* [gentoo-commits] proj/elfix:elfix-0.2.x commit in: poc/
@ 2011-10-08 18:54 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2011-10-08 18:54 UTC (permalink / raw
To: gentoo-commits
commit: 6cdd195316fae44cf8192b069db2906298100d6e
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 21:46:34 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 8 18:53:27 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=6cdd1953
poc/paxctl-xattr.c: removed unnecesary listing of all xattrs
---
poc/paxctl-xattr.c | 79 +++++++++++++++++++--------------------------------
1 files changed, 30 insertions(+), 49 deletions(-)
diff --git a/poc/paxctl-xattr.c b/poc/paxctl-xattr.c
index eb97166..5040f80 100644
--- a/poc/paxctl-xattr.c
+++ b/poc/paxctl-xattr.c
@@ -25,7 +25,7 @@
#include <libgen.h>
#include <gelf.h>
-#include <sys/xattr.h>
+#include <attr/xattr.h>
#include <sys/types.h>
#include <sys/stat.h>
@@ -160,84 +160,65 @@ void
print_flags(int fd)
{
char xt_buf[BUF_SIZE];
-
- static ssize_t xsize = 1024;
- static char *xattrs = NULL;
- ssize_t i, xret = -1;
+ uint16_t xt_flags;
static ssize_t vsize = 1024;
static char *value = NULL;
- ssize_t vret = -1;
+ ssize_t i, vret = -1;
memset(xt_buf, 0, BUF_SIZE);
- xattrs = malloc(xsize);
value = malloc(vsize);
//If at first we don't succeed, grow buffer size
- while(((xret = flistxattr(fd, xattrs, xsize)) == -1) && (errno == ERANGE))
+ while(((vret = fgetxattr(fd, PAX_NAMESPACE, value, vsize)) == -1) && (errno == ERANGE))
{
- xsize <<= 1;
- xattrs = realloc(xattrs, xsize);
+ vsize <<= 1;
+ value = realloc(value, vsize);
}
- if(errno == ENOTSUP)
+ if(errno == ENOATTR)
{
- printf("XT_PAX: not found without Extended Attribute Support\n");
+ printf("XT_PAX: not found or permission denied\n");
return;
}
- for(i = 0; i < xret; i += strlen(&xattrs[i]) + 1)
+ if(errno == ENOTSUP)
{
+ printf("XT_PAX: extended attribute not supported\n");
+ return;
+ }
- if(strcmp(&xattrs[i], PAX_NAMESPACE) == 0)
- {
- printf("here\n");
-
- while(((vret = fgetxattr(fd, &xattrs[i], value, vsize)) == -1) && (errno == ERANGE))
- {
- xsize <<= 1;
- xattrs = realloc(xattrs, xsize);
- }
-
- /*
- valueLen = getxattr(argv[j], &xattrs[ns], value, XATTR_SIZE);
- if (valueLen == -1) {
- printf("couldn't get value");
- } else {
- for (k = 0; k < valueLen; k++)
- printf("%02x ", (unsigned int) value[k]);
- }
+ xt_flags = (uint16_t)value[0];
+ xt_flags = xt_flags << 8 + value[1];
- xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' :
- xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+ xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' :
+ xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
- xt_buf[1] = xt_flags & PF_SEGMEXEC ? 'S' :
- xt_flags & PF_NOSEGMEXEC ? 's' : '-';
+ xt_buf[1] = xt_flags & PF_SEGMEXEC ? 'S' :
+ xt_flags & PF_NOSEGMEXEC ? 's' : '-';
- xt_buf[2] = xt_flags & PF_MPROTECT ? 'M' :
- xt_flags & PF_NOMPROTECT ? 'm' : '-';
+ xt_buf[2] = xt_flags & PF_MPROTECT ? 'M' :
+ xt_flags & PF_NOMPROTECT ? 'm' : '-';
- xt_buf[3] = xt_flags & PF_EMUTRAMP ? 'E' :
- xt_flags & PF_NOEMUTRAMP ? 'e' : '-';
+ xt_buf[3] = xt_flags & PF_EMUTRAMP ? 'E' :
+ xt_flags & PF_NOEMUTRAMP ? 'e' : '-';
- xt_buf[4] = xt_flags & PF_RANDMMAP ? 'R' :
- xt_flags & PF_NORANDMMAP ? 'r' : '-';
+ xt_buf[4] = xt_flags & PF_RANDMMAP ? 'R' :
+ xt_flags & PF_NORANDMMAP ? 'r' : '-';
- xt_buf[5] = xt_flags & PF_RANDEXEC ? 'X' :
- xt_flags & PF_NORANDEXEC ? 'x' : '-';
+ xt_buf[5] = xt_flags & PF_RANDEXEC ? 'X' :
+ xt_flags & PF_NORANDEXEC ? 'x' : '-';
- printf("XT_PAX: %s\n", xt_buf);
- */
- }
- }
+ printf("XT_PAX: %s\n", xt_buf);
}
void
set_flags(int fd, int *pax_flags)
{
- char xt_buf[BUF_SIZE];
- memset(xt_buf, 0, BUF_SIZE);
+ uint16_t xt_flags;
+
+ //int fsetxattr(int fd, const char *name, const void *value, size_t size, int flags);
/*
if( / DOME xattrs is supported / )
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/elfix:elfix-0.2.x commit in: poc/
@ 2011-10-08 18:54 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2011-10-08 18:54 UTC (permalink / raw
To: gentoo-commits
commit: bf4b2cc848059249198e54091c8e6ebafdd9ec55
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 23:35:05 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 8 18:53:27 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=bf4b2cc8
poc/paxctl-xattr.c: first working version
---
poc/paxctl-xattr.c | 270 +++++++++++++++++++++++++++-------------------------
1 files changed, 140 insertions(+), 130 deletions(-)
diff --git a/poc/paxctl-xattr.c b/poc/paxctl-xattr.c
index 5040f80..2232631 100644
--- a/poc/paxctl-xattr.c
+++ b/poc/paxctl-xattr.c
@@ -155,41 +155,50 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
}
-#define BUF_SIZE 7
-void
-print_flags(int fd)
+uint16_t
+read_flags(int fd)
{
- char xt_buf[BUF_SIZE];
- uint16_t xt_flags;
+ //UINT16_MAX is an invalid value
+ uint16_t xt_flags = UINT16_MAX;
- static ssize_t vsize = 1024;
- static char *value = NULL;
- ssize_t i, vret = -1;
+ if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1)
+ {
+ //xattrs is supported, PAX_NAMESPACE is present, but it is the wrong size
+ if(errno == ERANGE)
+ {
+ printf("XT_PAX: malformed flags found\n");
+ //FIXME remove the user.pax field
+ xt_flags = 0;
+ }
- memset(xt_buf, 0, BUF_SIZE);
- value = malloc(vsize);
+ //xattrs is supported, PAX_NAMESPACE is not present
+ if(errno == ENOATTR)
+ {
+ printf("XT_PAX: not found\n");
+ xt_flags = 0;
+ }
- //If at first we don't succeed, grow buffer size
- while(((vret = fgetxattr(fd, PAX_NAMESPACE, value, vsize)) == -1) && (errno == ERANGE))
- {
- vsize <<= 1;
- value = realloc(value, vsize);
+ //xattrs is not supported
+ if(errno == ENOTSUP)
+ printf("XT_PAX: extended attribute not supported\n");
}
- if(errno == ENOATTR)
- {
- printf("XT_PAX: not found or permission denied\n");
- return;
- }
+ return xt_flags;
+}
- if(errno == ENOTSUP)
- {
- printf("XT_PAX: extended attribute not supported\n");
- return;
- }
- xt_flags = (uint16_t)value[0];
- xt_flags = xt_flags << 8 + value[1];
+#define BUF_SIZE 7
+void
+print_flags(int fd)
+{
+ uint16_t xt_flags;
+ char xt_buf[BUF_SIZE];
+
+ memset(xt_buf, 0, BUF_SIZE);
+
+ //If an invalid value is returned, then skip this
+ if((xt_flags = read_flags(fd)) == UINT16_MAX)
+ return ;
xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' :
xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
@@ -218,118 +227,119 @@ set_flags(int fd, int *pax_flags)
{
uint16_t xt_flags;
- //int fsetxattr(int fd, const char *name, const void *value, size_t size, int flags);
+ //If an invalid value is returned, then skip this
+ if((xt_flags = read_flags(fd)) == UINT16_MAX)
+ return ;
- /*
- if( / DOME xattrs is supported / )
+ //PAGEEXEC
+ if(*pax_flags & PF_PAGEEXEC)
{
- //PAGEEXEC
- if(*pax_flags & PF_PAGEEXEC)
- {
- phdr.p_flags |= PF_PAGEEXEC;
- phdr.p_flags &= ~PF_NOPAGEEXEC;
- }
- if(*pax_flags & PF_NOPAGEEXEC)
- {
- phdr.p_flags &= ~PF_PAGEEXEC;
- phdr.p_flags |= PF_NOPAGEEXEC;
- }
- if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
- {
- phdr.p_flags &= ~PF_PAGEEXEC;
- phdr.p_flags &= ~PF_NOPAGEEXEC;
- }
+ xt_flags |= PF_PAGEEXEC;
+ xt_flags &= ~PF_NOPAGEEXEC;
+ }
+ if(*pax_flags & PF_NOPAGEEXEC)
+ {
+ xt_flags &= ~PF_PAGEEXEC;
+ xt_flags |= PF_NOPAGEEXEC;
+ }
+ if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+ {
+ xt_flags &= ~PF_PAGEEXEC;
+ xt_flags &= ~PF_NOPAGEEXEC;
+ }
- //SEGMEXEC
- if(*pax_flags & PF_SEGMEXEC)
- {
- phdr.p_flags |= PF_SEGMEXEC;
- phdr.p_flags &= ~PF_NOSEGMEXEC;
- }
- if(*pax_flags & PF_NOSEGMEXEC)
- {
- phdr.p_flags &= ~PF_SEGMEXEC;
- phdr.p_flags |= PF_NOSEGMEXEC;
- }
- if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
- {
- phdr.p_flags &= ~PF_SEGMEXEC;
- phdr.p_flags &= ~PF_NOSEGMEXEC;
- }
+ //SEGMEXEC
+ if(*pax_flags & PF_SEGMEXEC)
+ {
+ xt_flags |= PF_SEGMEXEC;
+ xt_flags &= ~PF_NOSEGMEXEC;
+ }
+ if(*pax_flags & PF_NOSEGMEXEC)
+ {
+ xt_flags &= ~PF_SEGMEXEC;
+ xt_flags |= PF_NOSEGMEXEC;
+ }
+ if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+ {
+ xt_flags &= ~PF_SEGMEXEC;
+ xt_flags &= ~PF_NOSEGMEXEC;
+ }
- //MPROTECT
- if(*pax_flags & PF_MPROTECT)
- {
- phdr.p_flags |= PF_MPROTECT;
- phdr.p_flags &= ~PF_NOMPROTECT;
- }
- if(*pax_flags & PF_NOMPROTECT)
- {
- phdr.p_flags &= ~PF_MPROTECT;
- phdr.p_flags |= PF_NOMPROTECT;
- }
- if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
- {
- phdr.p_flags &= ~PF_MPROTECT;
- phdr.p_flags &= ~PF_NOMPROTECT;
- }
+ //MPROTECT
+ if(*pax_flags & PF_MPROTECT)
+ {
+ xt_flags |= PF_MPROTECT;
+ xt_flags &= ~PF_NOMPROTECT;
+ }
+ if(*pax_flags & PF_NOMPROTECT)
+ {
+ xt_flags &= ~PF_MPROTECT;
+ xt_flags |= PF_NOMPROTECT;
+ }
+ if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+ {
+ xt_flags &= ~PF_MPROTECT;
+ xt_flags &= ~PF_NOMPROTECT;
+ }
- //EMUTRAMP
- if(*pax_flags & PF_EMUTRAMP)
- {
- phdr.p_flags |= PF_EMUTRAMP;
- phdr.p_flags &= ~PF_NOEMUTRAMP;
- }
- if(*pax_flags & PF_NOEMUTRAMP)
- {
- phdr.p_flags &= ~PF_EMUTRAMP;
- phdr.p_flags |= PF_NOEMUTRAMP;
- }
- if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
- {
- phdr.p_flags &= ~PF_EMUTRAMP;
- phdr.p_flags &= ~PF_NOEMUTRAMP;
- }
+ //EMUTRAMP
+ if(*pax_flags & PF_EMUTRAMP)
+ {
+ xt_flags |= PF_EMUTRAMP;
+ xt_flags &= ~PF_NOEMUTRAMP;
+ }
+ if(*pax_flags & PF_NOEMUTRAMP)
+ {
+ xt_flags &= ~PF_EMUTRAMP;
+ xt_flags |= PF_NOEMUTRAMP;
+ }
+ if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+ {
+ xt_flags &= ~PF_EMUTRAMP;
+ xt_flags &= ~PF_NOEMUTRAMP;
+ }
- //RANDMMAP
- if(*pax_flags & PF_RANDMMAP)
- {
- phdr.p_flags |= PF_RANDMMAP;
- phdr.p_flags &= ~PF_NORANDMMAP;
- }
- if(*pax_flags & PF_NORANDMMAP)
- {
- phdr.p_flags &= ~PF_RANDMMAP;
- phdr.p_flags |= PF_NORANDMMAP;
- }
- if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
- {
- phdr.p_flags &= ~PF_RANDMMAP;
- phdr.p_flags &= ~PF_NORANDMMAP;
- }
+ //RANDMMAP
+ if(*pax_flags & PF_RANDMMAP)
+ {
+ xt_flags |= PF_RANDMMAP;
+ xt_flags &= ~PF_NORANDMMAP;
+ }
+ if(*pax_flags & PF_NORANDMMAP)
+ {
+ xt_flags &= ~PF_RANDMMAP;
+ xt_flags |= PF_NORANDMMAP;
+ }
+ if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+ {
+ xt_flags &= ~PF_RANDMMAP;
+ xt_flags &= ~PF_NORANDMMAP;
+ }
- //RANDEXEC
- if(*pax_flags & PF_RANDEXEC)
- {
- phdr.p_flags |= PF_RANDEXEC;
- phdr.p_flags &= ~PF_NORANDEXEC;
- }
- if(*pax_flags & PF_NORANDEXEC)
- {
- phdr.p_flags &= ~PF_RANDEXEC;
- phdr.p_flags |= PF_NORANDEXEC;
- }
- if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
- {
- phdr.p_flags &= ~PF_RANDEXEC;
- phdr.p_flags &= ~PF_NORANDEXEC;
- }
+ //RANDEXEC
+ if(*pax_flags & PF_RANDEXEC)
+ {
+ xt_flags |= PF_RANDEXEC;
+ xt_flags &= ~PF_NORANDEXEC;
+ }
+ if(*pax_flags & PF_NORANDEXEC)
+ {
+ xt_flags &= ~PF_RANDEXEC;
+ xt_flags |= PF_NORANDEXEC;
+ }
+ if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+ {
+ xt_flags &= ~PF_RANDEXEC;
+ xt_flags &= ~PF_NORANDEXEC;
+ }
- / update xattr /
+ if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
+ {
+ if(errno == ENOSPC || errno == EDQUOT)
+ printf("XT_PAX: cannot store xt_flags\n");
+ if(errno == ENOTSUP)
+ printf("XT_PAX: extended attribute not supported\n");
}
- else
- printf("XT_PAX: not found\n");
- */
}
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [gentoo-commits] proj/elfix:elfix-0.2.x commit in: poc/
@ 2011-10-08 18:54 Anthony G. Basile
0 siblings, 0 replies; 3+ messages in thread
From: Anthony G. Basile @ 2011-10-08 18:54 UTC (permalink / raw
To: gentoo-commits
commit: a92109549ceb5aa78809cd80030473a9869601e0
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 21:16:48 2011 +0000
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 8 18:53:26 2011 +0000
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=a9210954
poc/paxctl-xattr.c: get and set pax flags in xattrs
---
poc/Makefile.am | 5 +-
poc/paxctl-xattr.c | 374 ++++++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 377 insertions(+), 2 deletions(-)
diff --git a/poc/Makefile.am b/poc/Makefile.am
index e8c94d5..68022f9 100644
--- a/poc/Makefile.am
+++ b/poc/Makefile.am
@@ -1,7 +1,8 @@
-noinst_PROGRAMS = mangle-paxflags bad-mmap
+noinst_PROGRAMS = bad-mmap mangle-paxflags paxctl-xattr
+bad_mmap_SOURCES = bad-mmap.c
mangle_paxflags_SOURCES = mangle-paxflags.c
mangle_paxflags_LDADD = -lelf
-bad_mmap_SOURCES = bad-mmap.c
+paxctl_xattr_SOURCES = paxctl-xattr.c
check_SCRIPTS = poc.sh
diff --git a/poc/paxctl-xattr.c b/poc/paxctl-xattr.c
new file mode 100644
index 0000000..eb97166
--- /dev/null
+++ b/poc/paxctl-xattr.c
@@ -0,0 +1,374 @@
+/*
+ paxctl-xattr.c: get/set pax flags on xattr for an ELF object
+ Copyright (C) 2011 Anthony G. Basile
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <string.h>
+#include <error.h>
+#include <errno.h>
+#include <libgen.h>
+
+#include <gelf.h>
+#include <sys/xattr.h>
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+
+#include <config.h>
+
+#define PAX_NAMESPACE "user.pax"
+
+void
+print_help(char *v)
+{
+ printf(
+ "\n"
+ "Package Name : " PACKAGE_STRING "\n"
+ "Bug Reports : " PACKAGE_BUGREPORT "\n"
+ "Program Name : %s\n"
+ "Description : Get or set xattr pax flags on an ELF object\n\n"
+ "Usage : %s [-PpEeMmRrXxSsv ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
+ "Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
+ " : -S enable SEGMEXEC\t-s disable SEGMEXEC\n"
+ " : -M enable MPROTECT\t-m disable MPROTECT\n"
+ " : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
+ " : -R enable RANDMMAP\t-r disable RANDMMAP\n"
+ " : -X enable RANDEXEC\t-x disable RANDEXEC\n"
+ " : -Z most secure settings\t-z all default settings\n"
+ " : -v view the flags\n"
+ " : -h print out this help\n\n"
+ "Note : If both enabling and disabling flags are set, the default - is used\n\n",
+ basename(v),
+ basename(v)
+ );
+
+ exit(EXIT_SUCCESS);
+}
+
+
+char *
+parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
+{
+ int i, oc;
+ int compat;
+
+ compat = 0;
+
+ *pax_flags = 0;
+ *view_flags = 0;
+ while((oc = getopt(c, v,":PpEeMmRrXxSsZzvh")) != -1)
+ switch(oc)
+ {
+ case 'P':
+ *pax_flags |= PF_PAGEEXEC;
+ compat |= 1;
+ break;
+ case 'p':
+ *pax_flags |= PF_NOPAGEEXEC;
+ compat |= 1;
+ break ;
+ case 'S':
+ *pax_flags |= PF_SEGMEXEC;
+ compat |= 1;
+ break;
+ case 's':
+ *pax_flags |= PF_NOSEGMEXEC;
+ compat |= 1;
+ break ;
+ case 'M':
+ *pax_flags |= PF_MPROTECT;
+ compat |= 1;
+ break;
+ case 'm':
+ *pax_flags |= PF_NOMPROTECT;
+ compat |= 1;
+ break ;
+ case 'E':
+ *pax_flags |= PF_EMUTRAMP;
+ compat |= 1;
+ break;
+ case 'e':
+ *pax_flags |= PF_NOEMUTRAMP;
+ compat |= 1;
+ break ;
+ case 'R':
+ *pax_flags |= PF_RANDMMAP;
+ compat |= 1;
+ break;
+ case 'r':
+ *pax_flags |= PF_NORANDMMAP;
+ compat |= 1;
+ break ;
+ case 'X':
+ *pax_flags |= PF_RANDEXEC;
+ compat |= 1;
+ break;
+ case 'x':
+ *pax_flags |= PF_NORANDEXEC;
+ compat |= 1;
+ break ;
+ case 'Z':
+ *pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
+ PF_NOEMUTRAMP | PF_RANDMMAP | PF_RANDEXEC;
+ compat += 1;
+ break ;
+ case 'z':
+ *pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
+ PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
+ PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
+ compat += 1;
+ break;
+ case 'v':
+ *view_flags = 1;
+ compat |= 1;
+ break;
+ case 'h':
+ print_help(v[0]);
+ break;
+ case '?':
+ default:
+ error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
+ }
+
+ if(compat != 1 || v[optind] == NULL)
+ print_help(v[0]);
+
+ return v[optind] ;
+}
+
+
+#define BUF_SIZE 7
+void
+print_flags(int fd)
+{
+ char xt_buf[BUF_SIZE];
+
+ static ssize_t xsize = 1024;
+ static char *xattrs = NULL;
+ ssize_t i, xret = -1;
+
+ static ssize_t vsize = 1024;
+ static char *value = NULL;
+ ssize_t vret = -1;
+
+ memset(xt_buf, 0, BUF_SIZE);
+ xattrs = malloc(xsize);
+ value = malloc(vsize);
+
+ //If at first we don't succeed, grow buffer size
+ while(((xret = flistxattr(fd, xattrs, xsize)) == -1) && (errno == ERANGE))
+ {
+ xsize <<= 1;
+ xattrs = realloc(xattrs, xsize);
+ }
+
+ if(errno == ENOTSUP)
+ {
+ printf("XT_PAX: not found without Extended Attribute Support\n");
+ return;
+ }
+
+ for(i = 0; i < xret; i += strlen(&xattrs[i]) + 1)
+ {
+
+ if(strcmp(&xattrs[i], PAX_NAMESPACE) == 0)
+ {
+ printf("here\n");
+
+ while(((vret = fgetxattr(fd, &xattrs[i], value, vsize)) == -1) && (errno == ERANGE))
+ {
+ xsize <<= 1;
+ xattrs = realloc(xattrs, xsize);
+ }
+
+ /*
+ valueLen = getxattr(argv[j], &xattrs[ns], value, XATTR_SIZE);
+ if (valueLen == -1) {
+ printf("couldn't get value");
+ } else {
+ for (k = 0; k < valueLen; k++)
+ printf("%02x ", (unsigned int) value[k]);
+ }
+
+ xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' :
+ xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+
+ xt_buf[1] = xt_flags & PF_SEGMEXEC ? 'S' :
+ xt_flags & PF_NOSEGMEXEC ? 's' : '-';
+
+ xt_buf[2] = xt_flags & PF_MPROTECT ? 'M' :
+ xt_flags & PF_NOMPROTECT ? 'm' : '-';
+
+ xt_buf[3] = xt_flags & PF_EMUTRAMP ? 'E' :
+ xt_flags & PF_NOEMUTRAMP ? 'e' : '-';
+
+ xt_buf[4] = xt_flags & PF_RANDMMAP ? 'R' :
+ xt_flags & PF_NORANDMMAP ? 'r' : '-';
+
+ xt_buf[5] = xt_flags & PF_RANDEXEC ? 'X' :
+ xt_flags & PF_NORANDEXEC ? 'x' : '-';
+
+ printf("XT_PAX: %s\n", xt_buf);
+ */
+ }
+ }
+}
+
+
+void
+set_flags(int fd, int *pax_flags)
+{
+ char xt_buf[BUF_SIZE];
+ memset(xt_buf, 0, BUF_SIZE);
+
+ /*
+ if( / DOME xattrs is supported / )
+ {
+ //PAGEEXEC
+ if(*pax_flags & PF_PAGEEXEC)
+ {
+ phdr.p_flags |= PF_PAGEEXEC;
+ phdr.p_flags &= ~PF_NOPAGEEXEC;
+ }
+ if(*pax_flags & PF_NOPAGEEXEC)
+ {
+ phdr.p_flags &= ~PF_PAGEEXEC;
+ phdr.p_flags |= PF_NOPAGEEXEC;
+ }
+ if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+ {
+ phdr.p_flags &= ~PF_PAGEEXEC;
+ phdr.p_flags &= ~PF_NOPAGEEXEC;
+ }
+
+ //SEGMEXEC
+ if(*pax_flags & PF_SEGMEXEC)
+ {
+ phdr.p_flags |= PF_SEGMEXEC;
+ phdr.p_flags &= ~PF_NOSEGMEXEC;
+ }
+ if(*pax_flags & PF_NOSEGMEXEC)
+ {
+ phdr.p_flags &= ~PF_SEGMEXEC;
+ phdr.p_flags |= PF_NOSEGMEXEC;
+ }
+ if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+ {
+ phdr.p_flags &= ~PF_SEGMEXEC;
+ phdr.p_flags &= ~PF_NOSEGMEXEC;
+ }
+
+ //MPROTECT
+ if(*pax_flags & PF_MPROTECT)
+ {
+ phdr.p_flags |= PF_MPROTECT;
+ phdr.p_flags &= ~PF_NOMPROTECT;
+ }
+ if(*pax_flags & PF_NOMPROTECT)
+ {
+ phdr.p_flags &= ~PF_MPROTECT;
+ phdr.p_flags |= PF_NOMPROTECT;
+ }
+ if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+ {
+ phdr.p_flags &= ~PF_MPROTECT;
+ phdr.p_flags &= ~PF_NOMPROTECT;
+ }
+
+ //EMUTRAMP
+ if(*pax_flags & PF_EMUTRAMP)
+ {
+ phdr.p_flags |= PF_EMUTRAMP;
+ phdr.p_flags &= ~PF_NOEMUTRAMP;
+ }
+ if(*pax_flags & PF_NOEMUTRAMP)
+ {
+ phdr.p_flags &= ~PF_EMUTRAMP;
+ phdr.p_flags |= PF_NOEMUTRAMP;
+ }
+ if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+ {
+ phdr.p_flags &= ~PF_EMUTRAMP;
+ phdr.p_flags &= ~PF_NOEMUTRAMP;
+ }
+
+ //RANDMMAP
+ if(*pax_flags & PF_RANDMMAP)
+ {
+ phdr.p_flags |= PF_RANDMMAP;
+ phdr.p_flags &= ~PF_NORANDMMAP;
+ }
+ if(*pax_flags & PF_NORANDMMAP)
+ {
+ phdr.p_flags &= ~PF_RANDMMAP;
+ phdr.p_flags |= PF_NORANDMMAP;
+ }
+ if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+ {
+ phdr.p_flags &= ~PF_RANDMMAP;
+ phdr.p_flags &= ~PF_NORANDMMAP;
+ }
+
+ //RANDEXEC
+ if(*pax_flags & PF_RANDEXEC)
+ {
+ phdr.p_flags |= PF_RANDEXEC;
+ phdr.p_flags &= ~PF_NORANDEXEC;
+ }
+ if(*pax_flags & PF_NORANDEXEC)
+ {
+ phdr.p_flags &= ~PF_RANDEXEC;
+ phdr.p_flags |= PF_NORANDEXEC;
+ }
+ if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+ {
+ phdr.p_flags &= ~PF_RANDEXEC;
+ phdr.p_flags &= ~PF_NORANDEXEC;
+ }
+
+ / update xattr /
+ }
+ else
+ printf("XT_PAX: not found\n");
+ */
+}
+
+
+int
+main( int argc, char *argv[])
+{
+ int fd;
+ int pax_flags, view_flags;
+ char *f_name;
+
+ f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags);
+
+ if((fd = open(f_name, O_RDWR)) < 0)
+ error(EXIT_FAILURE, 0, "open() fail.");
+
+ if(pax_flags != 0)
+ set_flags(fd, &pax_flags);
+
+ if(view_flags == 1)
+ print_flags(fd);
+
+ close(fd);
+}
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-10-08 18:55 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-10-08 18:54 [gentoo-commits] proj/elfix:elfix-0.2.x commit in: poc/ Anthony G. Basile
-- strict thread matches above, loose matches on Subject: below --
2011-10-08 18:54 Anthony G. Basile
2011-10-08 18:54 Anthony G. Basile
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox