paxctl-ng.c: build with/without xattr support
---
src/paxctl-ng.c | 28 +++++++++++++++++++++++++---
1 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5527e40..427281b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -24,7 +24,10 @@
#include <libgen.h>
#include <gelf.h>
+
+#ifdef XATTR
#include <attr/xattr.h>
+#endif
#include <sys/types.h>
#include <sys/stat.h>
@@ -33,15 +36,16 @@
#include <config.h>
-
+#ifdef XATTR
#define PAX_NAMESPACE "user.pax"
-#define BUF_SIZE 8
-#define FILE_NAME_SIZE 32768
#define CREATE_XT_FLAGS_SECURE 1
#define CREATE_XT_FLAGS_DEFAULT 2
#define COPY_PT_TO_XT_FLAGS 3
#define COPY_XT_TO_PT_FLAGS 4
+#endif
+
+#define BUF_SIZE 8
void
print_help_exit(char *v)
@@ -53,7 +57,9 @@ print_help_exit(char *v)
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
"Usage : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF\n"
+#ifdef XATTR
" : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
+#endif
" : %s -v ELF | -h\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
" : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
@@ -62,10 +68,12 @@ print_help_exit(char *v)
" : -R enable RANDMMAP\t-r disable RANDMMAP\n"
" : -X enable RANDEXEC\t-x disable RANDEXEC\n"
" : -Z most secure settings\t-z all default settings\n"
+#ifdef XATTR
" : -C create XT_PAX with most secure setting\n"
" : -c create XT_PAX all default settings\n"
" : -F copy PT_PAX to XT_PAX\n"
" : -f copy XT_PAX to PT_PAX\n"
+#endif
" : -v view the flags, along with any accompanying operation\n"
" : -h print out this help\n\n"
"Note : If both enabling and disabling flags are set, the default - is used\n\n",
@@ -154,6 +162,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
solitaire += 1;
break;
+#ifdef XATTR
case 'C':
solitaire += 1;
*cp_flags = CREATE_XT_FLAGS_SECURE;
@@ -170,6 +179,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
solitaire += 1;
*cp_flags = COPY_XT_TO_PT_FLAGS;
break;
+#endif
case 'v':
*view_flags = 1;
break;
@@ -243,6 +253,7 @@ get_pt_flags(int fd)
}
+#ifdef XATTR
uint16_t
get_xt_flags(int fd)
{
@@ -251,6 +262,7 @@ get_xt_flags(int fd)
fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
return xt_flags;
}
+#endif
void
@@ -292,6 +304,7 @@ print_flags(int fd)
printf("\tPT_PAX: %s\n", buf);
}
+#ifdef XATTR
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
printf("\tXT_PAX: not found\n");
@@ -301,6 +314,7 @@ print_flags(int fd)
bin2string(flags, buf);
printf("\tXT_PAX: %s\n", buf);
}
+#endif
}
@@ -467,11 +481,13 @@ set_pt_flags(int fd, uint16_t pt_flags)
}
+#ifdef XATTR
void
set_xt_flags(int fd, uint16_t xt_flags)
{
fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_REPLACE);
}
+#endif
void
@@ -488,14 +504,17 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
set_pt_flags(fd, flags);
}
+#ifdef XATTR
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
flags = update_flags( flags, *pax_flags);
set_xt_flags(fd, flags);
+#endif
}
+#ifdef XATTR
void
create_xt_flags(fd, cp_flags)
{
@@ -526,6 +545,7 @@ copy_xt_flags(fd, cp_flags)
set_pt_flags(fd, flags);
}
}
+#endif
int
@@ -553,11 +573,13 @@ main( int argc, char *argv[])
}
}
+#ifdef XATTR
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
create_xt_flags(fd, cp_flags);
if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
copy_xt_flags(fd, cp_flags);
+#endif
if(pax_flags != 1)
set_flags(fd, &pax_flags, rdwr_pt_pax);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-27 0:59 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-27 0:59 UTC (permalink / raw
To: gentoo-commits
commit: 389a4e631f3877ac7f06ee1667faeccab1b7fdbd
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 27 00:59:24 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 00:59:24 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=389a4e63
src/paxctl-ng.c: made verbosity more consistant
---
src/paxctl-ng.c | 89 ++++++++++++++++++++++++++++++++----------------------
1 files changed, 53 insertions(+), 36 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 427281b..5700b98 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -56,7 +56,7 @@ print_help_exit(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF\n"
+ "Usage : %s -PpSsMmEeRrXxv ELF | -Zv ELF | -zv ELF\n"
#ifdef XATTR
" : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
#endif
@@ -88,7 +88,7 @@ print_help_exit(char *v)
void
-parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int *cp_flags,
+parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *cp_flags,
int *begin, int *end)
{
int i, oc;
@@ -97,9 +97,13 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
compat = 0;
solitaire = 0;
*pax_flags = 0;
- *view_flags = 0;
+ *verbose = 0;
*cp_flags = 0;
- while((oc = getopt(argc, argv,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+#ifdef XATTR
+ while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzCcFfvh")) != -1)
+#else
+ while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzvh")) != -1)
+#endif
{
switch(oc)
{
@@ -181,7 +185,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
break;
#endif
case 'v':
- *view_flags = 1;
+ *verbose = 1;
break;
case 'h':
print_help_exit(argv[0]);
@@ -194,7 +198,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
if( ((compat == 1 && solitaire == 0) ||
(compat == 0 && solitaire == 1) ||
- (compat == 0 && solitaire == 0 && *view_flags == 1)
+ (compat == 0 && solitaire == 0 && *verbose == 1)
) && argv[optind] != NULL)
{
*begin = optind;
@@ -206,7 +210,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
uint16_t
-get_pt_flags(int fd)
+get_pt_flags(int fd, int verbose)
{
Elf *elf;
GElf_Phdr phdr;
@@ -216,20 +220,23 @@ get_pt_flags(int fd)
if(elf_version(EV_CURRENT) == EV_NONE)
{
- printf("\tELF ERROR: Library out of date.\n");
+ if(verbose)
+ printf("\tELF ERROR: Library out of date.\n");
return pt_flags;
}
if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
{
- printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+ if(verbose)
+ printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
return pt_flags;
}
if(elf_kind(elf) != ELF_K_ELF)
{
elf_end(elf);
- printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+ if(verbose)
+ printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
return pt_flags;
}
@@ -240,7 +247,8 @@ get_pt_flags(int fd)
if(gelf_getphdr(elf, i, &phdr) != &phdr)
{
elf_end(elf);
- printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+ if(verbose)
+ printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
return pt_flags;
}
@@ -289,12 +297,12 @@ bin2string(uint16_t flags, char *buf)
void
-print_flags(int fd)
+print_flags(int fd, int verbose)
{
uint16_t flags;
char buf[BUF_SIZE];
- flags = get_pt_flags(fd);
+ flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
printf("\tPT_PAX: not found\n");
else
@@ -429,7 +437,7 @@ update_flags(uint16_t flags, uint16_t pax_flags)
void
-set_pt_flags(int fd, uint16_t pt_flags)
+set_pt_flags(int fd, uint16_t pt_flags, int verbose)
{
Elf *elf;
GElf_Phdr phdr;
@@ -437,20 +445,23 @@ set_pt_flags(int fd, uint16_t pt_flags)
if(elf_version(EV_CURRENT) == EV_NONE)
{
- printf("\tELF ERROR: Library out of date.\n");
+ if(verbose)
+ printf("\tELF ERROR: Library out of date.\n");
return;
}
if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
{
- printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+ if(verbose)
+ printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
return;
}
if(elf_kind(elf) != ELF_K_ELF)
{
elf_end(elf);
- printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+ if(verbose)
+ printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
return;
}
@@ -461,7 +472,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
if(gelf_getphdr(elf, i, &phdr) != &phdr)
{
elf_end(elf);
- printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+ if(verbose)
+ printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
return;
}
@@ -472,7 +484,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
if(!gelf_update_phdr(elf, i, &phdr))
{
elf_end(elf);
- printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+ if(verbose)
+ printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
}
}
}
@@ -491,17 +504,17 @@ set_xt_flags(int fd, uint16_t xt_flags)
void
-set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
+set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
{
uint16_t flags;
if(rdwr_pt_pax)
{
- flags = get_pt_flags(fd);
+ flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
flags = update_flags( flags, *pax_flags);
- set_pt_flags(fd, flags);
+ set_pt_flags(fd, flags, verbose);
}
#ifdef XATTR
@@ -516,7 +529,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
#ifdef XATTR
void
-create_xt_flags(fd, cp_flags)
+create_xt_flags(int fd, int cp_flags)
{
uint16_t xt_flags;
@@ -531,18 +544,18 @@ create_xt_flags(fd, cp_flags)
void
-copy_xt_flags(fd, cp_flags)
+copy_xt_flags(int fd, int cp_flags, int verbose)
{
uint16_t flags;
if(cp_flags == 3)
{
- flags = get_pt_flags(fd);
+ flags = get_pt_flags(fd, verbose);
set_xt_flags(fd, flags);
}
else if(cp_flags == 4)
{
flags = get_xt_flags(fd);
- set_pt_flags(fd, flags);
+ set_pt_flags(fd, flags, verbose);
}
}
#endif
@@ -553,22 +566,25 @@ main( int argc, char *argv[])
{
int fd, fi;
uint16_t pax_flags;
- int view_flags, cp_flags, begin, end;
+ int verbose, cp_flags, begin, end;
int rdwr_pt_pax = 1;
- parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags, &begin, &end);
+ parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &begin, &end);
for(fi = begin; fi < end; fi++)
{
- printf("%s:\n", argv[fi]);
+ if(verbose)
+ printf("%s:\n", argv[fi]);
if((fd = open(argv[fi], O_RDWR)) < 0)
{
rdwr_pt_pax = 0;
- printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+ if(verbose)
+ printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
if((fd = open(argv[fi], O_RDONLY)) < 0)
{
- printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+ if(verbose)
+ printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
continue;
}
}
@@ -578,18 +594,19 @@ main( int argc, char *argv[])
create_xt_flags(fd, cp_flags);
if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
- copy_xt_flags(fd, cp_flags);
+ copy_xt_flags(fd, cp_flags, verbose);
#endif
if(pax_flags != 1)
- set_flags(fd, &pax_flags, rdwr_pt_pax);
+ set_flags(fd, &pax_flags, rdwr_pt_pax, verbose);
- if(view_flags == 1)
- print_flags(fd);
+ if(verbose == 1)
+ print_flags(fd, verbose);
close(fd);
- printf("\n");
+ if(verbose)
+ printf("\n");
}
exit(EXIT_SUCCESS);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20 9:30 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20 9:30 UTC (permalink / raw
To: gentoo-commits
commit: b77d753f9644ad44699d214119809c0403000ea1
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 09:30:16 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 09:30:16 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b77d753f
src/paxctl-ng.c: remove RANDEXEC completely
---
src/paxctl-ng.c | 48 ++++++++++--------------------------------------
1 files changed, 10 insertions(+), 38 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5700b98..f9667d4 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -56,7 +56,7 @@ print_help_exit(char *v)
"Bug Reports : " PACKAGE_BUGREPORT "\n"
"Program Name : %s\n"
"Description : Get or set pax flags on an ELF object\n\n"
- "Usage : %s -PpSsMmEeRrXxv ELF | -Zv ELF | -zv ELF\n"
+ "Usage : %s -PpSsMmEeRrv ELF | -Zv ELF | -zv ELF\n"
#ifdef XATTR
" : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
#endif
@@ -66,7 +66,6 @@ print_help_exit(char *v)
" : -M enable MPROTECT\t-m disable MPROTECT\n"
" : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
" : -R enable RANDMMAP\t-r disable RANDMMAP\n"
- " : -X enable RANDEXEC\t-x disable RANDEXEC\n"
" : -Z most secure settings\t-z all default settings\n"
#ifdef XATTR
" : -C create XT_PAX with most secure setting\n"
@@ -100,9 +99,9 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
*verbose = 0;
*cp_flags = 0;
#ifdef XATTR
- while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzCcFfvh")) != -1)
+ while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
#else
- while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzvh")) != -1)
+ while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
#endif
{
switch(oc)
@@ -147,23 +146,15 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
*pax_flags |= PF_NORANDMMAP;
compat |= 1;
break ;
- case 'X':
- *pax_flags |= PF_RANDEXEC;
- compat |= 1;
- break;
- case 'x':
- *pax_flags |= PF_NORANDEXEC;
- compat |= 1;
- break ;
case 'Z':
*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
- PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+ PF_NOEMUTRAMP | PF_RANDMMAP ;
solitaire += 1;
break ;
case 'z':
*pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
- PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
+ PF_RANDMMAP | PF_NORANDMMAP ;
solitaire += 1;
break;
#ifdef XATTR
@@ -290,9 +281,6 @@ bin2string(uint16_t flags, char *buf)
buf[4] = flags & PF_RANDMMAP ? 'R' :
flags & PF_NORANDMMAP ? 'r' : '-';
-
- buf[5] = flags & PF_RANDEXEC ? 'X' :
- flags & PF_NORANDEXEC ? 'x' : '-';
}
@@ -415,23 +403,6 @@ update_flags(uint16_t flags, uint16_t pax_flags)
flags &= ~PF_NORANDMMAP;
}
- //RANDEXEC
- if(pax_flags & PF_RANDEXEC)
- {
- flags |= PF_RANDEXEC;
- flags &= ~PF_NORANDEXEC;
- }
- if(pax_flags & PF_NORANDEXEC)
- {
- flags &= ~PF_RANDEXEC;
- flags |= PF_NORANDEXEC;
- }
- if((pax_flags & PF_RANDEXEC) && (pax_flags & PF_NORANDEXEC))
- {
- flags &= ~PF_RANDEXEC;
- flags &= ~PF_NORANDEXEC;
- }
-
return flags;
}
@@ -479,7 +450,8 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
if(phdr.p_type == PT_PAX_FLAGS)
{
- phdr.p_flags = pt_flags;
+ //RANDEXEC is deprecated, we'll force it off like paxctl
+ phdr.p_flags = pt_flags | PF_NORANDEXEC;
if(!gelf_update_phdr(elf, i, &phdr))
{
@@ -512,7 +484,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
{
flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
- flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ flags = PF_NOEMUTRAMP ;
flags = update_flags( flags, *pax_flags);
set_pt_flags(fd, flags, verbose);
}
@@ -520,7 +492,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
#ifdef XATTR
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
- flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+ flags = PF_NOEMUTRAMP ;
flags = update_flags( flags, *pax_flags);
set_xt_flags(fd, flags);
#endif
@@ -535,7 +507,7 @@ create_xt_flags(int fd, int cp_flags)
if(cp_flags == 1)
xt_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
- PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+ PF_NOEMUTRAMP | PF_RANDMMAP ;
else if(cp_flags == 2)
xt_flags = 0;
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20 11:56 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20 11:56 UTC (permalink / raw
To: gentoo-commits
commit: 82c7d49af29da34e186f9bd172708e2db35b738b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 11:56:31 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 11:56:31 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=82c7d49a
src/paxctl-ng.c: switch to string implementation of XT_PAX
---
src/paxctl-ng.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++-------
1 files changed, 50 insertions(+), 8 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index f9667d4..7fa5342 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -37,7 +37,7 @@
#include <config.h>
#ifdef XATTR
-#define PAX_NAMESPACE "user.pax"
+#define PAX_NAMESPACE "user.pax.flags"
#define CREATE_XT_FLAGS_SECURE 1
#define CREATE_XT_FLAGS_DEFAULT 2
@@ -45,7 +45,7 @@
#define COPY_XT_TO_PT_FLAGS 4
#endif
-#define BUF_SIZE 8
+#define FLAGS_SIZE 5
void
print_help_exit(char *v)
@@ -254,11 +254,48 @@ get_pt_flags(int fd, int verbose)
#ifdef XATTR
uint16_t
+string2bin(char *buf)
+{
+ uint16_t flags = 0;
+
+ if( buf[0] = 'P' )
+ flags |= PF_PAGEEXEC;
+ else if( buf[0] = 'p' )
+ flags |= PF_NOPAGEEXEC;
+
+ if( buf[1] = 'S' )
+ flags |= PF_SEGMEXEC;
+ else if( buf[1] = 's' )
+ flags |= PF_NOSEGMEXEC;
+
+ if( buf[2] = 'M' )
+ flags |= PF_MPROTECT;
+ else if( buf[2] = 'm' )
+ flags |= PF_NOMPROTECT;
+
+ if( buf[3] = 'E' )
+ flags |= PF_EMUTRAMP;
+ else if( buf[3] = 'e' )
+ flags |= PF_NORANDMMAP;
+
+ if( buf[4] = 'R' )
+ flags |= PF_RANDMMAP;
+ else if( buf[4] = 'r' )
+ flags |= PF_NORANDMMAP;
+
+ return flags;
+}
+
+
+uint16_t
get_xt_flags(int fd)
{
+ char buf[FLAGS_SIZE];
uint16_t xt_flags = UINT16_MAX;
- fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
+ if(fgetxattr(fd, PAX_NAMESPACE, buf, sizeof(FLAGS_SIZE)) != -1)
+ xt_flags = string2bin(buf);
+
return xt_flags;
}
#endif
@@ -288,14 +325,14 @@ void
print_flags(int fd, int verbose)
{
uint16_t flags;
- char buf[BUF_SIZE];
+ char buf[FLAGS_SIZE];
flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
printf("\tPT_PAX: not found\n");
else
{
- memset(buf, 0, BUF_SIZE);
+ memset(buf, 0, FLAGS_SIZE);
bin2string(flags, buf);
printf("\tPT_PAX: %s\n", buf);
}
@@ -306,7 +343,7 @@ print_flags(int fd, int verbose)
printf("\tXT_PAX: not found\n");
else
{
- memset(buf, 0, BUF_SIZE);
+ memset(buf, 0, FLAGS_SIZE);
bin2string(flags, buf);
printf("\tXT_PAX: %s\n", buf);
}
@@ -470,7 +507,10 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
void
set_xt_flags(int fd, uint16_t xt_flags)
{
- fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_REPLACE);
+ char buf[FLAGS_SIZE];
+
+ bin2string(xt_flags, buf);
+ fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
}
#endif
@@ -503,6 +543,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
void
create_xt_flags(int fd, int cp_flags)
{
+ char buf[FLAGS_SIZE];
uint16_t xt_flags;
if(cp_flags == 1)
@@ -511,7 +552,8 @@ create_xt_flags(int fd, int cp_flags)
else if(cp_flags == 2)
xt_flags = 0;
- fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_CREATE);
+ bin2string(xt_flags, buf);
+ fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20 13:24 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20 13:24 UTC (permalink / raw
To: gentoo-commits
commit: a4b09651650e6e011b0f5d9fd091519e4d9d2465
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 13:24:49 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 13:24:49 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=a4b09651
src/paxctl-ng.c: fix string2bin
---
src/paxctl-ng.c | 36 +++++++++++++++++++++---------------
1 files changed, 21 insertions(+), 15 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 7fa5342..431d285 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -45,7 +45,7 @@
#define COPY_XT_TO_PT_FLAGS 4
#endif
-#define FLAGS_SIZE 5
+#define FLAGS_SIZE 6
void
print_help_exit(char *v)
@@ -258,29 +258,29 @@ string2bin(char *buf)
{
uint16_t flags = 0;
- if( buf[0] = 'P' )
+ if( buf[0] == 'P' )
flags |= PF_PAGEEXEC;
- else if( buf[0] = 'p' )
+ else if( buf[0] == 'p' )
flags |= PF_NOPAGEEXEC;
- if( buf[1] = 'S' )
+ if( buf[1] == 'S' )
flags |= PF_SEGMEXEC;
- else if( buf[1] = 's' )
+ else if( buf[1] == 's' )
flags |= PF_NOSEGMEXEC;
- if( buf[2] = 'M' )
+ if( buf[2] == 'M' )
flags |= PF_MPROTECT;
- else if( buf[2] = 'm' )
+ else if( buf[2] == 'm' )
flags |= PF_NOMPROTECT;
- if( buf[3] = 'E' )
+ if( buf[3] == 'E' )
flags |= PF_EMUTRAMP;
- else if( buf[3] = 'e' )
- flags |= PF_NORANDMMAP;
+ else if( buf[3] == 'e' )
+ flags |= PF_NOEMUTRAMP;
- if( buf[4] = 'R' )
+ if( buf[4] == 'R' )
flags |= PF_RANDMMAP;
- else if( buf[4] = 'r' )
+ else if( buf[4] == 'r' )
flags |= PF_NORANDMMAP;
return flags;
@@ -293,7 +293,9 @@ get_xt_flags(int fd)
char buf[FLAGS_SIZE];
uint16_t xt_flags = UINT16_MAX;
- if(fgetxattr(fd, PAX_NAMESPACE, buf, sizeof(FLAGS_SIZE)) != -1)
+ memset(buf, 0, FLAGS_SIZE);
+
+ if(fgetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE) != -1)
xt_flags = string2bin(buf);
return xt_flags;
@@ -509,8 +511,10 @@ set_xt_flags(int fd, uint16_t xt_flags)
{
char buf[FLAGS_SIZE];
+ memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+ printf("DEBUG buf = %s\n", buf);
+ //fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
}
#endif
@@ -552,8 +556,10 @@ create_xt_flags(int fd, int cp_flags)
else if(cp_flags == 2)
xt_flags = 0;
+ memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+ printf("DEBUG buf = %s\n", buf);
+ //fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-21 12:37 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-21 12:37 UTC (permalink / raw
To: gentoo-commits
commit: 0e5fa67947a5eb01d036a27e697735fb94d5c37e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 21 12:37:20 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jul 21 12:37:20 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=0e5fa679
src/paxctl-ng.c: sanity check on copy XT_PAX <-> PT_PAX
---
src/paxctl-ng.c | 14 +++++++-------
1 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 431d285..30584db 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -58,7 +58,7 @@ print_help_exit(char *v)
"Description : Get or set pax flags on an ELF object\n\n"
"Usage : %s -PpSsMmEeRrv ELF | -Zv ELF | -zv ELF\n"
#ifdef XATTR
- " : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
+ " : %s -Cv ELF | -cv ELF | -Fv ELF | -fv ELF\n"
#endif
" : %s -v ELF | -h\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
@@ -513,8 +513,7 @@ set_xt_flags(int fd, uint16_t xt_flags)
memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- printf("DEBUG buf = %s\n", buf);
- //fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+ fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_REPLACE);
}
#endif
@@ -558,8 +557,7 @@ create_xt_flags(int fd, int cp_flags)
memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
- printf("DEBUG buf = %s\n", buf);
- //fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+ fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_CREATE);
}
@@ -570,12 +568,14 @@ copy_xt_flags(int fd, int cp_flags, int verbose)
if(cp_flags == 3)
{
flags = get_pt_flags(fd, verbose);
- set_xt_flags(fd, flags);
+ if( flags != UINT16_MAX )
+ set_xt_flags(fd, flags);
}
else if(cp_flags == 4)
{
flags = get_xt_flags(fd);
- set_pt_flags(fd, flags, verbose);
+ if( flags != UINT16_MAX )
+ set_pt_flags(fd, flags, verbose);
}
}
#endif
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-23 10:47 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-23 10:47 UTC (permalink / raw
To: gentoo-commits
commit: 02640d9d23cc4736e642600430b13406c33dba9e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 23 10:47:10 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jul 23 10:47:10 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=02640d9d
src/{fix-gnustack.c,paxctl-ng.c}: ELF_C_RDWR_MMAP -> ELF_C_RDWR for uclibc compat
---
src/fix-gnustack.c | 2 +-
src/paxctl-ng.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 15e23e0..03da236 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -99,7 +99,7 @@ main( int argc, char *argv[])
{
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
- if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
else
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 025ea24..4b7e6fb 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -216,7 +216,7 @@ get_pt_flags(int fd, int verbose)
return pt_flags;
}
- if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
{
if(verbose)
printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
@@ -460,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
return;
}
- if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
{
if(verbose)
printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-27 22:00 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-27 22:00 UTC (permalink / raw
To: gentoo-commits
commit: b3e9ab5db62e344bfe72b78c6ab7fcfebf6d9592
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 27 21:57:19 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 27 21:57:19 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b3e9ab5d
Revert "src/{fix-gnustack.c,paxctl-ng.c}: ELF_C_RDWR_MMAP -> ELF_C_RDWR for uclibc compat"
This reverts commit 02640d9d23cc4736e642600430b13406c33dba9e.
Using libelf instead of elfutils to gelf_update_phdr() fails. Revert
for now until we figure out what's going on.
---
src/fix-gnustack.c | 2 +-
src/paxctl-ng.c | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 03da236..15e23e0 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -99,7 +99,7 @@ main( int argc, char *argv[])
{
if((fd = open(f_name, O_RDWR)) < 0)
error(EXIT_FAILURE, 0, "open() fail.");
- if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
}
else
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4b7e6fb..025ea24 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -216,7 +216,7 @@ get_pt_flags(int fd, int verbose)
return pt_flags;
}
- if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
{
if(verbose)
printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
@@ -460,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
return;
}
- if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
+ if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
{
if(verbose)
printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:26 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:26 UTC (permalink / raw
To: gentoo-commits
commit: 77673e44fc1798c919aa442c62f90e56f1fde632
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:25:42 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:25:42 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=77673e44
src/paxctl-ng.c: limit only ptpax or xtpax when both are possible
---
src/paxctl-ng.c | 44 +++++++++++++++++++++++++++++++-------------
1 files changed, 31 insertions(+), 13 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 817192d..2de2614 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -44,13 +44,16 @@
#ifdef XTPAX
#include <attr/xattr.h>
-
#define PAX_NAMESPACE "user.pax.flags"
-
#define CREATE_XT_FLAGS_SECURE 1
#define CREATE_XT_FLAGS_DEFAULT 2
+#endif
+
+#if defined(PTPAX) && defined(XTPAX)
#define COPY_PT_TO_XT_FLAGS 3
#define COPY_XT_TO_PT_FLAGS 4
+ #define LIMIT_TO_PT_FLAGS 5
+ #define LIMIT_TO_XT_FLAGS 6
#endif
#define FLAGS_SIZE 6
@@ -72,6 +75,7 @@ print_help_exit(char *v)
#endif
#if defined(PTPAX) && defined(XTPAX)
" : %s -Fv ELF | -fv ELF\n"
+ " : %s -Lv ELF | -lv ELF\n"
#endif
" : %s -v ELF | -h\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
@@ -80,6 +84,7 @@ print_help_exit(char *v)
" : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
" : -R enable RANDMMAP\t-r disable RANDMMAP\n"
" : -Z all secure settings\t-z all default settings\n"
+ " :\n"
#ifdef XTPAX
" : -C create XT_PAX with most secure setting\n"
" : -c create XT_PAX all default settings\n"
@@ -87,7 +92,10 @@ print_help_exit(char *v)
#if defined(PTPAX) && defined(XTPAX)
" : -F copy PT_PAX to XT_PAX\n"
" : -f copy XT_PAX to PT_PAX\n"
+ " : -L set only PT_PAX flags\n"
+ " : -l set only XT_PAX flags\n"
#endif
+ " :\n"
" : -v view the flags, along with any accompanying operation\n"
" : -h print out this help\n\n"
"Note : If both enabling and disabling flags are set, the default - is used\n\n",
@@ -98,6 +106,7 @@ print_help_exit(char *v)
#endif
#if defined(PTPAX) && defined(XTPAX)
basename(v),
+ basename(v),
#endif
basename(v)
);
@@ -108,7 +117,7 @@ print_help_exit(char *v)
void
parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *cp_flags,
- int *begin, int *end)
+ int *limit, int *begin, int *end)
{
int i, oc;
int compat, solitaire;
@@ -211,6 +220,12 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
solitaire += 1;
*cp_flags = COPY_XT_TO_PT_FLAGS;
break;
+ case 'L':
+ *limit = LIMIT_TO_PT_FLAGS;
+ break;
+ case 'l':
+ *limit = LIMIT_TO_XT_FLAGS;
+ break;
#else
case 'F':
case 'f':
@@ -570,12 +585,12 @@ set_xt_flags(int fd, uint16_t xt_flags)
void
-set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
+set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
{
uint16_t flags;
#ifdef PTPAX
- if(rdwr_pt_pax)
+ if(rdwr_pt_pax && !( limit == LIMIT_TO_XT_FLAGS) )
{
flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
@@ -586,11 +601,14 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
#endif
#ifdef XTPAX
- flags = get_xt_flags(fd);
- if( flags == UINT16_MAX )
- flags = PF_NOEMUTRAMP ;
- flags = update_flags( flags, *pax_flags);
- set_xt_flags(fd, flags);
+ if( !( limit == LIMIT_TO_PT_FLAGS) )
+ {
+ flags = get_xt_flags(fd);
+ if( flags == UINT16_MAX )
+ flags = PF_NOEMUTRAMP ;
+ flags = update_flags( flags, *pax_flags);
+ set_xt_flags(fd, flags);
+ }
#endif
}
@@ -641,10 +659,10 @@ main( int argc, char *argv[])
{
int fd, fi;
uint16_t pax_flags;
- int verbose, cp_flags, begin, end;
+ int verbose, cp_flags, limit, begin, end;
int rdwr_pt_pax = 1;
- parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &begin, &end);
+ parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &limit, &begin, &end);
for(fi = begin; fi < end; fi++)
{
@@ -677,7 +695,7 @@ main( int argc, char *argv[])
#endif
if(pax_flags != 0)
- set_flags(fd, &pax_flags, rdwr_pt_pax, verbose);
+ set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
if(verbose == 1)
print_flags(fd, verbose);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:35 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:35 UTC (permalink / raw
To: gentoo-commits
commit: 0899662410bf18690fbcec4d996a0380b46ded88
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:35:27 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:35:27 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=08996624
src/paxctl-ng.c: fix logic of limiting pt/xtpax when both are possible
---
src/paxctl-ng.c | 26 +++++++++++++++++++-------
1 files changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 2de2614..61bbcce 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -590,26 +590,38 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
uint16_t flags;
#ifdef PTPAX
- if(rdwr_pt_pax && !( limit == LIMIT_TO_XT_FLAGS) )
+ if(rdwr_pt_pax)
{
- flags = get_pt_flags(fd, verbose);
- if( flags == UINT16_MAX )
- flags = PF_NOEMUTRAMP ;
- flags = update_flags( flags, *pax_flags);
- set_pt_flags(fd, flags, verbose);
+#ifdef XTPAX
+ if( !(limit == LIMIT_TO_XT_FLAGS))
+ {
+#endif
+ flags = get_pt_flags(fd, verbose);
+ if( flags == UINT16_MAX )
+ flags = PF_NOEMUTRAMP ;
+ flags = update_flags( flags, *pax_flags);
+ set_pt_flags(fd, flags, verbose);
+#ifdef XTPAX
+ }
+#endif
+
}
#endif
#ifdef XTPAX
- if( !( limit == LIMIT_TO_PT_FLAGS) )
+#ifdef PTPAX
+ if( !(limit == LIMIT_TO_PT_FLAGS) )
{
+#endif
flags = get_xt_flags(fd);
if( flags == UINT16_MAX )
flags = PF_NOEMUTRAMP ;
flags = update_flags( flags, *pax_flags);
set_xt_flags(fd, flags);
+#ifdef PTPAX
}
#endif
+#endif
}
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:55 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:55 UTC (permalink / raw
To: gentoo-commits
commit: 7b01e0df4cc90c829b2294a231c61a30f577a5d7
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:55:05 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:55:05 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=7b01e0df
src/paxctl-ng.c: only PT_PAX needs the file open RDWR to set
---
src/paxctl-ng.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 61bbcce..83ed15f 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -681,20 +681,20 @@ main( int argc, char *argv[])
if(verbose)
printf("%s:\n", argv[fi]);
-#ifdef PTPAX
if((fd = open(argv[fi], O_RDWR)) < 0)
{
rdwr_pt_pax = 0;
+#ifdef PTPAX
if(verbose)
printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+#endif
if((fd = open(argv[fi], O_RDONLY)) < 0)
{
if(verbose)
- printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+ printf("\topen(O_RDONLY) failed: cannot read/change PAX flags\n\n");
continue;
}
}
-#endif
#ifdef XTPAX
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 22:29 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 22:29 UTC (permalink / raw
To: gentoo-commits
commit: 8e2659bbbe962d0f564e8a1b46506b6b28e11b25
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 22:29:33 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 22:29:33 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=8e2659bb
src/paxctl-ng.c: properly hand -L and -l in opts
---
src/paxctl-ng.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 83ed15f..7cde4f5 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -142,7 +142,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
* #endif
*/
- while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
+ while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfLlvh")) != -1)
{
switch(oc)
{
@@ -229,6 +229,8 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
#else
case 'F':
case 'f':
+ case 'L':
+ case 'l':
break;
#endif
case 'v':
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 23:27 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 23:27 UTC (permalink / raw
To: gentoo-commits
commit: a82220ad09c3e92764f294d5e847f84b5f0103c8
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 23:27:04 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 23:27:04 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=a82220ad
src/paxctl-ng.c: print success doesn't count to exit code
---
src/paxctl-ng.c | 14 ++++++--------
1 files changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 875304e..e58cebb 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -392,7 +392,7 @@ bin2string(uint16_t flags, char *buf)
}
-int
+void
print_flags(int fd, int verbose)
{
uint16_t flags;
@@ -421,8 +421,6 @@ print_flags(int fd, int verbose)
printf("\tXT_PAX: %s\n", buf);
}
#endif
-
- return EXIT_SUCCESS;
}
@@ -735,21 +733,21 @@ main( int argc, char *argv[])
#ifdef XTPAX
if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
- ret = create_xt_flags(fd, cp_flags);
+ ret |= create_xt_flags(fd, cp_flags);
if(cp_flags == DELETE_XT_FLAGS)
- ret = delete_xt_flags(fd);
+ ret |= delete_xt_flags(fd);
#endif
#if defined(PTPAX) && defined(XTPAX)
if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
- ret = copy_xt_flags(fd, cp_flags, verbose);
+ ret |= copy_xt_flags(fd, cp_flags, verbose);
#endif
if(pax_flags != 0)
- ret = set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
+ ret |= set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
if(verbose == 1)
- ret = print_flags(fd, verbose);
+ print_flags(fd, verbose);
close(fd);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-21 20:36 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-21 20:36 UTC (permalink / raw
To: gentoo-commits
commit: fca2f482f0c86bb509a413e5f843a655eb83c13e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 21 20:36:02 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Dec 21 20:36:02 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=fca2f482
src/paxctl-ng.c: add missing report of -d flag in print_help_exit()
---
src/paxctl-ng.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 1e5b663..d256da8 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -94,6 +94,7 @@ print_help_exit(char *v)
#ifdef XTPAX
" : -C create XATTR_PAX with most secure setting\n"
" : -c create XATTR_PAX all default settings\n"
+ " : -d delete XATTR_PAX field\n"
#endif
#if defined(PTPAX) && defined(XTPAX)
" : -F copy PT_PAX to XATTR_PAX\n"
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-22 17:48 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-22 17:48 UTC (permalink / raw
To: gentoo-commits
commit: 02421913c83319b3376d2da60bcf1581fa36c96b
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 22 17:47:53 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Dec 22 17:47:53 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=02421913
src/paxctl-ng.c: cosmetic cleanup with length of PT_PAX vs XATTR_PAX
---
src/paxctl-ng.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d256da8..ea6115b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -448,12 +448,12 @@ print_flags(int fd, int verbose)
#ifdef PTPAX
flags = get_pt_flags(fd, verbose);
if( flags == UINT16_MAX )
- printf("\tPT_PAX: not found\n");
+ printf("\tPT_PAX : not found\n");
else
{
memset(buf, 0, FLAGS_SIZE);
bin2string4print(flags, buf);
- printf("\tPT_PAX: %s\n", buf);
+ printf("\tPT_PAX : %s\n", buf);
}
#endif
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-28 23:07 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-28 23:07 UTC (permalink / raw
To: gentoo-commits
commit: bbcdee4fec695a1591909ab1d687e3589fabac17
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 23:06:50 2012 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 23:06:50 2012 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=bbcdee4f
src/paxctl-ng.c: fix uninitialized value for xt_flags
---
src/paxctl-ng.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 6dbcf4c..dcfdde9 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -707,6 +707,9 @@ create_xt_flags(int fd, int cp_flags)
PF_NOEMUTRAMP | PF_RANDMMAP ;
else if(cp_flags == CREATE_XT_FLAGS_DEFAULT)
xt_flags = 0;
+ else
+ //Why are we here?
+ return EXIT_FAILURE;
memset(buf, 0, FLAGS_SIZE);
bin2string(xt_flags, buf);
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2013-09-26 12:24 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2013-09-26 12:24 UTC (permalink / raw
To: gentoo-commits
commit: 2f98962eccca32b60f93ef358eb7dc638067f9da
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 26 12:20:08 2013 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 26 12:20:08 2013 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=2f98962e
Return EXIT_SUCCESS if user.pax.flags is done after paxctl-ng -d
If the user.pax.flags field exists and we have permissions to remove
it, the first invocation of paxctl-ng -d returns 0. But subsequently
it returns 1 because it fails to remove an xattr field that is not
there. We make sure we return 0 if the field is gone for whatever
reason. We only fail upon not having permissions to change the xattr
filed, or the filesystem not supporting xattrs (ENOTSUP).
Reported-by: Maxim Kammerer <mk <AT> dee.su>
X-Gentoo-Bug: 485908
X-Gentoo-Bug-URL: https://bugs.gentoo.org/485908
---
src/paxctl-ng.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4d69ab4..8071d50 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -26,6 +26,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <unistd.h>
+#include <errno.h>
#ifdef PTPAX
#include <gelf.h>
@@ -744,7 +745,15 @@ delete_xt_flags(int fd)
if( !fremovexattr(fd, PAX_NAMESPACE) )
return EXIT_SUCCESS;
else
- return EXIT_FAILURE;
+ {
+ // If this fails because there was no such named xattr
+ // in the first place, then in a sense, we succeeded.
+ // See: https://bugs.gentoo.org/show_bug.cgi?id=485908
+ if( errno == ENOATTR )
+ return EXIT_SUCCESS;
+ else
+ return EXIT_FAILURE;
+ }
}
#endif
^ permalink raw reply related [flat|nested] 40+ messages in thread
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2018-12-13 14:48 Anthony G. Basile
0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2018-12-13 14:48 UTC (permalink / raw
To: gentoo-commits
commit: cede3de716079a1a00d95409caf1244f2df1c9d1
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 14:47:38 2018 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 14:48:28 2018 +0000
URL: https://gitweb.gentoo.org/proj/elfix.git/commit/?id=cede3de7
src/paxctl-ng.c: return ENOENT if a file is not found
This addresses https://bugs.gentoo.org/672072
Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>
src/paxctl-ng.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 25396d4..43718de 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -805,6 +805,13 @@ main( int argc, char *argv[])
if((fd = open(argv[fi], O_RDWR)) < 0)
{
+ if(errno == ENOENT) {
+ if(verbose)
+ printf("\topen() failed: file does not exist\n\n");
+ ret |= ENOENT;
+ continue;
+ }
+
rdwr_pt_pax = 0;
#ifdef PTPAX
if(verbose)
^ permalink raw reply related [flat|nested] 40+ messages in thread
end of thread, other threads:[~2018-12-13 14:48 UTC | newest]
Thread overview: 40+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-27 17:30 [gentoo-commits] proj/elfix:master commit in: src/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2018-12-13 14:48 Anthony G. Basile
2013-09-26 12:24 Anthony G. Basile
2012-12-28 23:07 Anthony G. Basile
2012-12-22 17:48 Anthony G. Basile
2012-12-21 20:36 Anthony G. Basile
2012-11-10 23:27 Anthony G. Basile
2012-11-10 22:29 Anthony G. Basile
2012-11-10 21:55 Anthony G. Basile
2012-11-10 21:35 Anthony G. Basile
2012-11-10 21:26 Anthony G. Basile
2012-07-27 22:00 Anthony G. Basile
2012-07-23 10:47 Anthony G. Basile
2012-07-21 12:37 Anthony G. Basile
2012-07-20 13:24 Anthony G. Basile
2012-07-20 11:56 Anthony G. Basile
2012-07-20 9:30 Anthony G. Basile
2011-11-27 0:59 Anthony G. Basile
2011-11-27 0:26 Anthony G. Basile
2011-11-15 16:07 Anthony G. Basile
2011-11-03 18:45 Anthony G. Basile
2011-11-03 18:16 Anthony G. Basile
2011-11-03 12:33 Anthony G. Basile
2011-10-22 19:51 Anthony G. Basile
2011-10-18 22:48 Anthony G. Basile
2011-09-27 18:49 Anthony G. Basile
2011-09-27 17:58 Anthony G. Basile
2011-09-18 22:48 Anthony G. Basile
2011-09-18 14:20 Anthony G. Basile
2011-09-11 21:12 Anthony G. Basile
2011-09-11 3:40 Anthony G. Basile
2011-09-11 2:32 Anthony G. Basile
2011-09-11 1:54 Anthony G. Basile
2011-09-11 0:23 Anthony G. Basile
2011-09-10 21:36 Anthony G. Basile
2011-09-10 21:35 Anthony G. Basile
2011-09-10 21:11 Anthony G. Basile
2011-05-13 12:01 Anthony G. Basile
2011-05-05 22:40 Anthony G. Basile
2011-05-04 2:15 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox