public inbox for gentoo-commits@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-04  2:15 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-04  2:15 UTC (permalink / raw
  To: gentoo-commits

commit:     af0ba40a9aeb5d5e735705755c4169e48e672478
Author:     Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Wed May  4 02:14:55 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Wed May  4 02:14:55 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=af0ba40a

Cleaned out unnecessary call to get ehdr

---
 src/fix-gnustack.c |    4 ----
 1 files changed, 0 insertions(+), 4 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 00a0c02..8315873 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -63,7 +63,6 @@ main( int argc, char *argv[])
 	size_t i, phnum;
 
 	Elf *elf;
-	GElf_Ehdr ehdr;
 	GElf_Phdr phdr;
 
 	f_name = parse_cmd_args( argc, argv, &flagv );
@@ -89,9 +88,6 @@ main( int argc, char *argv[])
 	if(elf_kind(elf) != ELF_K_ELF)
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
-	if(gelf_getehdr(elf,&ehdr) == NULL)
-		error(EXIT_FAILURE, 0, "gelf_getehdr() fail: %s", elf_errmsg(-1));
-
 	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-05 22:40 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-05 22:40 UTC (permalink / raw
  To: gentoo-commits

commit:     ff3437254e74ee47897425b217541b8362f17a20
Author:     Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Thu May  5 22:38:50 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu May  5 22:38:50 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=ff343725

src/fix-gnustack.c: improved error messages

---
 src/fix-gnustack.c |   10 +++++-----
 1 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 8315873..75d72ea 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -75,14 +75,14 @@ main( int argc, char *argv[])
 		if((fd = open(f_name, O_RDWR)) < 0)
 			error(EXIT_FAILURE, 0, "open() fail.");
 		if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
-			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(-1));
+			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 	}
 	else
 	{
 		if((fd = open(f_name, O_RDONLY)) < 0)
 			error(EXIT_FAILURE, 0, "open() fail.");
 		if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
-			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(-1));
+			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 	}
 
 	if(elf_kind(elf) != ELF_K_ELF)
@@ -92,7 +92,7 @@ main( int argc, char *argv[])
 	for(i=0; i<phnum; ++i)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
-			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(-1));
+			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 
 		if(phdr.p_type == PT_GNU_STACK)
 		{
@@ -104,10 +104,10 @@ main( int argc, char *argv[])
 
 			if(flagv && (phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
 			{
-				printf("W&X FOUND: flipping X flag ...\n");
+				printf("W&X FOUND: X flag removed\n");
 				phdr.p_flags ^= PF_X;
 				if(!gelf_update_phdr(elf, i, &phdr))
-					error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(-1));
+					error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 			}
 		}
 	}



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-05-13 12:01 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-05-13 12:01 UTC (permalink / raw
  To: gentoo-commits

commit:     4a373e637f72ade1f8aa1e6b2c912baabbb7c3d9
Author:     Anthony G. Basile <basile <AT> opensource <DOT> dyc <DOT> edu>
AuthorDate: Fri May 13 12:01:49 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri May 13 12:01:49 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=4a373e63

src/fix-gnustack.c: minor syntactic change

---
 src/fix-gnustack.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 3c12700..2ef1a5d 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -44,7 +44,8 @@ print_help(char *v)
 		"options      :     Print out protection flags on PT_GNU_STACK\n"
 		"             : -f  Remove X if WX flags are set on PT_GNU_STACK\n"
 		"             : -h  Print out this help\n",
-		basename(v), basename(v)
+		basename(v),
+		basename(v)
 	);
 
 	exit(EXIT_SUCCESS);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:11 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:11 UTC (permalink / raw
  To: gentoo-commits

commit:     d26443ff1b6cdb411dd4f7c195e4dc7824d5fcee
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:11:06 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:11:06 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d26443ff

src/paxctl-ng.c: remove create_flags option

---
 src/paxctl-ng.c |  112 ++++++++++++-------------------------------------------
 1 files changed, 24 insertions(+), 88 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 0957e36..4a099ec 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,7 +54,6 @@ print_help(char *v)
 		"             : -x  Disable RANDEXEC\t-X  Enable  RANDEXEC\n"
 		"             : -s  Disable SEGMEXEC\t-X  Enable  SEGMEXEC\n"
 		"             : -z  Default least secure\t-Z Default most secure\n"
-		"             : -C  Created PT_PAX_FLAGS program header\n"
 		"             : -h  Print out this help\n",
 		basename(v),
 		basename(v)
@@ -65,7 +64,7 @@ print_help(char *v)
 
 
 char *
-parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
+parse_cmd_args( int c, char *v[], int *pax_flags )
 {
 	int i, oc;
 
@@ -73,7 +72,6 @@ parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
 		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
 
 	*pax_flags = 0;
-	*create_flag = 0;
 	while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
 		switch(oc)
 		{
@@ -105,9 +103,6 @@ parse_cmd_args( int c, char *v[], int *pax_flags, int *create_flag )
 				break ;
 			case 'Z':
 				break;
-			case 'C':
-				*create_flag = 1;
-				break;
 			case 'h':
 				print_help(v[0]);
 				break;
@@ -139,112 +134,53 @@ no_pt_pax_flags(Elf *e)
 
 
 int
-create_pt_pax_flags(Elf *e)
-{
-	size_t i, phnum;
-	GElf_Phdr phdr;
-
-	elf_getphdrnum(e, &phnum);
-	for(i=0; i<phnum; ++i)
-	{
-		if(gelf_getphdr(e, i, &phdr) != &phdr)
-			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
-		if(phdr.p_type == PT_NULL)
-		{
-			phdr.p_type = PT_PAX_FLAGS;
-			phdr.p_flags = PF_NOEMUTRAMP|PF_NORANDEXEC;
-			if(!gelf_update_phdr(e, i, &phdr))
-				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
-			return 1;
-		}
-	}
-
-
-	/*
-	if( !(phdr = gelf_newphdr(Elf *e, size_t phnum)) )
-	{
-		phdr.p_type = PT_PAX_FLAGS;
-		//phdr.p_offset
-		//phdr.p_vaddr
-		//phdr.p_paddr
-		//phdr.p_filesz
-		//phdr.p_memsz
-		phdr.p_flags = PF_NOEMUTRAMP|PF_NORANDEXEC;
-		//phdr.p_align
-
-		if(!gelf_update_phdr(e, i, &phdr))
-			error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
-		return 1;
-	}
-		error(EXIT_FAILURE, 0, "gelf_newphdr(): %s", elf_errmsg(elf_errno()));
-	*/
-
-}
-
-
-int
 main( int argc, char *argv[])
 {
 	int fd;
-	int pax_flags, create_flag;
+	int pax_flags;
 	char *f_name;
 
 	Elf *elf;
 	GElf_Ehdr ehdr;
 
-	f_name = parse_cmd_args(argc, argv, &pax_flags, &create_flag);
+	f_name = parse_cmd_args(argc, argv, &pax_flags);
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
 		error(EXIT_FAILURE, 0, "Library out of date.");
 
-	if(create_flag)
-	{
-		if((fd = open(f_name, O_RDWR)) < 0)
-			error(EXIT_FAILURE, 0, "open() fail.");
-		if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
-			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
-	}
-	else
-	{
-		if((fd = open(f_name, O_RDONLY)) < 0)
-			error(EXIT_FAILURE, 0, "open() fail.");
-		if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
-			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
-	}
+	if((fd = open(f_name, O_RDWR)) < 0)
+		error(EXIT_FAILURE, 0, "open() fail.");
+	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 
 	if(elf_kind(elf) != ELF_K_ELF)
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
 
+	/*
+	if(gelf_getehdr(elf, &ehdr) != &ehdr)
+		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
 
+	ehdr.e_ident[EI_PAX] = 0;
+	ehdr.e_ident[EI_PAX + 1] = 0;
 
+	if(!gelf_update_ehdr(elf, &ehdr))
+		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
 
-	if(create_flag)
+	if(no_pt_pax_flags(elf))
 	{
-		//To be safe, let's make sure EI_PAX flags are zero-ed for most secure legacy
-		if(gelf_getehdr(elf, &ehdr) != &ehdr)
-			error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
-		ehdr.e_ident[EI_PAX] = 0;
-		ehdr.e_ident[EI_PAX + 1] = 0;
-
-		if(!gelf_update_ehdr(elf, &ehdr))
-			error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
-
-		if(no_pt_pax_flags(elf))
+		printf("PT_PAX_FLAGS phdr not found: creating one\n");
+		if(create_pt_pax_flags(elf))
 		{
-			printf("PT_PAX_FLAGS phdr not found: creating one\n");
-			if(create_pt_pax_flags(elf))
-			{
-				printf("PT_PAX_FLAGS phdr create: succeeded\n");
-			}
-			else
-				error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
+			printf("PT_PAX_FLAGS phdr create: succeeded\n");
 		}
 		else
-			error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
-	}	
-
+			error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
+	}
+	else
+		error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
+	}
+	*/
 
 
 	/*



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:35 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:35 UTC (permalink / raw
  To: gentoo-commits

commit:     4d1278d1d5b52aa9a0e10fd660473243269e52da
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:35:32 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:35:32 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=4d1278d1

src/paxctl-ng.c: remove create PAX_FLAGS and read flags option

---
 src/paxctl-ng.c |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4a099ec..5f33ebe 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,6 +54,7 @@ print_help(char *v)
 		"             : -x  Disable RANDEXEC\t-X  Enable  RANDEXEC\n"
 		"             : -s  Disable SEGMEXEC\t-X  Enable  SEGMEXEC\n"
 		"             : -z  Default least secure\t-Z Default most secure\n"
+		"             : -v  view the flags\n"
 		"             : -h  Print out this help\n",
 		basename(v),
 		basename(v)
@@ -69,10 +70,10 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 	int i, oc;
 
 	if((c != 2)&&(c != 3)&&(c != 4))
-		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
+		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
 
 	*pax_flags = 0;
-	while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
+	while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
 		switch(oc)
 		{
 			case 'p':
@@ -103,6 +104,9 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 				break ;
 			case 'Z':
 				break;
+			case 'v':
+				*pax_flags = -1; // Invalid flag signal read flags, not set
+				break;
 			case 'h':
 				print_help(v[0]);
 				break;
@@ -115,8 +119,11 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 }
 
 
+/*
+ * return 1 if PAX_FLAGS program header exists, 0 otherwise
+ */
 int
-no_pt_pax_flags(Elf *e)
+pt_pax_flags(Elf *e)
 {
 	size_t i, phnum;
 	GElf_Phdr phdr;
@@ -127,9 +134,9 @@ no_pt_pax_flags(Elf *e)
 		if(gelf_getphdr(e, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 		if(phdr.p_type == PT_PAX_FLAGS)
-			return 0;
+			return 1;
 	}
-	return 1;
+	return 0;
 }
 
 
@@ -150,6 +157,7 @@ main( int argc, char *argv[])
 
 	if((fd = open(f_name, O_RDWR)) < 0)
 		error(EXIT_FAILURE, 0, "open() fail.");
+
 	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
 		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-10 21:36 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-10 21:36 UTC (permalink / raw
  To: gentoo-commits

commit:     6dce7c7ae76c8f3b07e799cfbe2cef2d4952afff
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Sep 10 21:35:32 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Sep 10 21:36:22 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=6dce7c7a

src/paxctl-ng.c: remove create PAX_FLAGS and add read flags option

---
 src/paxctl-ng.c |   18 +++++++++++++-----
 1 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4a099ec..5f33ebe 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -54,6 +54,7 @@ print_help(char *v)
 		"             : -x  Disable RANDEXEC\t-X  Enable  RANDEXEC\n"
 		"             : -s  Disable SEGMEXEC\t-X  Enable  SEGMEXEC\n"
 		"             : -z  Default least secure\t-Z Default most secure\n"
+		"             : -v  view the flags\n"
 		"             : -h  Print out this help\n",
 		basename(v),
 		basename(v)
@@ -69,10 +70,10 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 	int i, oc;
 
 	if((c != 2)&&(c != 3)&&(c != 4))
-		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZC] ELFfile | [-h]}", v[0]);
+		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
 
 	*pax_flags = 0;
-	while((oc = getopt(c, v,":pPeEmMrRxXsSzZCh")) != -1)
+	while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
 		switch(oc)
 		{
 			case 'p':
@@ -103,6 +104,9 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 				break ;
 			case 'Z':
 				break;
+			case 'v':
+				*pax_flags = -1; // Invalid flag signal read flags, not set
+				break;
 			case 'h':
 				print_help(v[0]);
 				break;
@@ -115,8 +119,11 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 }
 
 
+/*
+ * return 1 if PAX_FLAGS program header exists, 0 otherwise
+ */
 int
-no_pt_pax_flags(Elf *e)
+pt_pax_flags(Elf *e)
 {
 	size_t i, phnum;
 	GElf_Phdr phdr;
@@ -127,9 +134,9 @@ no_pt_pax_flags(Elf *e)
 		if(gelf_getphdr(e, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 		if(phdr.p_type == PT_PAX_FLAGS)
-			return 0;
+			return 1;
 	}
-	return 1;
+	return 0;
 }
 
 
@@ -150,6 +157,7 @@ main( int argc, char *argv[])
 
 	if((fd = open(f_name, O_RDWR)) < 0)
 		error(EXIT_FAILURE, 0, "open() fail.");
+
 	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
 		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11  0:23 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11  0:23 UTC (permalink / raw
  To: gentoo-commits

commit:     24a916492fd0d5641f69ade39ae2f9ae2b838303
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 00:22:51 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 00:22:51 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=24a91649

src/paxctl-ng.c: added read EI/PT_PAX flags

---
 src/paxctl-ng.c |  156 ++++++++++++++++++++++++------------------------------
 1 files changed, 69 insertions(+), 87 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5f33ebe..d7c58a5 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -17,6 +17,7 @@
 */
 
 #include <stdio.h>
+#include <stdint.h>
 #include <stdlib.h>
 #include <string.h>
 #include <error.h>
@@ -31,10 +32,14 @@
 
 #include <config.h>
 
-#define EI_PAX 14 // Index in e_ident[] where to read flags - from chpax.h
+#define HF_PAX_PAGEEXEC		1
+#define HF_PAX_EMUTRAMP		2
+#define HF_PAX_MPROTECT		4
+#define HF_PAX_RANDMMAP		8
+#define HF_PAX_RANDEXEC		16
+#define HF_PAX_SEGMEXEC		32
 
-#define PRINT(E,F,I) printf("%s:\t%s\n", #E, E & F ? ( I ? "enabled" : "disabled" ) : ( I ? "disabled" : "enabled" ) );
-#define CASE(N,P) case P: printf("%d: %s\n", (int)N, #P); break
+#define EI_PAX			14   // Index to read the PaX flags into ELF header e_ident[] array
 
 
 void
@@ -65,7 +70,7 @@ print_help(char *v)
 
 
 char *
-parse_cmd_args( int c, char *v[], int *pax_flags )
+parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 {
 	int i, oc;
 
@@ -73,6 +78,7 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
 
 	*pax_flags = 0;
+	*view_flags = 0;
 	while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
 		switch(oc)
 		{
@@ -105,7 +111,7 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 			case 'Z':
 				break;
 			case 'v':
-				*pax_flags = -1; // Invalid flag signal read flags, not set
+				*view_flags = 1;
 				break;
 			case 'h':
 				print_help(v[0]);
@@ -119,24 +125,69 @@ parse_cmd_args( int c, char *v[], int *pax_flags )
 }
 
 
-/*
- * return 1 if PAX_FLAGS program header exists, 0 otherwise
- */
-int
-pt_pax_flags(Elf *e)
+#define BUF_SIZE 7
+void
+print_flags(Elf *e, GElf_Ehdr *eh)
 {
+	char ei_buf[BUF_SIZE];
+	char pt_buf[BUF_SIZE];
+	uint16_t ei_flags;
+
+	char found_pt_pax;
 	size_t i, phnum;
 	GElf_Phdr phdr;
 
+	memset(ei_buf, 0, BUF_SIZE);
+	memset(pt_buf, 0, BUF_SIZE);
+
+	ei_flags = eh->e_ident[EI_PAX] + (eh->e_ident[EI_PAX + 1] << 8);
+
+  	ei_buf[0] = ei_flags & HF_PAX_PAGEEXEC ? 'p' : 'P';
+	ei_buf[1] = ei_flags & HF_PAX_SEGMEXEC ? 's' : 'S';
+	ei_buf[2] = ei_flags & HF_PAX_MPROTECT ? 'm' : 'M';
+	ei_buf[3] = ei_flags & HF_PAX_EMUTRAMP ? 'E' : 'e';
+	ei_buf[4] = ei_flags & HF_PAX_RANDMMAP ? 'r' : 'R';
+	ei_buf[5] = ei_flags & HF_PAX_RANDEXEC ? 'X' : 'x';
+
+	printf("EI_PAX: %s\n", ei_buf);
+
+	found_pt_pax = 0;
 	elf_getphdrnum(e, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
 		if(gelf_getphdr(e, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 		if(phdr.p_type == PT_PAX_FLAGS)
-			return 1;
+		{
+			found_pt_pax = 1;
+
+			pt_buf[0] = phdr.p_flags & PF_PAGEEXEC ? 'P' :
+				phdr.p_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+
+			pt_buf[1] = phdr.p_flags & PF_SEGMEXEC   ? 'S' : 
+				phdr.p_flags & PF_NOSEGMEXEC ? 's' : '-';
+
+			pt_buf[2] = phdr.p_flags & PF_MPROTECT   ? 'M' :
+				phdr.p_flags & PF_NOMPROTECT ? 'm' : '-';
+
+			pt_buf[3] = phdr.p_flags & PF_EMUTRAMP   ? 'E' :
+				phdr.p_flags & PF_NOEMUTRAMP ? 'e' : '-';
+
+			pt_buf[4] = phdr.p_flags & PF_RANDMMAP   ? 'R' :
+				phdr.p_flags & PF_NORANDMMAP ? 'r' : '-';
+
+			pt_buf[5] = phdr.p_flags & PF_RANDEXEC   ? 'X' :
+				phdr.p_flags & PF_NORANDEXEC ? 'x' : '-';
+		}
 	}
-	return 0;
+
+	if(found_pt_pax)
+		printf("PT_PAX: %s\n", pt_buf);
+	else
+		printf("PT_PAX: not found\n");
+
+	if(strcmp(ei_buf, pt_buf))
+		printf("EI_PAX != PT_PAX\n");
 }
 
 
@@ -144,13 +195,13 @@ int
 main( int argc, char *argv[])
 {
 	int fd;
-	int pax_flags;
+	int pax_flags, view_flags;
 	char *f_name;
 
 	Elf *elf;
 	GElf_Ehdr ehdr;
 
-	f_name = parse_cmd_args(argc, argv, &pax_flags);
+	f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags);
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
 		error(EXIT_FAILURE, 0, "Library out of date.");
@@ -164,92 +215,23 @@ main( int argc, char *argv[])
 	if(elf_kind(elf) != ELF_K_ELF)
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
-
-	/*
+	// get ehdr
 	if(gelf_getehdr(elf, &ehdr) != &ehdr)
 		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
 
-	ehdr.e_ident[EI_PAX] = 0;
-	ehdr.e_ident[EI_PAX + 1] = 0;
+	if(view_flags == 1)
+		print_flags(elf, &ehdr);
 
+	/*
 	if(!gelf_update_ehdr(elf, &ehdr))
 		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
 
-	if(no_pt_pax_flags(elf))
-	{
-		printf("PT_PAX_FLAGS phdr not found: creating one\n");
-		if(create_pt_pax_flags(elf))
-		{
-			printf("PT_PAX_FLAGS phdr create: succeeded\n");
-		}
-		else
-			error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr create: failed");
-	}
-	else
-		error(EXIT_FAILURE, 0, "PT_PAX_FLAGS phdr found: nothing to do");
-	}
-	*/
-
-
-	/*
-	printf("==== EI_PAX ====\n") ;
-	PRINT(HF_PAX_PAGEEXEC, found_ei_pax, 0);
-	PRINT(HF_PAX_EMUTRAMP, found_ei_pax, 1);
-	PRINT(HF_PAX_MPROTECT, found_ei_pax, 0);
-	PRINT(HF_PAX_RANDMMAP, found_ei_pax, 0);
-	PRINT(HF_PAX_RANDEXEC, found_ei_pax, 1);
-	PRINT(HF_PAX_SEGMEXEC, found_ei_pax, 0);
-	printf("\n");
-
-
-	printf("==== PHRDs ====\n") ;
 	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 
-		switch(phdr.p_type)
-		{
-			CASE(i,PT_NULL);
-			CASE(i,PT_LOAD);
-			CASE(i,PT_DYNAMIC);
-			CASE(i,PT_INTERP);
-			CASE(i,PT_NOTE);
-			CASE(i,PT_SHLIB);
-			CASE(i,PT_PHDR);
-			CASE(i,PT_TLS);
-			CASE(i,PT_NUM);
-			CASE(i,PT_LOOS);
-			CASE(i,PT_GNU_EH_FRAME);
-			CASE(i,PT_GNU_STACK);
-			CASE(i,PT_GNU_RELRO);
-			CASE(i,PT_PAX_FLAGS);
-			CASE(i,PT_LOSUNW);
-			//CASE(i,PT_SUNWBSS);
-			CASE(i,PT_SUNWSTACK);
-			CASE(i,PT_HISUNW);
-			//CASE(i,PT_HIOS);
-			CASE(i,PT_LOPROC);
-			CASE(i,PT_HIPROC);
-		}
-
-		if(phdr.p_type == PT_PAX_FLAGS)
-		{
-			PRINT(PF_PAGEEXEC, phdr.p_flags, 1);
-			PRINT(PF_NOPAGEEXEC, phdr.p_flags, 1);
-			PRINT(PF_SEGMEXEC, phdr.p_flags, 1);
-			PRINT(PF_NOSEGMEXEC, phdr.p_flags, 1);
-			PRINT(PF_MPROTECT, phdr.p_flags, 1);
-			PRINT(PF_NOMPROTECT, phdr.p_flags, 1);
-			PRINT(PF_RANDEXEC, phdr.p_flags, 1);
-			PRINT(PF_NORANDEXEC, phdr.p_flags, 1);
-			PRINT(PF_EMUTRAMP, phdr.p_flags, 1);
-			PRINT(PF_NOEMUTRAMP, phdr.p_flags, 1);
-			PRINT(PF_RANDMMAP, phdr.p_flags, 1);
-			PRINT(PF_NORANDMMAP, phdr.p_flags, 1);
-		}
-
 		if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
 		{
 			printf("CONVERTED -> PT_NULL\n\n");



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11  1:54 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11  1:54 UTC (permalink / raw
  To: gentoo-commits

commit:     9479f0ca040e95f24da74818242850f0cf8fff29
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 01:54:00 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 01:54:00 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=9479f0ca

src/paxctl-ng.c: construct pax flags from command line

---
 src/paxctl-ng.c |   51 +++++++++++++++++++++++++++++++++++----------------
 1 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d7c58a5..c7206c3 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -50,7 +50,7 @@ print_help(char *v)
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
-		"Usage        : %s {[-pPeEmMrRxXsSzZC]  ELFfile | [-h]}\n"
+		"Usage        : %s {[-PpEeMmRrXxSsZzv]  ELFfile | [-h]}\n"
 		"options      :     Print out pax flag information\n"
 		"             : -p  Disable PAGEEXEC\t-P  Enable  PAGEEXEC\n"
 		"             : -e  Disable EMUTRAMP\t-E  Enable  EMUTRAMP\n"
@@ -74,41 +74,54 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 {
 	int i, oc;
 
-	if((c != 2)&&(c != 3)&&(c != 4))
-		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
-
 	*pax_flags = 0;
 	*view_flags = 0;
-	while((oc = getopt(c, v,":pPeEmMrRxXsSzZvh")) != -1)
+	while((oc = getopt(c, v,":PpEeMmRrXxSsZzvh")) != -1)
 		switch(oc)
 		{
+			case 'P':
+				*pax_flags |= PF_PAGEEXEC;
+				break;
 			case 'p':
+				*pax_flags |= PF_NOPAGEEXEC;
 				break ;
-			case 'P':
+			case 'S':
+				*pax_flags |= PF_SEGMEXEC;
 				break;
-			case 'e':
+			case 's':
+				*pax_flags |= PF_NOSEGMEXEC;
 				break ;
-			case 'E':
+			case 'M':
+				*pax_flags |= PF_MPROTECT;
 				break;
 			case 'm':
+				*pax_flags |= PF_NOMPROTECT;
 				break ;
-			case 'M':
+			case 'E':
+				*pax_flags |= PF_EMUTRAMP;
 				break;
-			case 'r':
+			case 'e':
+				*pax_flags |= PF_NOEMUTRAMP;
 				break ;
 			case 'R':
+				*pax_flags |= PF_RANDMMAP;
 				break;
-			case 'x':
+			case 'r':
+				*pax_flags |= PF_NORANDMMAP;
 				break ;
 			case 'X':
+				*pax_flags |= PF_RANDEXEC;
 				break;
-			case 's':
-				break ;
-			case 'S':
-				break;
-			case 'z':
+			case 'x':
+				*pax_flags |= PF_NORANDEXEC;
 				break ;
 			case 'Z':
+				*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
+					PF_NOEMUTRAMP | PF_RANDMMAP | PF_RANDEXEC;
+				break ;
+			case 'z':
+				*pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
+					PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
 				break;
 			case 'v':
 				*view_flags = 1;
@@ -121,6 +134,12 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 				error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
 		}
 
+//	if((c != 2)&&(c != 3)&&(c != 4))
+//		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+
+	if(v[optind] == NULL)
+		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+
 	return v[optind] ;
 }
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11  2:32 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11  2:32 UTC (permalink / raw
  To: gentoo-commits

commit:     b2b949773957407f80276281b3bbb927bd007ec4
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 02:32:32 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 02:32:32 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b2b94977

src/paxctl-ng.c: add constraints on command line flags

---
 src/paxctl-ng.c |   63 +++++++++++++++++++++++++++++++++++++++++-------------
 1 files changed, 48 insertions(+), 15 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index c7206c3..361e9a7 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -46,21 +46,21 @@ void
 print_help(char *v)
 {
 	printf(
+		"\n"
 		"Package Name : " PACKAGE_STRING "\n"
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
-		"Usage        : %s {[-PpEeMmRrXxSsZzv]  ELFfile | [-h]}\n"
-		"options      :     Print out pax flag information\n"
-		"             : -p  Disable PAGEEXEC\t-P  Enable  PAGEEXEC\n"
-		"             : -e  Disable EMUTRAMP\t-E  Enable  EMUTRAMP\n"
-		"             : -m  Disable MPROTECT\t-M  Enable  MPROTECT\n"
-		"             : -r  Disable RANDMMAP\t-R  Enable  RANDMMAP\n"
-		"             : -x  Disable RANDEXEC\t-X  Enable  RANDEXEC\n"
-		"             : -s  Disable SEGMEXEC\t-X  Enable  SEGMEXEC\n"
-		"             : -z  Default least secure\t-Z Default most secure\n"
-		"             : -v  view the flags\n"
-		"             : -h  Print out this help\n",
+		"Usage        : %s [-{Pp}{Ee}{Mm}{Rr}{Xx}{Ss}v ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
+		"options      : -P Enable PAGEEXEC\tor\t-p disable  PAGEEXEC\n"
+		"             : -E Enable EMUTRAMP\tor\t-e disable  EMUTRAMP\n"
+		"             : -M Enable MPROTECT\tor\t-m disable  MPROTECT\n"
+		"             : -R Enable RANDMMAP\tor\t-r disable  RANDMMAP\n"
+		"             : -X Enable RANDEXEC\tor\t-x disable  RANDEXEC\n"
+		"             : -S Enable SEGMEXEC\tor\t-s disable  SEGMEXEC\n"
+		"             : -Z Default most secure\tor\t-z Default least secure\n"
+		"             : -v view the flags\n"
+		"             : -h Print out this help\n\n",
 		basename(v),
 		basename(v)
 	);
@@ -73,6 +73,9 @@ char *
 parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 {
 	int i, oc;
+	int compat;
+
+	compat = 0;
 
 	*pax_flags = 0;
 	*view_flags = 0;
@@ -81,50 +84,65 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 		{
 			case 'P':
 				*pax_flags |= PF_PAGEEXEC;
+				compat |= 1;
 				break;
 			case 'p':
 				*pax_flags |= PF_NOPAGEEXEC;
+				compat |= 1;
 				break ;
 			case 'S':
 				*pax_flags |= PF_SEGMEXEC;
+				compat |= 1;
 				break;
 			case 's':
 				*pax_flags |= PF_NOSEGMEXEC;
+				compat |= 1;
 				break ;
 			case 'M':
 				*pax_flags |= PF_MPROTECT;
+				compat |= 1;
 				break;
 			case 'm':
 				*pax_flags |= PF_NOMPROTECT;
+				compat |= 1;
 				break ;
 			case 'E':
 				*pax_flags |= PF_EMUTRAMP;
+				compat |= 1;
 				break;
 			case 'e':
 				*pax_flags |= PF_NOEMUTRAMP;
+				compat |= 1;
 				break ;
 			case 'R':
 				*pax_flags |= PF_RANDMMAP;
+				compat |= 1;
 				break;
 			case 'r':
 				*pax_flags |= PF_NORANDMMAP;
+				compat |= 1;
 				break ;
 			case 'X':
 				*pax_flags |= PF_RANDEXEC;
+				compat |= 1;
 				break;
 			case 'x':
 				*pax_flags |= PF_NORANDEXEC;
+				compat |= 1;
 				break ;
 			case 'Z':
 				*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
 					PF_NOEMUTRAMP | PF_RANDMMAP | PF_RANDEXEC;
+				compat += 1;
 				break ;
 			case 'z':
 				*pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
 					PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
+				compat += 1;
 				break;
 			case 'v':
 				*view_flags = 1;
+				compat |= 1;
 				break;
 			case 'h':
 				print_help(v[0]);
@@ -134,11 +152,26 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 				error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
 		}
 
-//	if((c != 2)&&(c != 3)&&(c != 4))
-//		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+	if( (*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+		compat = 2;
+
+	if( (*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+		compat = 2;
+
+	if( (*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+		compat = 2;
+
+	if( (*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+		compat = 2;
+
+	if( (*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+		compat = 2;
+
+	if( (*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+		compat = 2;
 
-	if(v[optind] == NULL)
-		error(EXIT_FAILURE, 0, "Usage: %s {[-pPeEmMrRxXsSzZv] ELFfile | [-h]}", v[0]);
+	if(compat != 1 || v[optind] == NULL)
+		print_help(v[0]);
 
 	return v[optind] ;
 }



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11  3:40 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11  3:40 UTC (permalink / raw
  To: gentoo-commits

commit:     657823f4a515099433694e8a1aad7f9f2a107c23
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 03:40:44 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 03:40:44 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=657823f4

src/paxctl-ng.c: enable+disable flag means default setting

---
 src/paxctl-ng.c |  129 ++++++++++++++++++++++++++++---------------------------
 1 files changed, 66 insertions(+), 63 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 361e9a7..cbb4084 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -51,16 +51,17 @@ print_help(char *v)
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
-		"Usage        : %s [-{Pp}{Ee}{Mm}{Rr}{Xx}{Ss}v ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
-		"options      : -P Enable PAGEEXEC\tor\t-p disable  PAGEEXEC\n"
-		"             : -E Enable EMUTRAMP\tor\t-e disable  EMUTRAMP\n"
-		"             : -M Enable MPROTECT\tor\t-m disable  MPROTECT\n"
-		"             : -R Enable RANDMMAP\tor\t-r disable  RANDMMAP\n"
-		"             : -X Enable RANDEXEC\tor\t-x disable  RANDEXEC\n"
-		"             : -S Enable SEGMEXEC\tor\t-s disable  SEGMEXEC\n"
-		"             : -Z Default most secure\tor\t-z Default least secure\n"
+		"Usage        : %s [-PpEeMmRrXxSsv ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
+		"Options      : -P enable PAGEEXEC\t-p disable  PAGEEXEC\n"
+		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
+		"             : -M enable MPROTECT\t-m disable  MPROTECT\n"
+		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
+		"             : -X enable RANDEXEC\t-x disable  RANDEXEC\n"
+		"             : -S enable SEGMEXEC\t-s disable  SEGMEXEC\n"
+		"             : -Z most secure settings\t-z all default settings\n"
 		"             : -v view the flags\n"
-		"             : -h Print out this help\n\n",
+		"             : -h print out this help\n\n"
+		"Note         :  If both enabling and disabling flags are set, the default - is used\n\n",
 		basename(v),
 		basename(v)
 	);
@@ -136,8 +137,7 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 				compat += 1;
 				break ;
 			case 'z':
-				*pax_flags = PF_NOPAGEEXEC | PF_NOSEGMEXEC | PF_NOMPROTECT |
-					PF_EMUTRAMP | PF_NORANDMMAP | PF_NORANDEXEC;
+				*pax_flags = -1;
 				compat += 1;
 				break;
 			case 'v':
@@ -152,24 +152,6 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 				error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
 		}
 
-	if( (*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
-		compat = 2;
-
-	if( (*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
-		compat = 2;
-
-	if( (*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
-		compat = 2;
-
-	if( (*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
-		compat = 2;
-
-	if( (*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
-		compat = 2;
-
-	if( (*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
-		compat = 2;
-
 	if(compat != 1 || v[optind] == NULL)
 		print_help(v[0]);
 
@@ -179,20 +161,25 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 
 #define BUF_SIZE 7
 void
-print_flags(Elf *e, GElf_Ehdr *eh)
+print_flags(Elf *elf)
 {
+	GElf_Ehdr ehdr;
 	char ei_buf[BUF_SIZE];
-	char pt_buf[BUF_SIZE];
 	uint16_t ei_flags;
 
+	GElf_Phdr phdr;
+	char pt_buf[BUF_SIZE];
 	char found_pt_pax;
 	size_t i, phnum;
-	GElf_Phdr phdr;
+
 
 	memset(ei_buf, 0, BUF_SIZE);
 	memset(pt_buf, 0, BUF_SIZE);
 
-	ei_flags = eh->e_ident[EI_PAX] + (eh->e_ident[EI_PAX + 1] << 8);
+	if(gelf_getehdr(elf, &ehdr) != &ehdr)
+		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+	ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
 
   	ei_buf[0] = ei_flags & HF_PAX_PAGEEXEC ? 'p' : 'P';
 	ei_buf[1] = ei_flags & HF_PAX_SEGMEXEC ? 's' : 'S';
@@ -204,10 +191,10 @@ print_flags(Elf *e, GElf_Ehdr *eh)
 	printf("EI_PAX: %s\n", ei_buf);
 
 	found_pt_pax = 0;
-	elf_getphdrnum(e, &phnum);
+	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
-		if(gelf_getphdr(e, i, &phdr) != &phdr)
+		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 		if(phdr.p_type == PT_PAX_FLAGS)
 		{
@@ -238,8 +225,47 @@ print_flags(Elf *e, GElf_Ehdr *eh)
 	else
 		printf("PT_PAX: not found\n");
 
-	if(strcmp(ei_buf, pt_buf))
-		printf("EI_PAX != PT_PAX\n");
+	//Only compare non default flags
+	//if(strcmp(ei_buf, pt_buf))
+	//	printf("EI_PAX != PT_PAX\n");
+}
+
+
+void
+set_flags(Elf *elf)
+{
+	GElf_Ehdr ehdr;
+	char ei_buf[BUF_SIZE];
+	uint16_t ei_flags;
+
+	GElf_Phdr phdr;
+	char pt_buf[BUF_SIZE];
+	char found_pt_pax;
+	size_t i, phnum;
+
+
+	memset(ei_buf, 0, BUF_SIZE);
+	memset(pt_buf, 0, BUF_SIZE);
+
+	/*
+	if(!gelf_update_ehdr(e, &ehdr))
+		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
+
+	elf_getphdrnum(elf, &phnum);
+	for(i=0; i<phnum; ++i)
+	{
+		if(gelf_getphdr(elf, i, &phdr) != &phdr)
+			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+
+		if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
+		{
+			printf("CONVERTED -> PT_NULL\n\n");
+			phdr.p_type = PT_NULL;
+			if(!gelf_update_phdr(elf, i, &phdr))
+				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+		}
+	}
+	*/
 }
 
 
@@ -251,7 +277,6 @@ main( int argc, char *argv[])
 	char *f_name;
 
 	Elf *elf;
-	GElf_Ehdr ehdr;
 
 	f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags);
 
@@ -267,33 +292,11 @@ main( int argc, char *argv[])
 	if(elf_kind(elf) != ELF_K_ELF)
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
-	// get ehdr
-	if(gelf_getehdr(elf, &ehdr) != &ehdr)
-		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
 	if(view_flags == 1)
-		print_flags(elf, &ehdr);
+		print_flags(elf);
 
-	/*
-	if(!gelf_update_ehdr(elf, &ehdr))
-		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
-
-	elf_getphdrnum(elf, &phnum);
-	for(i=0; i<phnum; ++i)
-	{
-		if(gelf_getphdr(elf, i, &phdr) != &phdr)
-			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
-
-		if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
-		{
-			printf("CONVERTED -> PT_NULL\n\n");
-			phdr.p_type = PT_NULL;
-			if(!gelf_update_phdr(elf, i, &phdr))
-				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
-		}
-	}
-	printf("\n\n");
-	*/
+	if(pax_flags != 0)
+		set_flags(elf);
 
 	elf_end(elf);
 	close(fd);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-11 21:12 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-11 21:12 UTC (permalink / raw
  To: gentoo-commits

commit:     ee8a46401830c8ce6256b906cc831bd66a8c370c
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 11 21:12:12 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 11 21:12:12 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=ee8a4640

src/paxctl-ng.c: set EI_PAX flags

---
 src/paxctl-ng.c |   56 ++++++++++++++++++++++++++++++++++++++++++++++++------
 1 files changed, 49 insertions(+), 7 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index cbb4084..3842d08 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -232,7 +232,7 @@ print_flags(Elf *elf)
 
 
 void
-set_flags(Elf *elf)
+set_flags(Elf *elf, int *pax_flags)
 {
 	GElf_Ehdr ehdr;
 	char ei_buf[BUF_SIZE];
@@ -240,17 +240,59 @@ set_flags(Elf *elf)
 
 	GElf_Phdr phdr;
 	char pt_buf[BUF_SIZE];
+	uint16_t pt_flags;
 	char found_pt_pax;
 	size_t i, phnum;
 
-
 	memset(ei_buf, 0, BUF_SIZE);
 	memset(pt_buf, 0, BUF_SIZE);
 
-	/*
-	if(!gelf_update_ehdr(e, &ehdr))
+	if(gelf_getehdr(elf, &ehdr) != &ehdr)
+		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+	ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
+
+	if(*pax_flags & PF_PAGEEXEC)
+		ei_flags &= ~HF_PAX_PAGEEXEC;
+	if(*pax_flags & PF_NOPAGEEXEC)
+		ei_flags |= HF_PAX_PAGEEXEC;
+
+	if(*pax_flags & PF_SEGMEXEC)
+		ei_flags &= ~HF_PAX_SEGMEXEC;
+	if(*pax_flags & PF_NOSEGMEXEC)
+		ei_flags |= HF_PAX_SEGMEXEC;
+
+	if(*pax_flags & PF_MPROTECT)
+		ei_flags &= ~HF_PAX_MPROTECT;
+	if(*pax_flags & PF_NOMPROTECT)
+		ei_flags |= HF_PAX_MPROTECT;
+
+	if(*pax_flags & PF_EMUTRAMP)
+		ei_flags |= HF_PAX_EMUTRAMP;
+	if(*pax_flags & PF_NOEMUTRAMP)
+		ei_flags &= ~HF_PAX_EMUTRAMP;
+
+	if(*pax_flags & PF_RANDMMAP)
+		ei_flags &= ~HF_PAX_RANDMMAP;
+	if(*pax_flags & PF_NORANDMMAP)
+		ei_flags |= HF_PAX_RANDMMAP;
+
+	if(*pax_flags & PF_RANDEXEC)
+		ei_flags |= HF_PAX_RANDEXEC;
+	if(*pax_flags & PF_NORANDEXEC)
+		ei_flags &= ~HF_PAX_RANDEXEC;
+
+
+	if(gelf_getehdr(elf, &ehdr) != &ehdr)
+		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
+
+	ehdr.e_ident[EI_PAX] = (uint8_t)ei_flags  ;
+	ehdr.e_ident[EI_PAX + 1] = (uint8_t)(ei_flags >> 8) ;
+
+	if(!gelf_update_ehdr(elf, &ehdr))
 		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
 
+	/*
 	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
@@ -292,12 +334,12 @@ main( int argc, char *argv[])
 	if(elf_kind(elf) != ELF_K_ELF)
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
+	if(pax_flags != 0)
+		set_flags(elf, &pax_flags);
+
 	if(view_flags == 1)
 		print_flags(elf);
 
-	if(pax_flags != 0)
-		set_flags(elf);
-
 	elf_end(elf);
 	close(fd);
 }



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-18 14:20 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-18 14:20 UTC (permalink / raw
  To: gentoo-commits

commit:     d7add1d5f80d33c20b636e4cce0cdd03a5155d35
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 18 14:20:22 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 18 14:20:22 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d7add1d5

src/paxctl-ng.c: set PT_PAX flags

---
 src/paxctl-ng.c |   49 ++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 42 insertions(+), 7 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 3842d08..9d6a76e 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -53,11 +53,11 @@ print_help(char *v)
 		"Description  : Get or set pax flags on an ELF object\n\n"
 		"Usage        : %s [-PpEeMmRrXxSsv ELF] | [-Z ELF] | [-z ELF] | [-h]\n\n"
 		"Options      : -P enable PAGEEXEC\t-p disable  PAGEEXEC\n"
-		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
+		"             : -S enable SEGMEXEC\t-s disable  SEGMEXEC\n"
 		"             : -M enable MPROTECT\t-m disable  MPROTECT\n"
+		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
 		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
 		"             : -X enable RANDEXEC\t-x disable  RANDEXEC\n"
-		"             : -S enable SEGMEXEC\t-s disable  SEGMEXEC\n"
 		"             : -Z most secure settings\t-z all default settings\n"
 		"             : -v view the flags\n"
 		"             : -h print out this help\n\n"
@@ -292,22 +292,57 @@ set_flags(Elf *elf, int *pax_flags)
 	if(!gelf_update_ehdr(elf, &ehdr))
 		error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
 
-	/*
 	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 
-		if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
+		if(phdr.p_type == PT_PAX_FLAGS)
 		{
-			printf("CONVERTED -> PT_NULL\n\n");
-			phdr.p_type = PT_NULL;
+			//Take and Pp flags and conver them to -
+			if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+			{
+				*pax_flags ^= PF_PAGEEXEC;
+				*pax_flags ^= PF_NOPAGEEXEC;
+			}
+
+			if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+			{
+				*pax_flags ^= PF_SEGMEXEC;
+				*pax_flags ^= PF_NOSEGMEXEC;
+			}
+
+			if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+			{
+				*pax_flags ^= PF_MPROTECT;
+				*pax_flags ^= PF_NOMPROTECT;
+			}
+
+			if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+			{
+				*pax_flags ^= PF_EMUTRAMP;
+				*pax_flags ^= PF_NOEMUTRAMP;
+			}
+
+			if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+			{
+				*pax_flags ^= PF_RANDMMAP;
+				*pax_flags ^= PF_NORANDMMAP;
+			}
+
+			if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+			{
+				*pax_flags ^= PF_RANDEXEC;
+				*pax_flags ^= PF_NORANDEXEC;
+			}
+
+			phdr.p_flags = *pax_flags ;
+
 			if(!gelf_update_phdr(elf, i, &phdr))
 				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 		}
 	}
-	*/
 }
 
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-18 22:48 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-18 22:48 UTC (permalink / raw
  To: gentoo-commits

commit:     de1da3fd4db48fe47b81be2bbdc7ad66ac609105
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Sep 18 22:48:10 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Sep 18 22:48:10 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=de1da3fd

src/paxctl-ng.c: fix EI_PAX when -Pp etc is given

---
 src/fix-gnustack.c |    2 +-
 src/paxctl-ng.c    |   16 +++++++++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 6ca7d5b..93aab1c 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -40,7 +40,7 @@ print_help(char *v)
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Check for, or conditionally remove, executable flag from PT_GNU_STACK\n\n"
-		"Usage        : %s {[-f] ELF | [-h]}\n"
+		"Usage        : %s [-f] ELF | [-h]\n"
 		"options      :     Print out protection flags on PT_GNU_STACK\n"
 		"             : -f  Remove X if WX flags are set on PT_GNU_STACK\n"
 		"             : -h  Print out this help\n",

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 9d6a76e..fd04dec 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -137,7 +137,9 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 				compat += 1;
 				break ;
 			case 'z':
-				*pax_flags = -1;
+				*pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
+					PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
+					PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
 				compat += 1;
 				break;
 			case 'v':
@@ -256,31 +258,43 @@ set_flags(Elf *elf, int *pax_flags)
 		ei_flags &= ~HF_PAX_PAGEEXEC;
 	if(*pax_flags & PF_NOPAGEEXEC)
 		ei_flags |= HF_PAX_PAGEEXEC;
+	if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
+		ei_flags &= ~HF_PAX_PAGEEXEC;
 
 	if(*pax_flags & PF_SEGMEXEC)
 		ei_flags &= ~HF_PAX_SEGMEXEC;
 	if(*pax_flags & PF_NOSEGMEXEC)
 		ei_flags |= HF_PAX_SEGMEXEC;
+	if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
+		ei_flags &= ~HF_PAX_SEGMEXEC;
 
 	if(*pax_flags & PF_MPROTECT)
 		ei_flags &= ~HF_PAX_MPROTECT;
 	if(*pax_flags & PF_NOMPROTECT)
 		ei_flags |= HF_PAX_MPROTECT;
+	if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
+		ei_flags &= ~HF_PAX_MPROTECT;
 
 	if(*pax_flags & PF_EMUTRAMP)
 		ei_flags |= HF_PAX_EMUTRAMP;
 	if(*pax_flags & PF_NOEMUTRAMP)
 		ei_flags &= ~HF_PAX_EMUTRAMP;
+	if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
+		ei_flags &= ~HF_PAX_EMUTRAMP;
 
 	if(*pax_flags & PF_RANDMMAP)
 		ei_flags &= ~HF_PAX_RANDMMAP;
 	if(*pax_flags & PF_NORANDMMAP)
 		ei_flags |= HF_PAX_RANDMMAP;
+	if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
+		ei_flags &= ~HF_PAX_RANDMMAP;
 
 	if(*pax_flags & PF_RANDEXEC)
 		ei_flags |= HF_PAX_RANDEXEC;
 	if(*pax_flags & PF_NORANDEXEC)
 		ei_flags &= ~HF_PAX_RANDEXEC;
+	if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
+		ei_flags |= HF_PAX_RANDEXEC;
 
 
 	if(gelf_getehdr(elf, &ehdr) != &ehdr)



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 17:30 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 17:30 UTC (permalink / raw
  To: gentoo-commits

commit:     61095593e9476fa959646c1ecb5de47205a1ff09
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 17:29:53 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 17:29:53 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=61095593

src/paxctl-ng.c: remove redundand call to gelf_getehdr

---
 src/paxctl-ng.c |    3 ---
 1 files changed, 0 insertions(+), 3 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index fd04dec..fea0832 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -297,9 +297,6 @@ set_flags(Elf *elf, int *pax_flags)
 		ei_flags |= HF_PAX_RANDEXEC;
 
 
-	if(gelf_getehdr(elf, &ehdr) != &ehdr)
-		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
-
 	ehdr.e_ident[EI_PAX] = (uint8_t)ei_flags  ;
 	ehdr.e_ident[EI_PAX + 1] = (uint8_t)(ei_flags >> 8) ;
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 17:58 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 17:58 UTC (permalink / raw
  To: gentoo-commits

commit:     83957c336a4cff7d5a8278f21b47b5486d968041
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 17:57:55 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 17:57:55 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=83957c33

src/paxctl-ng.c: fix PT_PAX flag setting

---
 src/paxctl-ng.c |   99 ++++++++++++++++++++++++++++++++++++++++++++++--------
 1 files changed, 84 insertions(+), 15 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index fea0832..c565ffa 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -254,6 +254,7 @@ set_flags(Elf *elf, int *pax_flags)
 
 	ei_flags = ehdr.e_ident[EI_PAX] + (ehdr.e_ident[EI_PAX + 1] << 8);
 
+	//PAGEEXEC
 	if(*pax_flags & PF_PAGEEXEC)
 		ei_flags &= ~HF_PAX_PAGEEXEC;
 	if(*pax_flags & PF_NOPAGEEXEC)
@@ -261,6 +262,7 @@ set_flags(Elf *elf, int *pax_flags)
 	if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
 		ei_flags &= ~HF_PAX_PAGEEXEC;
 
+	//SEGMEXEC
 	if(*pax_flags & PF_SEGMEXEC)
 		ei_flags &= ~HF_PAX_SEGMEXEC;
 	if(*pax_flags & PF_NOSEGMEXEC)
@@ -268,6 +270,7 @@ set_flags(Elf *elf, int *pax_flags)
 	if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
 		ei_flags &= ~HF_PAX_SEGMEXEC;
 
+	//MPROTECT
 	if(*pax_flags & PF_MPROTECT)
 		ei_flags &= ~HF_PAX_MPROTECT;
 	if(*pax_flags & PF_NOMPROTECT)
@@ -275,6 +278,7 @@ set_flags(Elf *elf, int *pax_flags)
 	if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
 		ei_flags &= ~HF_PAX_MPROTECT;
 
+	//EMUTRAMP
 	if(*pax_flags & PF_EMUTRAMP)
 		ei_flags |= HF_PAX_EMUTRAMP;
 	if(*pax_flags & PF_NOEMUTRAMP)
@@ -282,6 +286,7 @@ set_flags(Elf *elf, int *pax_flags)
 	if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
 		ei_flags &= ~HF_PAX_EMUTRAMP;
 
+	//RANDMMAP
 	if(*pax_flags & PF_RANDMMAP)
 		ei_flags &= ~HF_PAX_RANDMMAP;
 	if(*pax_flags & PF_NORANDMMAP)
@@ -289,6 +294,7 @@ set_flags(Elf *elf, int *pax_flags)
 	if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
 		ei_flags &= ~HF_PAX_RANDMMAP;
 
+	//RANDEXEC
 	if(*pax_flags & PF_RANDEXEC)
 		ei_flags |= HF_PAX_RANDEXEC;
 	if(*pax_flags & PF_NORANDEXEC)
@@ -311,45 +317,108 @@ set_flags(Elf *elf, int *pax_flags)
 
 		if(phdr.p_type == PT_PAX_FLAGS)
 		{
-			//Take and Pp flags and conver them to -
+			//PAGEEXEC
+			if(*pax_flags & PF_PAGEEXEC)
+			{
+				phdr.p_flags |= PF_PAGEEXEC;
+				phdr.p_flags &= ~PF_NOPAGEEXEC;
+			}
+			if(*pax_flags & PF_NOPAGEEXEC)
+			{
+				phdr.p_flags &= ~PF_PAGEEXEC;
+				phdr.p_flags |= PF_NOPAGEEXEC;
+			}
 			if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
 			{
-				*pax_flags ^= PF_PAGEEXEC;
-				*pax_flags ^= PF_NOPAGEEXEC;
+				phdr.p_flags &= ~PF_PAGEEXEC;
+				phdr.p_flags &= ~PF_NOPAGEEXEC;
 			}
 
+			//SEGMEXEC
+			if(*pax_flags & PF_SEGMEXEC)
+			{
+				phdr.p_flags |= PF_SEGMEXEC;
+				phdr.p_flags &= ~PF_NOSEGMEXEC;
+			}
+			if(*pax_flags & PF_NOSEGMEXEC)
+			{
+				phdr.p_flags &= ~PF_SEGMEXEC;
+				phdr.p_flags |= PF_NOSEGMEXEC;
+			}
 			if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
 			{
-				*pax_flags ^= PF_SEGMEXEC;
-				*pax_flags ^= PF_NOSEGMEXEC;
+				phdr.p_flags &= ~PF_SEGMEXEC;
+				phdr.p_flags &= ~PF_NOSEGMEXEC;
 			}
 
+			//MPROTECT
+			if(*pax_flags & PF_MPROTECT)
+			{
+				phdr.p_flags |= PF_MPROTECT;
+				phdr.p_flags &= ~PF_NOMPROTECT;
+			}
+			if(*pax_flags & PF_NOMPROTECT)
+			{
+				phdr.p_flags &= ~PF_MPROTECT;
+				phdr.p_flags |= PF_NOMPROTECT;
+			}
 			if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
 			{
-				*pax_flags ^= PF_MPROTECT;
-				*pax_flags ^= PF_NOMPROTECT;
+				phdr.p_flags &= ~PF_MPROTECT;
+				phdr.p_flags &= ~PF_NOMPROTECT;
 			}
 
+			//EMUTRAMP
+			if(*pax_flags & PF_EMUTRAMP)
+			{
+				phdr.p_flags |= PF_EMUTRAMP;
+				phdr.p_flags &= ~PF_NOEMUTRAMP;
+			}
+			if(*pax_flags & PF_NOEMUTRAMP)
+			{
+				phdr.p_flags &= ~PF_EMUTRAMP;
+				phdr.p_flags |= PF_NOEMUTRAMP;
+			}
 			if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
 			{
-				*pax_flags ^= PF_EMUTRAMP;
-				*pax_flags ^= PF_NOEMUTRAMP;
+				phdr.p_flags &= ~PF_EMUTRAMP;
+				phdr.p_flags &= ~PF_NOEMUTRAMP;
 			}
 
+			//RANDMMAP
+			if(*pax_flags & PF_RANDMMAP)
+			{
+				phdr.p_flags |= PF_RANDMMAP;
+				phdr.p_flags &= ~PF_NORANDMMAP;
+			}
+			if(*pax_flags & PF_NORANDMMAP)
+			{
+				phdr.p_flags &= ~PF_RANDMMAP;
+				phdr.p_flags |= PF_NORANDMMAP;
+			}
 			if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
 			{
-				*pax_flags ^= PF_RANDMMAP;
-				*pax_flags ^= PF_NORANDMMAP;
+				phdr.p_flags &= ~PF_RANDMMAP;
+				phdr.p_flags &= ~PF_NORANDMMAP;
 			}
 
+			//RANDEXEC
+			if(*pax_flags & PF_RANDEXEC)
+			{
+				phdr.p_flags |= PF_RANDEXEC;
+				phdr.p_flags &= ~PF_NORANDEXEC;
+			}
+			if(*pax_flags & PF_NORANDEXEC)
+			{
+				phdr.p_flags &= ~PF_RANDEXEC;
+				phdr.p_flags |= PF_NORANDEXEC;
+			}
 			if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
 			{
-				*pax_flags ^= PF_RANDEXEC;
-				*pax_flags ^= PF_NORANDEXEC;
+				phdr.p_flags &= ~PF_RANDEXEC;
+				phdr.p_flags &= ~PF_NORANDEXEC;
 			}
 
-			phdr.p_flags = *pax_flags ;
-
 			if(!gelf_update_phdr(elf, i, &phdr))
 				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 		}



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-09-27 18:49 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-09-27 18:49 UTC (permalink / raw
  To: gentoo-commits

commit:     0eec768701b0087fb489a532cb28889280f2509a
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Sep 27 18:49:37 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Sep 27 18:49:37 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=0eec7687

src/paxctl-ng.c: removed unused ei_buf[] and pt_buf[]

---
 src/paxctl-ng.c |    7 -------
 1 files changed, 0 insertions(+), 7 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index c565ffa..5d92d58 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -237,18 +237,11 @@ void
 set_flags(Elf *elf, int *pax_flags)
 {
 	GElf_Ehdr ehdr;
-	char ei_buf[BUF_SIZE];
 	uint16_t ei_flags;
 
 	GElf_Phdr phdr;
-	char pt_buf[BUF_SIZE];
-	uint16_t pt_flags;
-	char found_pt_pax;
 	size_t i, phnum;
 
-	memset(ei_buf, 0, BUF_SIZE);
-	memset(pt_buf, 0, BUF_SIZE);
-
 	if(gelf_getehdr(elf, &ehdr) != &ehdr)
 		error(EXIT_FAILURE, 0, "gelf_getehdr(): %s", elf_errmsg(elf_errno()));
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-10-18 22:48 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-10-18 22:48 UTC (permalink / raw
  To: gentoo-commits

commit:     e51a1cb0fe4635751e74683f43b0093049700b97
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Oct 18 22:48:33 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Oct 18 22:48:33 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=e51a1cb0

src/paxctl-ng.c: add XT_PAX flag support

---
 src/paxctl-ng.c |  375 ++++++++++++++++++++++++++++++++++++-------------------
 1 files changed, 246 insertions(+), 129 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 9114d4e..f5d9048 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -24,6 +24,7 @@
 #include <libgen.h>
 
 #include <gelf.h>
+#include <attr/xattr.h>
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -32,6 +33,10 @@
 
 #include <config.h>
 
+
+#define PAX_NAMESPACE	"trusted.pax"
+#define BUF_SIZE	7
+
 void
 print_help(char *v)
 {
@@ -61,7 +66,7 @@ print_help(char *v)
 
 
 char *
-parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
+parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
 {
 	int i, oc;
 	int compat;
@@ -151,174 +156,285 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags)
 }
 
 
-#define BUF_SIZE 7
-
-void
-print_flags(Elf *elf)
+uint16_t
+read_pt_flags(Elf *elf)
 {
 	GElf_Phdr phdr;
-	char pt_buf[BUF_SIZE];
-	char found_pt_pax;
 	size_t i, phnum;
 
-	memset(pt_buf, 0, BUF_SIZE);
+	uint16_t pt_flags;
+	char found_pt_pax;
 
 	found_pt_pax = 0;
 	elf_getphdrnum(elf, &phnum);
-	for(i=0; i<phnum; ++i)
+
+	for(i=0; i<phnum; i++)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+
 		if(phdr.p_type == PT_PAX_FLAGS)
 		{
 			found_pt_pax = 1;
+			pt_flags = phdr.p_flags;
+		}
+	}
 
-			pt_buf[0] = phdr.p_flags & PF_PAGEEXEC ? 'P' :
-				phdr.p_flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+	if(!found_pt_pax)
+	{
+		printf("PT_PAX: not found\n");
+		pt_flags = UINT16_MAX;
+	}
 
-			pt_buf[1] = phdr.p_flags & PF_SEGMEXEC   ? 'S' : 
-				phdr.p_flags & PF_NOSEGMEXEC ? 's' : '-';
+	return pt_flags;
+}
 
-			pt_buf[2] = phdr.p_flags & PF_MPROTECT   ? 'M' :
-				phdr.p_flags & PF_NOMPROTECT ? 'm' : '-';
 
-			pt_buf[3] = phdr.p_flags & PF_EMUTRAMP   ? 'E' :
-				phdr.p_flags & PF_NOEMUTRAMP ? 'e' : '-';
+uint16_t
+read_xt_flags(int fd)
+{
+	uint16_t xt_flags;
 
-			pt_buf[4] = phdr.p_flags & PF_RANDMMAP   ? 'R' :
-				phdr.p_flags & PF_NORANDMMAP ? 'r' : '-';
+	if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1)
+	{
 
-			pt_buf[5] = phdr.p_flags & PF_RANDEXEC   ? 'X' :
-				phdr.p_flags & PF_NORANDEXEC ? 'x' : '-';
+		// ERANGE  = xattrs supported, PAX_NAMESPACE present, but wrong size
+		// ENOATTR = xattrs supported, PAX_NAMESPACE not present
+		if(errno == ERANGE || errno == ENOATTR)
+		{
+			printf("XT_PAX: creating/repairing flags\n");
+			xt_flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+			if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
+			{
+				if(errno == ENOSPC || errno == EDQUOT)
+					printf("XT_PAX: access error\n");
+				if(errno == ENOTSUP)
+					printf("XT_PAX: not supported\n");
+			}
+		}
+
+		// ENOTSUP = xattrs not supported
+		if(errno == ENOTSUP)
+		{
+			xt_flags = UINT16_MAX; //invalid value
+			printf("XT_PAX: not supported\n");
 		}
 	}
 
-	if(found_pt_pax)
-		printf("PT_PAX: %s\n", pt_buf);
-	else
-		printf("PT_PAX: not found\n");
+	return xt_flags;
+}
+
+
+void
+bin2string(uint16_t flags, char *buf)
+{
+	buf[0] = flags & PF_PAGEEXEC ? 'P' :
+		flags & PF_NOPAGEEXEC ? 'p' : '-' ;
+
+	buf[1] = flags & PF_SEGMEXEC   ? 'S' : 
+		flags & PF_NOSEGMEXEC ? 's' : '-';
+
+	buf[2] = flags & PF_MPROTECT   ? 'M' :
+		flags & PF_NOMPROTECT ? 'm' : '-';
+
+	buf[3] = flags & PF_EMUTRAMP   ? 'E' :
+		flags & PF_NOEMUTRAMP ? 'e' : '-';
+
+	buf[4] = flags & PF_RANDMMAP   ? 'R' :
+		flags & PF_NORANDMMAP ? 'r' : '-';
+
+	buf[5] = flags & PF_RANDEXEC   ? 'X' :
+		flags & PF_NORANDEXEC ? 'x' : '-';
+}
+
+
+void
+print_flags(int fd, Elf *elf)
+{
+	uint16_t flags;
+	char buf[BUF_SIZE];
+
+	flags = read_pt_flags(elf);
+	if( flags != UINT16_MAX )
+	{
+		memset(buf, 0, BUF_SIZE);
+		bin2string(flags, buf);
+		printf("PT_PAX: %s\n", buf);
+	}
+
+	flags = read_xt_flags(fd);
+	if( flags != UINT16_MAX )
+	{
+		memset(buf, 0, BUF_SIZE);
+		bin2string(flags, buf);
+		printf("XT_PAX: %s\n", buf);
+	}
+}
+
+
+
+uint16_t
+new_flags(uint16_t flags, uint16_t pax_flags)
+{
+	//PAGEEXEC
+	if(pax_flags & PF_PAGEEXEC)
+	{
+		flags |= PF_PAGEEXEC;
+		flags &= ~PF_NOPAGEEXEC;
+	}
+	if(pax_flags & PF_NOPAGEEXEC)
+	{
+		flags &= ~PF_PAGEEXEC;
+		flags |= PF_NOPAGEEXEC;
+	}
+	if((pax_flags & PF_PAGEEXEC) && (pax_flags & PF_NOPAGEEXEC))
+	{
+		flags &= ~PF_PAGEEXEC;
+		flags &= ~PF_NOPAGEEXEC;
+	}
+
+	//SEGMEXEC
+	if(pax_flags & PF_SEGMEXEC)
+	{
+		flags |= PF_SEGMEXEC;
+		flags &= ~PF_NOSEGMEXEC;
+	}
+	if(pax_flags & PF_NOSEGMEXEC)
+	{
+		flags &= ~PF_SEGMEXEC;
+		flags |= PF_NOSEGMEXEC;
+	}
+	if((pax_flags & PF_SEGMEXEC) && (pax_flags & PF_NOSEGMEXEC))
+	{
+		flags &= ~PF_SEGMEXEC;
+		flags &= ~PF_NOSEGMEXEC;
+	}
+
+	//MPROTECT
+	if(pax_flags & PF_MPROTECT)
+	{
+		flags |= PF_MPROTECT;
+		flags &= ~PF_NOMPROTECT;
+	}
+	if(pax_flags & PF_NOMPROTECT)
+	{
+		flags &= ~PF_MPROTECT;
+		flags |= PF_NOMPROTECT;
+	}
+	if((pax_flags & PF_MPROTECT) && (pax_flags & PF_NOMPROTECT))
+	{
+		flags &= ~PF_MPROTECT;
+		flags &= ~PF_NOMPROTECT;
+	}
+
+	//EMUTRAMP
+	if(pax_flags & PF_EMUTRAMP)
+	{
+		flags |= PF_EMUTRAMP;
+		flags &= ~PF_NOEMUTRAMP;
+	}
+	if(pax_flags & PF_NOEMUTRAMP)
+	{
+		flags &= ~PF_EMUTRAMP;
+		flags |= PF_NOEMUTRAMP;
+	}
+	if((pax_flags & PF_EMUTRAMP) && (pax_flags & PF_NOEMUTRAMP))
+	{
+		flags &= ~PF_EMUTRAMP;
+		flags &= ~PF_NOEMUTRAMP;
+	}
+
+	//RANDMMAP
+	if(pax_flags & PF_RANDMMAP)
+	{
+		flags |= PF_RANDMMAP;
+		flags &= ~PF_NORANDMMAP;
+	}
+	if(pax_flags & PF_NORANDMMAP)
+	{
+		flags &= ~PF_RANDMMAP;
+		flags |= PF_NORANDMMAP;
+	}
+	if((pax_flags & PF_RANDMMAP) && (pax_flags & PF_NORANDMMAP))
+	{
+		flags &= ~PF_RANDMMAP;
+		flags &= ~PF_NORANDMMAP;
+	}
+
+	//RANDEXEC
+	if(pax_flags & PF_RANDEXEC)
+	{
+		flags |= PF_RANDEXEC;
+		flags &= ~PF_NORANDEXEC;
+	}
+	if(pax_flags & PF_NORANDEXEC)
+	{
+		flags &= ~PF_RANDEXEC;
+		flags |= PF_NORANDEXEC;
+	}
+	if((pax_flags & PF_RANDEXEC) && (pax_flags & PF_NORANDEXEC))
+	{
+		flags &= ~PF_RANDEXEC;
+		flags &= ~PF_NORANDEXEC;
+	}
+
+	return flags;
 }
 
 
 void
-set_flags(Elf *elf, int *pax_flags)
+set_pt_flags(Elf *elf, uint16_t pt_flags)
 {
 	GElf_Phdr phdr;
 	size_t i, phnum;
 
 	elf_getphdrnum(elf, &phnum);
-	for(i=0; i<phnum; ++i)
+
+	for(i=0; i<phnum; i++)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 
 		if(phdr.p_type == PT_PAX_FLAGS)
 		{
-			//PAGEEXEC
-			if(*pax_flags & PF_PAGEEXEC)
-			{
-				phdr.p_flags |= PF_PAGEEXEC;
-				phdr.p_flags &= ~PF_NOPAGEEXEC;
-			}
-			if(*pax_flags & PF_NOPAGEEXEC)
-			{
-				phdr.p_flags &= ~PF_PAGEEXEC;
-				phdr.p_flags |= PF_NOPAGEEXEC;
-			}
-			if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC))
-			{
-				phdr.p_flags &= ~PF_PAGEEXEC;
-				phdr.p_flags &= ~PF_NOPAGEEXEC;
-			}
+			phdr.p_flags = pt_flags;
+			if(!gelf_update_phdr(elf, i, &phdr))
+				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+		}
+	}
+}
 
-			//SEGMEXEC
-			if(*pax_flags & PF_SEGMEXEC)
-			{
-				phdr.p_flags |= PF_SEGMEXEC;
-				phdr.p_flags &= ~PF_NOSEGMEXEC;
-			}
-			if(*pax_flags & PF_NOSEGMEXEC)
-			{
-				phdr.p_flags &= ~PF_SEGMEXEC;
-				phdr.p_flags |= PF_NOSEGMEXEC;
-			}
-			if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC))
-			{
-				phdr.p_flags &= ~PF_SEGMEXEC;
-				phdr.p_flags &= ~PF_NOSEGMEXEC;
-			}
 
-			//MPROTECT
-			if(*pax_flags & PF_MPROTECT)
-			{
-				phdr.p_flags |= PF_MPROTECT;
-				phdr.p_flags &= ~PF_NOMPROTECT;
-			}
-			if(*pax_flags & PF_NOMPROTECT)
-			{
-				phdr.p_flags &= ~PF_MPROTECT;
-				phdr.p_flags |= PF_NOMPROTECT;
-			}
-			if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT))
-			{
-				phdr.p_flags &= ~PF_MPROTECT;
-				phdr.p_flags &= ~PF_NOMPROTECT;
-			}
+void
+set_xt_flags(int fd, uint16_t xt_flags)
+{
+	if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1)
+	{
+		if(errno == ENOSPC || errno == EDQUOT)
+			printf("XT_PAX: access error\n");
+		if(errno == ENOTSUP)
+			printf("XT_PAX: not supported\n");
+	}
+}
 
-			//EMUTRAMP
-			if(*pax_flags & PF_EMUTRAMP)
-			{
-				phdr.p_flags |= PF_EMUTRAMP;
-				phdr.p_flags &= ~PF_NOEMUTRAMP;
-			}
-			if(*pax_flags & PF_NOEMUTRAMP)
-			{
-				phdr.p_flags &= ~PF_EMUTRAMP;
-				phdr.p_flags |= PF_NOEMUTRAMP;
-			}
-			if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP))
-			{
-				phdr.p_flags &= ~PF_EMUTRAMP;
-				phdr.p_flags &= ~PF_NOEMUTRAMP;
-			}
 
-			//RANDMMAP
-			if(*pax_flags & PF_RANDMMAP)
-			{
-				phdr.p_flags |= PF_RANDMMAP;
-				phdr.p_flags &= ~PF_NORANDMMAP;
-			}
-			if(*pax_flags & PF_NORANDMMAP)
-			{
-				phdr.p_flags &= ~PF_RANDMMAP;
-				phdr.p_flags |= PF_NORANDMMAP;
-			}
-			if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP))
-			{
-				phdr.p_flags &= ~PF_RANDMMAP;
-				phdr.p_flags &= ~PF_NORANDMMAP;
-			}
+void
+set_flags(int fd, Elf *elf, uint16_t *pax_flags)
+{
+	uint16_t flags;
 
-			//RANDEXEC
-			if(*pax_flags & PF_RANDEXEC)
-			{
-				phdr.p_flags |= PF_RANDEXEC;
-				phdr.p_flags &= ~PF_NORANDEXEC;
-			}
-			if(*pax_flags & PF_NORANDEXEC)
-			{
-				phdr.p_flags &= ~PF_RANDEXEC;
-				phdr.p_flags |= PF_NORANDEXEC;
-			}
-			if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC))
-			{
-				phdr.p_flags &= ~PF_RANDEXEC;
-				phdr.p_flags &= ~PF_NORANDEXEC;
-			}
+	flags = read_pt_flags(elf);
+	if( flags != UINT16_MAX )
+	{
+		flags = new_flags( flags, *pax_flags);
+		set_pt_flags(elf, flags);
+	}
 
-			if(!gelf_update_phdr(elf, i, &phdr))
-				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
-		}
+	flags = read_xt_flags(fd);
+	if( flags != UINT16_MAX )
+	{
+		flags = new_flags( flags, *pax_flags);
+		set_xt_flags(fd, flags);
 	}
 }
 
@@ -327,7 +443,8 @@ int
 main( int argc, char *argv[])
 {
 	int fd;
-	int pax_flags, view_flags;
+	uint16_t pax_flags;
+	int view_flags;
 	char *f_name;
 
 	Elf *elf;
@@ -347,10 +464,10 @@ main( int argc, char *argv[])
 		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
 
 	if(pax_flags != 0)
-		set_flags(elf, &pax_flags);
+		set_flags(fd, elf, &pax_flags);
 
 	if(view_flags == 1)
-		print_flags(elf);
+		print_flags(fd, elf);
 
 	elf_end(elf);
 	close(fd);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-10-22 19:51 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-10-22 19:51 UTC (permalink / raw
  To: gentoo-commits

commit:     3756d21245b0876cd7cae0252df1a87e2b1a0cdc
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Oct 22 19:51:25 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Oct 22 19:51:25 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=3756d212

src/paxctl-ng.c: create and copy XT_PAX flags

---
 src/paxctl-ng.c |   49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 files changed, 46 insertions(+), 3 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index b77b6f8..2b0946a 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -74,7 +74,7 @@ print_help(char *v)
 
 
 char *
-parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
+parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_flags)
 {
 	int i, oc;
 	int compat, solitaire;
@@ -83,6 +83,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
 	solitaire = 0;
 	*pax_flags = 0;
 	*view_flags = 0;
+	*cp_flags = 0; 
 	while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
 		switch(oc)
 		{
@@ -147,15 +148,19 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags)
 				break;
 			case 'C':
 				solitaire += 1;
+				*cp_flags = 1;
 				break;
 			case 'c':
 				solitaire += 1;
+				*cp_flags = 2;
 				break;
 			case 'F':
 				solitaire += 1;
+				*cp_flags = 3;
 				break;
 			case 'f':
 				solitaire += 1;
+				*cp_flags = 4;
 				break;
 			case 'v':
 				*view_flags = 1;
@@ -464,19 +469,57 @@ set_flags(int fd, uint16_t *pax_flags)
 }
 
 
+void
+create_xt_flag(fd, cp_flags)
+{
+	uint16_t xt_flags;
+
+	if(cp_flags == 1)
+		xt_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
+			PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+	else if(cp_flags == 2)
+		xt_flags = 0;
+
+	fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_CREATE);
+}
+
+
+void
+copy_xt_flag(fd, cp_flags)
+{
+	uint16_t flags;
+	if(cp_flags == 3)
+	{
+		flags = get_pt_flags(fd);
+		set_xt_flags(fd, flags);
+	}
+	else if(cp_flags == 4)
+	{
+		flags = get_xt_flags(fd);
+		set_pt_flags(fd, flags);
+	}
+}
+
+
 int
 main( int argc, char *argv[])
 {
 	const char *f_name;
 	int fd;
 	uint16_t flags;
-	int view_flags;
+	int view_flags, cp_flags;
 
-	f_name = parse_cmd_args(argc, argv, &flags, &view_flags);
+	f_name = parse_cmd_args(argc, argv, &flags, &view_flags, &cp_flags);
 
 	if((fd = open(f_name, O_RDWR)) < 0)
 		error(EXIT_FAILURE, 0, "open() fail.");
 
+	if(cp_flags == 1 || cp_flags == 2)
+		create_xt_flag(fd, cp_flags);
+
+	if(cp_flags == 3 || cp_flags == 4)
+		copy_xt_flag(fd, cp_flags);
+
 	if(flags != 1)
 		set_flags(fd, &flags);
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 12:33 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 12:33 UTC (permalink / raw
  To: gentoo-commits

commit:     d632f1a385d1295c5bdb25cdc0a3e6a31d01e7a9
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 12:32:54 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov  3 12:32:54 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=d632f1a3

src/paxctl-ng.c: #defined values for cp_flags

---
 src/paxctl-ng.c |   27 +++++++++++++++++----------
 1 files changed, 17 insertions(+), 10 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d3ddb2f..94dea09 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -37,6 +37,11 @@
 #define PAX_NAMESPACE	"user.pax"
 #define BUF_SIZE	7
 
+#define CREATE_XT_FLAGS_SECURE		1
+#define CREATE_XT_FLAGS_DEFAULT		2
+#define COPY_PT_TO_XT_FLAGS		3
+#define COPY_XT_TO_PT_FLAGS		4
+
 void
 print_help(char *v)
 {
@@ -85,6 +90,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 	*view_flags = 0;
 	*cp_flags = 0; 
 	while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+	{
 		switch(oc)
 		{
 			case 'P':
@@ -148,19 +154,19 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 				break;
 			case 'C':
 				solitaire += 1;
-				*cp_flags = 1;
+				*cp_flags = CREATE_XT_FLAGS_SECURE;
 				break;
 			case 'c':
 				solitaire += 1;
-				*cp_flags = 2;
+				*cp_flags = CREATE_XT_FLAGS_DEFAULT;
 				break;
 			case 'F':
 				solitaire += 1;
-				*cp_flags = 3;
+				*cp_flags = COPY_PT_TO_XT_FLAGS;
 				break;
 			case 'f':
 				solitaire += 1;
-				*cp_flags = 4;
+				*cp_flags = COPY_XT_TO_PT_FLAGS;
 				break;
 			case 'v':
 				*view_flags = 1;
@@ -172,6 +178,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 			default:
 				error(EXIT_FAILURE, 0, "option -%c is invalid: ignored.", optopt ) ;
 		}
+	}
 
 	if
 	(
@@ -509,11 +516,11 @@ main( int argc, char *argv[])
 {
 	const char *f_name;
 	int fd;
-	uint16_t flags;
+	uint16_t pax_flags;
 	int view_flags, cp_flags;
 	int rdwr_pt_pax = 1;
 
-	f_name = parse_cmd_args(argc, argv, &flags, &view_flags, &cp_flags);
+	f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags);
 
 	if((fd = open(f_name, O_RDWR)) < 0)
 	{
@@ -523,14 +530,14 @@ main( int argc, char *argv[])
 			error(EXIT_FAILURE, 0, "open() failed");
 	}
 
-	if(cp_flags == 1 || cp_flags == 2)
+	if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
 		create_xt_flags(fd, cp_flags);
 
-	if(cp_flags == 3 || (cp_flags == 4 && rdwr_pt_pax))
+	if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
 		copy_xt_flags(fd, cp_flags);
 
-	if(flags != 1)
-		set_flags(fd, &flags, rdwr_pt_pax);
+	if(pax_flags != 1)
+		set_flags(fd, &pax_flags, rdwr_pt_pax);
 
 	if(view_flags == 1)
 		print_flags(fd);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 18:16 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 18:16 UTC (permalink / raw
  To: gentoo-commits

commit:     490d000a2d2538ca44cf9647e326caa15958e07e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 18:16:31 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov  3 18:16:31 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=490d000a

src/paxctl-ng.c: added file globbing

---
 src/paxctl-ng.c |  119 +++++++++++++++++++++++++++++++++----------------------
 1 files changed, 71 insertions(+), 48 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 94dea09..bc1933b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -35,7 +35,8 @@
 
 
 #define PAX_NAMESPACE	"user.pax"
-#define BUF_SIZE	7
+#define BUF_SIZE	8
+#define FILE_NAME_SIZE	32768
 
 #define CREATE_XT_FLAGS_SECURE		1
 #define CREATE_XT_FLAGS_DEFAULT		2
@@ -43,7 +44,7 @@
 #define COPY_XT_TO_PT_FLAGS		4
 
 void
-print_help(char *v)
+print_help_exit(char *v)
 {
 	printf(
 		"\n"
@@ -78,8 +79,9 @@ print_help(char *v)
 }
 
 
-char *
-parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_flags)
+void
+parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int *cp_flags,
+	int *begin, int *end)
 {
 	int i, oc;
 	int compat, solitaire;
@@ -89,7 +91,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 	*pax_flags = 0;
 	*view_flags = 0;
 	*cp_flags = 0; 
-	while((oc = getopt(c, v,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+	while((oc = getopt(argc, argv,":PpEeMmRrXxSsZzCcFfvh")) != -1)
 	{
 		switch(oc)
 		{
@@ -172,7 +174,7 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 				*view_flags = 1;
 				break;
 			case 'h':
-				print_help(v[0]);
+				print_help_exit(argv[0]);
 				break;
 			case '?':
 			default:
@@ -180,17 +182,16 @@ parse_cmd_args(int c, char *v[], uint16_t *pax_flags, int *view_flags, int *cp_f
 		}
 	}
 
-	if
-	(
-		(
-			(compat == 1 && solitaire == 0) ||
-			(compat == 0 && solitaire == 1) ||
-			(compat == 0 && solitaire == 0 && *view_flags == 1)
-		) && v[optind] != NULL
-	)
-		return v[optind] ;
+	if(	((compat == 1 && solitaire == 0) ||
+		 (compat == 0 && solitaire == 1) ||
+		 (compat == 0 && solitaire == 0 && *view_flags == 1)
+		) && argv[optind] != NULL)
+	{
+		*begin = optind;
+		*end = argc;
+	}
 	else
-		print_help(v[0]);
+		print_help_exit(argv[0]);
 }
 
 
@@ -204,15 +205,22 @@ get_pt_flags(int fd)
 	uint16_t pt_flags = UINT16_MAX;
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
-		error(EXIT_FAILURE, 0, "Library out of date.");
+	{
+		printf("\tELF ERROR: Library out of date.\n");
+		return pt_flags;
+	}
 
 	if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
-		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+	{
+		printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+		return pt_flags;
+	}
 
 	if(elf_kind(elf) != ELF_K_ELF)
 	{
 		elf_end(elf);
-		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+		printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+		return pt_flags;
 	}
 
 	elf_getphdrnum(elf, &phnum);
@@ -222,7 +230,8 @@ get_pt_flags(int fd)
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 		{
 			elf_end(elf);
-			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+			printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+			return pt_flags;
 		}
 
 		if(phdr.p_type == PT_PAX_FLAGS)
@@ -275,23 +284,25 @@ print_flags(int fd)
 
 	flags = get_pt_flags(fd);
 	if( flags == UINT16_MAX )
-		printf("PT_PAX: not found\n");
+		printf("\tPT_PAX: not found\n");
 	else
 	{
 		memset(buf, 0, BUF_SIZE);
 		bin2string(flags, buf);
-		printf("PT_PAX: %s\n", buf);
+		printf("\tPT_PAX: %s\n", buf);
 	}
 
 	flags = get_xt_flags(fd);
 	if( flags == UINT16_MAX )
-		printf("XT_PAX: not found\n");
+		printf("\tXT_PAX: not found\n");
 	else
 	{
 		memset(buf, 0, BUF_SIZE);
 		bin2string(flags, buf);
-		printf("XT_PAX: %s\n", buf);
+		printf("\tXT_PAX: %s\n", buf);
 	}
+
+	printf("\n");
 }
 
 
@@ -413,15 +424,22 @@ set_pt_flags(int fd, uint16_t pt_flags)
 	size_t i, phnum;
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
-		error(EXIT_FAILURE, 0, "Library out of date.");
+	{
+		printf("\tELF ERROR: Library out of date.\n");
+		return;
+	}
 
 	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
-		error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
+	{
+		printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+		return;
+	}
 
 	if(elf_kind(elf) != ELF_K_ELF)
 	{
 		elf_end(elf);
-		error(EXIT_FAILURE, 0, "elf_kind() fail: this is not an elf file.");
+		printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+		return; 
 	}
 
 	elf_getphdrnum(elf, &phnum);
@@ -431,7 +449,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 		{
 			elf_end(elf);
-			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
+			printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+			return;
 		}
 
 		if(phdr.p_type == PT_PAX_FLAGS)
@@ -441,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags)
 			if(!gelf_update_phdr(elf, i, &phdr))
 			{
 				elf_end(elf);
-				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+				printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 			}
 		}
 	}
@@ -514,33 +533,37 @@ copy_xt_flags(fd, cp_flags)
 int
 main( int argc, char *argv[])
 {
-	const char *f_name;
-	int fd;
+	int fd, fi;
 	uint16_t pax_flags;
-	int view_flags, cp_flags;
+	int view_flags, cp_flags, begin, end;
 	int rdwr_pt_pax = 1;
 
-	f_name = parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags);
+	parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags, &begin, &end);
 
-	if((fd = open(f_name, O_RDWR)) < 0)
+	for(fi = begin; fi < end; fi++)
 	{
-		rdwr_pt_pax = 0;
-		printf("open(O_RDWR) failed: cannot change PT_PAX flags\n");
-		if((fd = open(f_name, O_RDONLY)) < 0)
-			error(EXIT_FAILURE, 0, "open() failed");
-	}
+		printf("%s:\n", argv[fi]);
 
-	if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
-		create_xt_flags(fd, cp_flags);
+		if((fd = open(argv[fi], O_RDWR)) < 0)
+		{
+			rdwr_pt_pax = 0;
+			printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+			if((fd = open(argv[fi], O_RDONLY)) < 0)
+				error(EXIT_FAILURE, 0, "open() failed");
+		}
 
-	if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
-		copy_xt_flags(fd, cp_flags);
+		if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
+			create_xt_flags(fd, cp_flags);
 
-	if(pax_flags != 1)
-		set_flags(fd, &pax_flags, rdwr_pt_pax);
+		if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
+			copy_xt_flags(fd, cp_flags);
 
-	if(view_flags == 1)
-		print_flags(fd);
+		if(pax_flags != 1)
+			set_flags(fd, &pax_flags, rdwr_pt_pax);
 
-	close(fd);
+		if(view_flags == 1)
+			print_flags(fd);
+
+		close(fd);
+	}
 }



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-03 18:45 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-03 18:45 UTC (permalink / raw
  To: gentoo-commits

commit:     44313c38544af6a6fef8889fbb630bf468093890
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Nov  3 18:45:38 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Nov  3 18:45:38 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=44313c38

src/paxctl-ng.c: skip to next file on any error

---
 src/paxctl-ng.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index bc1933b..8f5bf62 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -301,8 +301,6 @@ print_flags(int fd)
 		bin2string(flags, buf);
 		printf("\tXT_PAX: %s\n", buf);
 	}
-
-	printf("\n");
 }
 
 
@@ -549,7 +547,10 @@ main( int argc, char *argv[])
 			rdwr_pt_pax = 0;
 			printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
 			if((fd = open(argv[fi], O_RDONLY)) < 0)
-				error(EXIT_FAILURE, 0, "open() failed");
+			{
+				printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+				continue;
+			}
 		}
 
 		if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
@@ -565,5 +566,7 @@ main( int argc, char *argv[])
 			print_flags(fd);
 
 		close(fd);
+
+		printf("\n");
 	}
 }



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-15 16:07 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-15 16:07 UTC (permalink / raw
  To: gentoo-commits

commit:     838bf16eef6d92fc46279cc07b9be2dbe4909ce2
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Tue Nov 15 16:07:15 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Tue Nov 15 16:07:15 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=838bf16e

src/{fix-gnustack.c,paxctl-ng.c}: fix exit code

---
 src/fix-gnustack.c |    2 ++
 src/paxctl-ng.c    |    2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 8a43551..15e23e0 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -139,4 +139,6 @@ main( int argc, char *argv[])
 
 	elf_end(elf);
 	close(fd);
+
+	exit(EXIT_SUCCESS);
 }

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 8f5bf62..5527e40 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -569,4 +569,6 @@ main( int argc, char *argv[])
 
 		printf("\n");
 	}
+
+	exit(EXIT_SUCCESS);
 }



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-27  0:26 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-27  0:26 UTC (permalink / raw
  To: gentoo-commits

commit:     43c2929f6a7e29a32cc812f3974857fc08544dd7
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 27 00:26:27 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 00:26:27 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=43c2929f

src/paxctl-ng.c: build with/without xattr support

---
 src/paxctl-ng.c |   28 +++++++++++++++++++++++++---
 1 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5527e40..427281b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -24,7 +24,10 @@
 #include <libgen.h>
 
 #include <gelf.h>
+
+#ifdef XATTR
 #include <attr/xattr.h>
+#endif
 
 #include <sys/types.h>
 #include <sys/stat.h>
@@ -33,15 +36,16 @@
 
 #include <config.h>
 
-
+#ifdef XATTR
 #define PAX_NAMESPACE	"user.pax"
-#define BUF_SIZE	8
-#define FILE_NAME_SIZE	32768
 
 #define CREATE_XT_FLAGS_SECURE		1
 #define CREATE_XT_FLAGS_DEFAULT		2
 #define COPY_PT_TO_XT_FLAGS		3
 #define COPY_XT_TO_PT_FLAGS		4
+#endif
+
+#define BUF_SIZE	8
 
 void
 print_help_exit(char *v)
@@ -53,7 +57,9 @@ print_help_exit(char *v)
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
 		"Usage        : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF\n"
+#ifdef XATTR
 		"             : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
+#endif
 		"             : %s -v ELF | -h\n\n"
 		"Options      : -P enable PAGEEXEC\t-p disable  PAGEEXEC\n"
 		"             : -S enable SEGMEXEC\t-s disable  SEGMEXEC\n"
@@ -62,10 +68,12 @@ print_help_exit(char *v)
 		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
 		"             : -X enable RANDEXEC\t-x disable  RANDEXEC\n"
 		"             : -Z most secure settings\t-z all default settings\n"
+#ifdef XATTR
 		"             : -C create XT_PAX with most secure setting\n"
 		"             : -c create XT_PAX all default settings\n"
 		"             : -F copy PT_PAX to XT_PAX\n"
 		"             : -f copy XT_PAX to PT_PAX\n"
+#endif
 		"             : -v view the flags, along with any accompanying operation\n"
 		"             : -h print out this help\n\n"
 		"Note         :  If both enabling and disabling flags are set, the default - is used\n\n",
@@ -154,6 +162,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 					PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
 				solitaire += 1;
 				break;
+#ifdef XATTR
 			case 'C':
 				solitaire += 1;
 				*cp_flags = CREATE_XT_FLAGS_SECURE;
@@ -170,6 +179,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 				solitaire += 1;
 				*cp_flags = COPY_XT_TO_PT_FLAGS;
 				break;
+#endif
 			case 'v':
 				*view_flags = 1;
 				break;
@@ -243,6 +253,7 @@ get_pt_flags(int fd)
 }
 
 
+#ifdef XATTR
 uint16_t
 get_xt_flags(int fd)
 {
@@ -251,6 +262,7 @@ get_xt_flags(int fd)
 	fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
 	return xt_flags;
 }
+#endif
 
 
 void
@@ -292,6 +304,7 @@ print_flags(int fd)
 		printf("\tPT_PAX: %s\n", buf);
 	}
 
+#ifdef XATTR
 	flags = get_xt_flags(fd);
 	if( flags == UINT16_MAX )
 		printf("\tXT_PAX: not found\n");
@@ -301,6 +314,7 @@ print_flags(int fd)
 		bin2string(flags, buf);
 		printf("\tXT_PAX: %s\n", buf);
 	}
+#endif
 }
 
 
@@ -467,11 +481,13 @@ set_pt_flags(int fd, uint16_t pt_flags)
 }
 
 
+#ifdef XATTR
 void
 set_xt_flags(int fd, uint16_t xt_flags)
 {
 	fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_REPLACE);
 }
+#endif
 
 
 void
@@ -488,14 +504,17 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
 		set_pt_flags(fd, flags);
 	}
 
+#ifdef XATTR
 	flags = get_xt_flags(fd);
 	if( flags == UINT16_MAX )
 		flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
 	flags = update_flags( flags, *pax_flags);
 	set_xt_flags(fd, flags);
+#endif
 }
 
 
+#ifdef XATTR
 void
 create_xt_flags(fd, cp_flags)
 {
@@ -526,6 +545,7 @@ copy_xt_flags(fd, cp_flags)
 		set_pt_flags(fd, flags);
 	}
 }
+#endif
 
 
 int
@@ -553,11 +573,13 @@ main( int argc, char *argv[])
 			}
 		}
 
+#ifdef XATTR
 		if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
 			create_xt_flags(fd, cp_flags);
 
 		if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
 			copy_xt_flags(fd, cp_flags);
+#endif
 
 		if(pax_flags != 1)
 			set_flags(fd, &pax_flags, rdwr_pt_pax);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2011-11-27  0:59 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2011-11-27  0:59 UTC (permalink / raw
  To: gentoo-commits

commit:     389a4e631f3877ac7f06ee1667faeccab1b7fdbd
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 27 00:59:24 2011 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sun Nov 27 00:59:24 2011 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=389a4e63

src/paxctl-ng.c: made verbosity more consistant

---
 src/paxctl-ng.c |   89 ++++++++++++++++++++++++++++++++----------------------
 1 files changed, 53 insertions(+), 36 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 427281b..5700b98 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -56,7 +56,7 @@ print_help_exit(char *v)
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
-		"Usage        : %s -PpEeMmRrXxSsv ELF | -Zv ELF | -zv ELF\n"
+		"Usage        : %s -PpSsMmEeRrXxv ELF | -Zv ELF | -zv ELF\n"
 #ifdef XATTR
 		"             : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
 #endif
@@ -88,7 +88,7 @@ print_help_exit(char *v)
 
 
 void
-parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int *cp_flags,
+parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *cp_flags,
 	int *begin, int *end)
 {
 	int i, oc;
@@ -97,9 +97,13 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 	compat = 0;
 	solitaire = 0;
 	*pax_flags = 0;
-	*view_flags = 0;
+	*verbose = 0;
 	*cp_flags = 0; 
-	while((oc = getopt(argc, argv,":PpEeMmRrXxSsZzCcFfvh")) != -1)
+#ifdef XATTR
+	while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzCcFfvh")) != -1)
+#else
+	while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzvh")) != -1)
+#endif
 	{
 		switch(oc)
 		{
@@ -181,7 +185,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 				break;
 #endif
 			case 'v':
-				*view_flags = 1;
+				*verbose = 1;
 				break;
 			case 'h':
 				print_help_exit(argv[0]);
@@ -194,7 +198,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 
 	if(	((compat == 1 && solitaire == 0) ||
 		 (compat == 0 && solitaire == 1) ||
-		 (compat == 0 && solitaire == 0 && *view_flags == 1)
+		 (compat == 0 && solitaire == 0 && *verbose == 1)
 		) && argv[optind] != NULL)
 	{
 		*begin = optind;
@@ -206,7 +210,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *view_flags, int
 
 
 uint16_t
-get_pt_flags(int fd)
+get_pt_flags(int fd, int verbose)
 {
 	Elf *elf;
 	GElf_Phdr phdr;
@@ -216,20 +220,23 @@ get_pt_flags(int fd)
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
 	{
-		printf("\tELF ERROR: Library out of date.\n");
+		if(verbose)
+			printf("\tELF ERROR: Library out of date.\n");
 		return pt_flags;
 	}
 
 	if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
 	{
-		printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+		if(verbose)
+			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
 		return pt_flags;
 	}
 
 	if(elf_kind(elf) != ELF_K_ELF)
 	{
 		elf_end(elf);
-		printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+		if(verbose)
+			printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
 		return pt_flags;
 	}
 
@@ -240,7 +247,8 @@ get_pt_flags(int fd)
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 		{
 			elf_end(elf);
-			printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+			if(verbose)
+				printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
 			return pt_flags;
 		}
 
@@ -289,12 +297,12 @@ bin2string(uint16_t flags, char *buf)
 
 
 void
-print_flags(int fd)
+print_flags(int fd, int verbose)
 {
 	uint16_t flags;
 	char buf[BUF_SIZE];
 
-	flags = get_pt_flags(fd);
+	flags = get_pt_flags(fd, verbose);
 	if( flags == UINT16_MAX )
 		printf("\tPT_PAX: not found\n");
 	else
@@ -429,7 +437,7 @@ update_flags(uint16_t flags, uint16_t pax_flags)
 
 
 void
-set_pt_flags(int fd, uint16_t pt_flags)
+set_pt_flags(int fd, uint16_t pt_flags, int verbose)
 {
 	Elf *elf;
 	GElf_Phdr phdr;
@@ -437,20 +445,23 @@ set_pt_flags(int fd, uint16_t pt_flags)
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
 	{
-		printf("\tELF ERROR: Library out of date.\n");
+		if(verbose)
+			printf("\tELF ERROR: Library out of date.\n");
 		return;
 	}
 
 	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
 	{
-		printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
+		if(verbose)
+			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
 		return;
 	}
 
 	if(elf_kind(elf) != ELF_K_ELF)
 	{
 		elf_end(elf);
-		printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
+		if(verbose)
+			printf("\tELF ERROR: elf_kind() fail: this is not an elf file.\n");
 		return; 
 	}
 
@@ -461,7 +472,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 		{
 			elf_end(elf);
-			printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
+			if(verbose)
+				printf("\tELF ERROR: gelf_getphdr(): %s\n", elf_errmsg(elf_errno()));
 			return;
 		}
 
@@ -472,7 +484,8 @@ set_pt_flags(int fd, uint16_t pt_flags)
 			if(!gelf_update_phdr(elf, i, &phdr))
 			{
 				elf_end(elf);
-				printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
+				if(verbose)
+					printf("\tELF ERROR: gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 			}
 		}
 	}
@@ -491,17 +504,17 @@ set_xt_flags(int fd, uint16_t xt_flags)
 
 
 void
-set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
+set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
 {
 	uint16_t flags;
 
 	if(rdwr_pt_pax)
 	{
-		flags = get_pt_flags(fd);
+		flags = get_pt_flags(fd, verbose);
 		if( flags == UINT16_MAX )
 			flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
 		flags = update_flags( flags, *pax_flags);
-		set_pt_flags(fd, flags);
+		set_pt_flags(fd, flags, verbose);
 	}
 
 #ifdef XATTR
@@ -516,7 +529,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax)
 
 #ifdef XATTR
 void
-create_xt_flags(fd, cp_flags)
+create_xt_flags(int fd, int cp_flags)
 {
 	uint16_t xt_flags;
 
@@ -531,18 +544,18 @@ create_xt_flags(fd, cp_flags)
 
 
 void
-copy_xt_flags(fd, cp_flags)
+copy_xt_flags(int fd, int cp_flags, int verbose)
 {
 	uint16_t flags;
 	if(cp_flags == 3)
 	{
-		flags = get_pt_flags(fd);
+		flags = get_pt_flags(fd, verbose);
 		set_xt_flags(fd, flags);
 	}
 	else if(cp_flags == 4)
 	{
 		flags = get_xt_flags(fd);
-		set_pt_flags(fd, flags);
+		set_pt_flags(fd, flags, verbose);
 	}
 }
 #endif
@@ -553,22 +566,25 @@ main( int argc, char *argv[])
 {
 	int fd, fi;
 	uint16_t pax_flags;
-	int view_flags, cp_flags, begin, end;
+	int verbose, cp_flags, begin, end;
 	int rdwr_pt_pax = 1;
 
-	parse_cmd_args(argc, argv, &pax_flags, &view_flags, &cp_flags, &begin, &end);
+	parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &begin, &end);
 
 	for(fi = begin; fi < end; fi++)
 	{
-		printf("%s:\n", argv[fi]);
+		if(verbose)
+			printf("%s:\n", argv[fi]);
 
 		if((fd = open(argv[fi], O_RDWR)) < 0)
 		{
 			rdwr_pt_pax = 0;
-			printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+			if(verbose)
+				printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
 			if((fd = open(argv[fi], O_RDONLY)) < 0)
 			{
-				printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+				if(verbose)
+					printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
 				continue;
 			}
 		}
@@ -578,18 +594,19 @@ main( int argc, char *argv[])
 			create_xt_flags(fd, cp_flags);
 
 		if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
-			copy_xt_flags(fd, cp_flags);
+			copy_xt_flags(fd, cp_flags, verbose);
 #endif
 
 		if(pax_flags != 1)
-			set_flags(fd, &pax_flags, rdwr_pt_pax);
+			set_flags(fd, &pax_flags, rdwr_pt_pax, verbose);
 
-		if(view_flags == 1)
-			print_flags(fd);
+		if(verbose == 1)
+			print_flags(fd, verbose);
 
 		close(fd);
 
-		printf("\n");
+		if(verbose)
+			printf("\n");
 	}
 
 	exit(EXIT_SUCCESS);



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20  9:30 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20  9:30 UTC (permalink / raw
  To: gentoo-commits

commit:     b77d753f9644ad44699d214119809c0403000ea1
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 09:30:16 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 09:30:16 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b77d753f

src/paxctl-ng.c: remove RANDEXEC completely

---
 src/paxctl-ng.c |   48 ++++++++++--------------------------------------
 1 files changed, 10 insertions(+), 38 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 5700b98..f9667d4 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -56,7 +56,7 @@ print_help_exit(char *v)
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
 		"Program Name : %s\n"
 		"Description  : Get or set pax flags on an ELF object\n\n"
-		"Usage        : %s -PpSsMmEeRrXxv ELF | -Zv ELF | -zv ELF\n"
+		"Usage        : %s -PpSsMmEeRrv ELF | -Zv ELF | -zv ELF\n"
 #ifdef XATTR
 		"             : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
 #endif
@@ -66,7 +66,6 @@ print_help_exit(char *v)
 		"             : -M enable MPROTECT\t-m disable  MPROTECT\n"
 		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
 		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
-		"             : -X enable RANDEXEC\t-x disable  RANDEXEC\n"
 		"             : -Z most secure settings\t-z all default settings\n"
 #ifdef XATTR
 		"             : -C create XT_PAX with most secure setting\n"
@@ -100,9 +99,9 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
 	*verbose = 0;
 	*cp_flags = 0; 
 #ifdef XATTR
-	while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzCcFfvh")) != -1)
+	while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
 #else
-	while((oc = getopt(argc, argv,":PpSsMmEeRrXxZzvh")) != -1)
+	while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
 #endif
 	{
 		switch(oc)
@@ -147,23 +146,15 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
 				*pax_flags |= PF_NORANDMMAP;
 				compat |= 1;
 				break ;
-			case 'X':
-				*pax_flags |= PF_RANDEXEC;
-				compat |= 1;
-				break;
-			case 'x':
-				*pax_flags |= PF_NORANDEXEC;
-				compat |= 1;
-				break ;
 			case 'Z':
 				*pax_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
-					PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+					PF_NOEMUTRAMP | PF_RANDMMAP ;
 				solitaire += 1;
 				break ;
 			case 'z':
 				*pax_flags = PF_PAGEEXEC | PF_NOPAGEEXEC | PF_SEGMEXEC | PF_NOSEGMEXEC |
 					PF_MPROTECT | PF_NOMPROTECT | PF_EMUTRAMP | PF_NOEMUTRAMP |
-					PF_RANDMMAP | PF_NORANDMMAP | PF_RANDEXEC | PF_NORANDEXEC;
+					PF_RANDMMAP | PF_NORANDMMAP ;
 				solitaire += 1;
 				break;
 #ifdef XATTR
@@ -290,9 +281,6 @@ bin2string(uint16_t flags, char *buf)
 
 	buf[4] = flags & PF_RANDMMAP   ? 'R' :
 		flags & PF_NORANDMMAP ? 'r' : '-';
-
-	buf[5] = flags & PF_RANDEXEC   ? 'X' :
-		flags & PF_NORANDEXEC ? 'x' : '-';
 }
 
 
@@ -415,23 +403,6 @@ update_flags(uint16_t flags, uint16_t pax_flags)
 		flags &= ~PF_NORANDMMAP;
 	}
 
-	//RANDEXEC
-	if(pax_flags & PF_RANDEXEC)
-	{
-		flags |= PF_RANDEXEC;
-		flags &= ~PF_NORANDEXEC;
-	}
-	if(pax_flags & PF_NORANDEXEC)
-	{
-		flags &= ~PF_RANDEXEC;
-		flags |= PF_NORANDEXEC;
-	}
-	if((pax_flags & PF_RANDEXEC) && (pax_flags & PF_NORANDEXEC))
-	{
-		flags &= ~PF_RANDEXEC;
-		flags &= ~PF_NORANDEXEC;
-	}
-
 	return flags;
 }
 
@@ -479,7 +450,8 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
 
 		if(phdr.p_type == PT_PAX_FLAGS)
 		{
-			phdr.p_flags = pt_flags;
+			//RANDEXEC is deprecated, we'll force it off like paxctl
+			phdr.p_flags = pt_flags | PF_NORANDEXEC;
 
 			if(!gelf_update_phdr(elf, i, &phdr))
 			{
@@ -512,7 +484,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
 	{
 		flags = get_pt_flags(fd, verbose);
 		if( flags == UINT16_MAX )
-			flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+			flags = PF_NOEMUTRAMP ;
 		flags = update_flags( flags, *pax_flags);
 		set_pt_flags(fd, flags, verbose);
 	}
@@ -520,7 +492,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
 #ifdef XATTR
 	flags = get_xt_flags(fd);
 	if( flags == UINT16_MAX )
-		flags = PF_NOEMUTRAMP | PF_NORANDEXEC;
+		flags = PF_NOEMUTRAMP ;
 	flags = update_flags( flags, *pax_flags);
 	set_xt_flags(fd, flags);
 #endif
@@ -535,7 +507,7 @@ create_xt_flags(int fd, int cp_flags)
 
 	if(cp_flags == 1)
 		xt_flags = PF_PAGEEXEC | PF_SEGMEXEC | PF_MPROTECT |
-			PF_NOEMUTRAMP | PF_RANDMMAP | PF_NORANDEXEC;
+			PF_NOEMUTRAMP | PF_RANDMMAP ;
 	else if(cp_flags == 2)
 		xt_flags = 0;
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20 11:56 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20 11:56 UTC (permalink / raw
  To: gentoo-commits

commit:     82c7d49af29da34e186f9bd172708e2db35b738b
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 11:56:31 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 11:56:31 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=82c7d49a

src/paxctl-ng.c: switch to string implementation of XT_PAX

---
 src/paxctl-ng.c |   58 +++++++++++++++++++++++++++++++++++++++++++++++-------
 1 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index f9667d4..7fa5342 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -37,7 +37,7 @@
 #include <config.h>
 
 #ifdef XATTR
-#define PAX_NAMESPACE	"user.pax"
+#define PAX_NAMESPACE	"user.pax.flags"
 
 #define CREATE_XT_FLAGS_SECURE		1
 #define CREATE_XT_FLAGS_DEFAULT		2
@@ -45,7 +45,7 @@
 #define COPY_XT_TO_PT_FLAGS		4
 #endif
 
-#define BUF_SIZE	8
+#define FLAGS_SIZE		5
 
 void
 print_help_exit(char *v)
@@ -254,11 +254,48 @@ get_pt_flags(int fd, int verbose)
 
 #ifdef XATTR
 uint16_t
+string2bin(char *buf)
+{
+	uint16_t flags = 0;
+
+	if( buf[0] = 'P' )
+		flags |= PF_PAGEEXEC;
+	else if( buf[0] = 'p' )
+		flags |= PF_NOPAGEEXEC;
+
+	if( buf[1] = 'S' )
+		flags |= PF_SEGMEXEC;
+	else if( buf[1] = 's' )
+		flags |= PF_NOSEGMEXEC;
+
+	if( buf[2] = 'M' )
+		flags |= PF_MPROTECT;
+	else if( buf[2] = 'm' )
+		flags |= PF_NOMPROTECT;
+
+	if( buf[3] = 'E' )
+		flags |= PF_EMUTRAMP;
+	else if( buf[3] = 'e' )
+		flags |= PF_NORANDMMAP;
+
+	if( buf[4] = 'R' )
+		flags |= PF_RANDMMAP;
+	else if( buf[4] = 'r' )
+		flags |= PF_NORANDMMAP;
+
+	return flags;
+}
+
+
+uint16_t
 get_xt_flags(int fd)
 {
+	char buf[FLAGS_SIZE];
 	uint16_t xt_flags = UINT16_MAX;
 
-	fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t));
+	if(fgetxattr(fd, PAX_NAMESPACE, buf, sizeof(FLAGS_SIZE)) != -1)
+		xt_flags = string2bin(buf);
+
 	return xt_flags;
 }
 #endif
@@ -288,14 +325,14 @@ void
 print_flags(int fd, int verbose)
 {
 	uint16_t flags;
-	char buf[BUF_SIZE];
+	char buf[FLAGS_SIZE];
 
 	flags = get_pt_flags(fd, verbose);
 	if( flags == UINT16_MAX )
 		printf("\tPT_PAX: not found\n");
 	else
 	{
-		memset(buf, 0, BUF_SIZE);
+		memset(buf, 0, FLAGS_SIZE);
 		bin2string(flags, buf);
 		printf("\tPT_PAX: %s\n", buf);
 	}
@@ -306,7 +343,7 @@ print_flags(int fd, int verbose)
 		printf("\tXT_PAX: not found\n");
 	else
 	{
-		memset(buf, 0, BUF_SIZE);
+		memset(buf, 0, FLAGS_SIZE);
 		bin2string(flags, buf);
 		printf("\tXT_PAX: %s\n", buf);
 	}
@@ -470,7 +507,10 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
 void
 set_xt_flags(int fd, uint16_t xt_flags)
 {
-	fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_REPLACE);
+	char buf[FLAGS_SIZE];
+
+	bin2string(xt_flags, buf);
+	fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
 }
 #endif
 
@@ -503,6 +543,7 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
 void
 create_xt_flags(int fd, int cp_flags)
 {
+	char buf[FLAGS_SIZE];
 	uint16_t xt_flags;
 
 	if(cp_flags == 1)
@@ -511,7 +552,8 @@ create_xt_flags(int fd, int cp_flags)
 	else if(cp_flags == 2)
 		xt_flags = 0;
 
-	fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), XATTR_CREATE);
+	bin2string(xt_flags, buf);
+	fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
 }
 
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-20 13:24 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-20 13:24 UTC (permalink / raw
  To: gentoo-commits

commit:     a4b09651650e6e011b0f5d9fd091519e4d9d2465
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 20 13:24:49 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 20 13:24:49 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=a4b09651

src/paxctl-ng.c: fix string2bin

---
 src/paxctl-ng.c |   36 +++++++++++++++++++++---------------
 1 files changed, 21 insertions(+), 15 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 7fa5342..431d285 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -45,7 +45,7 @@
 #define COPY_XT_TO_PT_FLAGS		4
 #endif
 
-#define FLAGS_SIZE		5
+#define FLAGS_SIZE			6
 
 void
 print_help_exit(char *v)
@@ -258,29 +258,29 @@ string2bin(char *buf)
 {
 	uint16_t flags = 0;
 
-	if( buf[0] = 'P' )
+	if( buf[0] == 'P' )
 		flags |= PF_PAGEEXEC;
-	else if( buf[0] = 'p' )
+	else if( buf[0] == 'p' )
 		flags |= PF_NOPAGEEXEC;
 
-	if( buf[1] = 'S' )
+	if( buf[1] == 'S' )
 		flags |= PF_SEGMEXEC;
-	else if( buf[1] = 's' )
+	else if( buf[1] == 's' )
 		flags |= PF_NOSEGMEXEC;
 
-	if( buf[2] = 'M' )
+	if( buf[2] == 'M' )
 		flags |= PF_MPROTECT;
-	else if( buf[2] = 'm' )
+	else if( buf[2] == 'm' )
 		flags |= PF_NOMPROTECT;
 
-	if( buf[3] = 'E' )
+	if( buf[3] == 'E' )
 		flags |= PF_EMUTRAMP;
-	else if( buf[3] = 'e' )
-		flags |= PF_NORANDMMAP;
+	else if( buf[3] == 'e' )
+		flags |= PF_NOEMUTRAMP;
 
-	if( buf[4] = 'R' )
+	if( buf[4] == 'R' )
 		flags |= PF_RANDMMAP;
-	else if( buf[4] = 'r' )
+	else if( buf[4] == 'r' )
 		flags |= PF_NORANDMMAP;
 
 	return flags;
@@ -293,7 +293,9 @@ get_xt_flags(int fd)
 	char buf[FLAGS_SIZE];
 	uint16_t xt_flags = UINT16_MAX;
 
-	if(fgetxattr(fd, PAX_NAMESPACE, buf, sizeof(FLAGS_SIZE)) != -1)
+	memset(buf, 0, FLAGS_SIZE);
+
+	if(fgetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE) != -1)
 		xt_flags = string2bin(buf);
 
 	return xt_flags;
@@ -509,8 +511,10 @@ set_xt_flags(int fd, uint16_t xt_flags)
 {
 	char buf[FLAGS_SIZE];
 
+	memset(buf, 0, FLAGS_SIZE);
 	bin2string(xt_flags, buf);
-	fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+	printf("DEBUG buf = %s\n", buf);
+	//fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
 }
 #endif
 
@@ -552,8 +556,10 @@ create_xt_flags(int fd, int cp_flags)
 	else if(cp_flags == 2)
 		xt_flags = 0;
 
+	memset(buf, 0, FLAGS_SIZE);
 	bin2string(xt_flags, buf);
-	fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+	printf("DEBUG buf = %s\n", buf);
+	//fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
 }
 
 



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-21 12:37 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-21 12:37 UTC (permalink / raw
  To: gentoo-commits

commit:     0e5fa67947a5eb01d036a27e697735fb94d5c37e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Jul 21 12:37:20 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Jul 21 12:37:20 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=0e5fa679

src/paxctl-ng.c: sanity check on copy XT_PAX <-> PT_PAX

---
 src/paxctl-ng.c |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 431d285..30584db 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -58,7 +58,7 @@ print_help_exit(char *v)
 		"Description  : Get or set pax flags on an ELF object\n\n"
 		"Usage        : %s -PpSsMmEeRrv ELF | -Zv ELF | -zv ELF\n"
 #ifdef XATTR
-		"             : %s -Cv ELF | -cv ELF | Fv ELF | -fv ELF\n"
+		"             : %s -Cv ELF | -cv ELF | -Fv ELF | -fv ELF\n"
 #endif
 		"             : %s -v ELF | -h\n\n"
 		"Options      : -P enable PAGEEXEC\t-p disable  PAGEEXEC\n"
@@ -513,8 +513,7 @@ set_xt_flags(int fd, uint16_t xt_flags)
 
 	memset(buf, 0, FLAGS_SIZE);
 	bin2string(xt_flags, buf);
-	printf("DEBUG buf = %s\n", buf);
-	//fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+	fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_REPLACE);
 }
 #endif
 
@@ -558,8 +557,7 @@ create_xt_flags(int fd, int cp_flags)
 
 	memset(buf, 0, FLAGS_SIZE);
 	bin2string(xt_flags, buf);
-	printf("DEBUG buf = %s\n", buf);
-	//fsetxattr(fd, PAX_NAMESPACE, buf, FLAGS_SIZE, XATTR_REPLACE);
+	fsetxattr(fd, PAX_NAMESPACE, buf, strlen(buf), XATTR_CREATE);
 }
 
 
@@ -570,12 +568,14 @@ copy_xt_flags(int fd, int cp_flags, int verbose)
 	if(cp_flags == 3)
 	{
 		flags = get_pt_flags(fd, verbose);
-		set_xt_flags(fd, flags);
+		if( flags != UINT16_MAX )
+			set_xt_flags(fd, flags);
 	}
 	else if(cp_flags == 4)
 	{
 		flags = get_xt_flags(fd);
-		set_pt_flags(fd, flags, verbose);
+		if( flags != UINT16_MAX )
+			set_pt_flags(fd, flags, verbose);
 	}
 }
 #endif



^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-23 10:47 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-23 10:47 UTC (permalink / raw
  To: gentoo-commits

commit:     02640d9d23cc4736e642600430b13406c33dba9e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Mon Jul 23 10:47:10 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Mon Jul 23 10:47:10 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=02640d9d

src/{fix-gnustack.c,paxctl-ng.c}: ELF_C_RDWR_MMAP -> ELF_C_RDWR for uclibc compat

---
 src/fix-gnustack.c |    2 +-
 src/paxctl-ng.c    |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 15e23e0..03da236 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -99,7 +99,7 @@ main( int argc, char *argv[])
 	{
 		if((fd = open(f_name, O_RDWR)) < 0)
 			error(EXIT_FAILURE, 0, "open() fail.");
-		if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+		if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
 			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 	}
 	else

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 025ea24..4b7e6fb 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -216,7 +216,7 @@ get_pt_flags(int fd, int verbose)
 		return pt_flags;
 	}
 
-	if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
+	if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
 	{
 		if(verbose)
 			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
@@ -460,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
 		return;
 	}
 
-	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
+	if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
 	{
 		if(verbose)
 			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-07-27 22:00 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-07-27 22:00 UTC (permalink / raw
  To: gentoo-commits

commit:     b3e9ab5db62e344bfe72b78c6ab7fcfebf6d9592
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Jul 27 21:57:19 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Jul 27 21:57:19 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=b3e9ab5d

Revert "src/{fix-gnustack.c,paxctl-ng.c}: ELF_C_RDWR_MMAP -> ELF_C_RDWR for uclibc compat"

This reverts commit 02640d9d23cc4736e642600430b13406c33dba9e.

Using libelf instead of elfutils to gelf_update_phdr() fails.  Revert
for now until we figure out what's going on.

---
 src/fix-gnustack.c |    2 +-
 src/paxctl-ng.c    |    4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 03da236..15e23e0 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -99,7 +99,7 @@ main( int argc, char *argv[])
 	{
 		if((fd = open(f_name, O_RDWR)) < 0)
 			error(EXIT_FAILURE, 0, "open() fail.");
-		if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
+		if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
 			error(EXIT_FAILURE, 0, "elf_begin() fail: %s", elf_errmsg(elf_errno()));
 	}
 	else

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4b7e6fb..025ea24 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -216,7 +216,7 @@ get_pt_flags(int fd, int verbose)
 		return pt_flags;
 	}
 
-	if((elf = elf_begin(fd, ELF_C_READ, NULL)) == NULL)
+	if((elf = elf_begin(fd, ELF_C_READ_MMAP, NULL)) == NULL)
 	{
 		if(verbose)
 			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));
@@ -460,7 +460,7 @@ set_pt_flags(int fd, uint16_t pt_flags, int verbose)
 		return;
 	}
 
-	if((elf = elf_begin(fd, ELF_C_RDWR, NULL)) == NULL)
+	if((elf = elf_begin(fd, ELF_C_RDWR_MMAP, NULL)) == NULL)
 	{
 		if(verbose)
 			printf("\tELF ERROR: elf_begin() fail: %s\n", elf_errmsg(elf_errno()));


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:26 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:26 UTC (permalink / raw
  To: gentoo-commits

commit:     77673e44fc1798c919aa442c62f90e56f1fde632
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:25:42 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:25:42 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=77673e44

src/paxctl-ng.c: limit only ptpax or xtpax when both are possible

---
 src/paxctl-ng.c |   44 +++++++++++++++++++++++++++++++-------------
 1 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 817192d..2de2614 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -44,13 +44,16 @@
 
 #ifdef XTPAX
  #include <attr/xattr.h>
-
  #define PAX_NAMESPACE	"user.pax.flags"
-
  #define CREATE_XT_FLAGS_SECURE         1
  #define CREATE_XT_FLAGS_DEFAULT        2
+#endif
+
+#if defined(PTPAX) && defined(XTPAX)
  #define COPY_PT_TO_XT_FLAGS            3
  #define COPY_XT_TO_PT_FLAGS            4
+ #define LIMIT_TO_PT_FLAGS              5
+ #define LIMIT_TO_XT_FLAGS              6
 #endif
 
 #define FLAGS_SIZE                      6
@@ -72,6 +75,7 @@ print_help_exit(char *v)
 #endif
 #if defined(PTPAX) && defined(XTPAX)
 		"             : %s -Fv ELF | -fv ELF\n"
+		"             : %s -Lv ELF | -lv ELF\n"
 #endif
 		"             : %s -v ELF | -h\n\n"
 		"Options      : -P enable PAGEEXEC\t-p disable  PAGEEXEC\n"
@@ -80,6 +84,7 @@ print_help_exit(char *v)
 		"             : -E enable EMUTRAMP\t-e disable  EMUTRAMP\n"
 		"             : -R enable RANDMMAP\t-r disable  RANDMMAP\n"
 		"             : -Z all secure settings\t-z all default settings\n"
+		"             :\n"
 #ifdef XTPAX
 		"             : -C create XT_PAX with most secure setting\n"
 		"             : -c create XT_PAX all default settings\n"
@@ -87,7 +92,10 @@ print_help_exit(char *v)
 #if defined(PTPAX) && defined(XTPAX)
 		"             : -F copy PT_PAX to XT_PAX\n"
 		"             : -f copy XT_PAX to PT_PAX\n"
+		"             : -L set only PT_PAX flags\n"
+		"             : -l set only XT_PAX flags\n"
 #endif
+		"             :\n"
 		"             : -v view the flags, along with any accompanying operation\n"
 		"             : -h print out this help\n\n"
 		"Note         :  If both enabling and disabling flags are set, the default - is used\n\n",
@@ -98,6 +106,7 @@ print_help_exit(char *v)
 #endif
 #if defined(PTPAX) && defined(XTPAX)
 		basename(v),
+		basename(v),
 #endif
 		basename(v)
 	);
@@ -108,7 +117,7 @@ print_help_exit(char *v)
 
 void
 parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *cp_flags,
-	int *begin, int *end)
+	int *limit, int *begin, int *end)
 {
 	int i, oc;
 	int compat, solitaire;
@@ -211,6 +220,12 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
 				solitaire += 1;
 				*cp_flags = COPY_XT_TO_PT_FLAGS;
 				break;
+			case 'L':
+				*limit = LIMIT_TO_PT_FLAGS;
+				break;
+			case 'l':
+				*limit = LIMIT_TO_XT_FLAGS;
+				break;
 #else
 			case 'F':
 			case 'f':
@@ -570,12 +585,12 @@ set_xt_flags(int fd, uint16_t xt_flags)
 
 
 void
-set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
+set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
 {
 	uint16_t flags;
 
 #ifdef PTPAX
-	if(rdwr_pt_pax)
+	if(rdwr_pt_pax && !( limit == LIMIT_TO_XT_FLAGS) )
 	{
 		flags = get_pt_flags(fd, verbose);
 		if( flags == UINT16_MAX )
@@ -586,11 +601,14 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int verbose)
 #endif
 
 #ifdef XTPAX
-	flags = get_xt_flags(fd);
-	if( flags == UINT16_MAX )
-		flags = PF_NOEMUTRAMP ;
-	flags = update_flags( flags, *pax_flags);
-	set_xt_flags(fd, flags);
+	if( !( limit == LIMIT_TO_PT_FLAGS) )
+	{
+		flags = get_xt_flags(fd);
+		if( flags == UINT16_MAX )
+			flags = PF_NOEMUTRAMP ;
+		flags = update_flags( flags, *pax_flags);
+		set_xt_flags(fd, flags);
+	}
 #endif
 }
 
@@ -641,10 +659,10 @@ main( int argc, char *argv[])
 {
 	int fd, fi;
 	uint16_t pax_flags;
-	int verbose, cp_flags, begin, end;
+	int verbose, cp_flags, limit, begin, end;
 	int rdwr_pt_pax = 1;
 
-	parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &begin, &end);
+	parse_cmd_args(argc, argv, &pax_flags, &verbose, &cp_flags, &limit, &begin, &end);
 
 	for(fi = begin; fi < end; fi++)
 	{
@@ -677,7 +695,7 @@ main( int argc, char *argv[])
 #endif
 
 		if(pax_flags != 0)
-			set_flags(fd, &pax_flags, rdwr_pt_pax, verbose);
+			set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
 
 		if(verbose == 1)
 			print_flags(fd, verbose);


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:35 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:35 UTC (permalink / raw
  To: gentoo-commits

commit:     0899662410bf18690fbcec4d996a0380b46ded88
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:35:27 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:35:27 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=08996624

src/paxctl-ng.c: fix logic of limiting pt/xtpax when both are possible

---
 src/paxctl-ng.c |   26 +++++++++++++++++++-------
 1 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 2de2614..61bbcce 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -590,26 +590,38 @@ set_flags(int fd, uint16_t *pax_flags, int rdwr_pt_pax, int limit, int verbose)
 	uint16_t flags;
 
 #ifdef PTPAX
-	if(rdwr_pt_pax && !( limit == LIMIT_TO_XT_FLAGS) )
+	if(rdwr_pt_pax)
 	{
-		flags = get_pt_flags(fd, verbose);
-		if( flags == UINT16_MAX )
-			flags = PF_NOEMUTRAMP ;
-		flags = update_flags( flags, *pax_flags);
-		set_pt_flags(fd, flags, verbose);
+#ifdef XTPAX
+		if( !(limit == LIMIT_TO_XT_FLAGS))
+		{
+#endif
+			flags = get_pt_flags(fd, verbose);
+			if( flags == UINT16_MAX )
+				flags = PF_NOEMUTRAMP ;
+			flags = update_flags( flags, *pax_flags);
+			set_pt_flags(fd, flags, verbose);
+#ifdef XTPAX
+		}
+#endif
+
 	}
 #endif
 
 #ifdef XTPAX
-	if( !( limit == LIMIT_TO_PT_FLAGS) )
+#ifdef PTPAX
+	if( !(limit == LIMIT_TO_PT_FLAGS) )
 	{
+#endif
 		flags = get_xt_flags(fd);
 		if( flags == UINT16_MAX )
 			flags = PF_NOEMUTRAMP ;
 		flags = update_flags( flags, *pax_flags);
 		set_xt_flags(fd, flags);
+#ifdef PTPAX
 	}
 #endif
+#endif
 }
 
 


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 21:55 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 21:55 UTC (permalink / raw
  To: gentoo-commits

commit:     7b01e0df4cc90c829b2294a231c61a30f577a5d7
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 21:55:05 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 21:55:05 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=7b01e0df

src/paxctl-ng.c: only PT_PAX needs the file open RDWR to set

---
 src/paxctl-ng.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 61bbcce..83ed15f 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -681,20 +681,20 @@ main( int argc, char *argv[])
 		if(verbose)
 			printf("%s:\n", argv[fi]);
 
-#ifdef PTPAX
 		if((fd = open(argv[fi], O_RDWR)) < 0)
 		{
 			rdwr_pt_pax = 0;
+#ifdef PTPAX
 			if(verbose)
 				printf("\topen(O_RDWR) failed: cannot change PT_PAX flags\n");
+#endif
 			if((fd = open(argv[fi], O_RDONLY)) < 0)
 			{
 				if(verbose)
-					printf("\topen(O_RDONLY) failed: cannot change PT_PAX flags\n\n");
+					printf("\topen(O_RDONLY) failed: cannot read/change PAX flags\n\n");
 				continue;
 			}
 		}
-#endif
 
 #ifdef XTPAX
 		if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 22:29 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 22:29 UTC (permalink / raw
  To: gentoo-commits

commit:     8e2659bbbe962d0f564e8a1b46506b6b28e11b25
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 22:29:33 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 22:29:33 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=8e2659bb

src/paxctl-ng.c: properly hand -L and -l in opts

---
 src/paxctl-ng.c |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 83ed15f..7cde4f5 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -142,7 +142,7 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
 	 * #endif
 	 */
 
-	while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
+	while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfLlvh")) != -1)
 	{
 		switch(oc)
 		{
@@ -229,6 +229,8 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
 #else
 			case 'F':
 			case 'f':
+			case 'L':
+			case 'l':
 				break;
 #endif
 			case 'v':


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-11-10 23:27 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-11-10 23:27 UTC (permalink / raw
  To: gentoo-commits

commit:     a82220ad09c3e92764f294d5e847f84b5f0103c8
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Nov 10 23:27:04 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Nov 10 23:27:04 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=a82220ad

src/paxctl-ng.c: print success doesn't count to exit code

---
 src/paxctl-ng.c |   14 ++++++--------
 1 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 875304e..e58cebb 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -392,7 +392,7 @@ bin2string(uint16_t flags, char *buf)
 }
 
 
-int
+void
 print_flags(int fd, int verbose)
 {
 	uint16_t flags;
@@ -421,8 +421,6 @@ print_flags(int fd, int verbose)
 		printf("\tXT_PAX: %s\n", buf);
 	}
 #endif
-
-	return EXIT_SUCCESS;
 }
 
 
@@ -735,21 +733,21 @@ main( int argc, char *argv[])
 
 #ifdef XTPAX
 		if(cp_flags == CREATE_XT_FLAGS_SECURE || cp_flags == CREATE_XT_FLAGS_DEFAULT)
-			ret = create_xt_flags(fd, cp_flags);
+			ret |= create_xt_flags(fd, cp_flags);
 		if(cp_flags == DELETE_XT_FLAGS)
-			ret = delete_xt_flags(fd);
+			ret |= delete_xt_flags(fd);
 #endif
 
 #if defined(PTPAX) && defined(XTPAX)
 		if(cp_flags == COPY_PT_TO_XT_FLAGS || (cp_flags == COPY_XT_TO_PT_FLAGS && rdwr_pt_pax))
-			ret = copy_xt_flags(fd, cp_flags, verbose);
+			ret |= copy_xt_flags(fd, cp_flags, verbose);
 #endif
 
 		if(pax_flags != 0)
-			ret = set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
+			ret |= set_flags(fd, &pax_flags, rdwr_pt_pax, limit, verbose);
 
 		if(verbose == 1)
-			ret = print_flags(fd, verbose);
+			print_flags(fd, verbose);
 
 		close(fd);
 


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-21 20:36 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-21 20:36 UTC (permalink / raw
  To: gentoo-commits

commit:     fca2f482f0c86bb509a413e5f843a655eb83c13e
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 21 20:36:02 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Dec 21 20:36:02 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=fca2f482

src/paxctl-ng.c: add missing report of -d flag in print_help_exit()

---
 src/paxctl-ng.c |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 1e5b663..d256da8 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -94,6 +94,7 @@ print_help_exit(char *v)
 #ifdef XTPAX
 		"             : -C create XATTR_PAX with most secure setting\n"
 		"             : -c create XATTR_PAX all default settings\n"
+		"             : -d delete XATTR_PAX field\n"
 #endif
 #if defined(PTPAX) && defined(XTPAX)
 		"             : -F copy PT_PAX to XATTR_PAX\n"


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-22 17:48 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-22 17:48 UTC (permalink / raw
  To: gentoo-commits

commit:     02421913c83319b3376d2da60bcf1581fa36c96b
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Sat Dec 22 17:47:53 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Sat Dec 22 17:47:53 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=02421913

src/paxctl-ng.c: cosmetic cleanup with length of PT_PAX vs XATTR_PAX

---
 src/paxctl-ng.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index d256da8..ea6115b 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -448,12 +448,12 @@ print_flags(int fd, int verbose)
 #ifdef PTPAX
 	flags = get_pt_flags(fd, verbose);
 	if( flags == UINT16_MAX )
-		printf("\tPT_PAX: not found\n");
+		printf("\tPT_PAX   : not found\n");
 	else
 	{
 		memset(buf, 0, FLAGS_SIZE);
 		bin2string4print(flags, buf);
-		printf("\tPT_PAX: %s\n", buf);
+		printf("\tPT_PAX   : %s\n", buf);
 	}
 #endif
 


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2012-12-28 23:07 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2012-12-28 23:07 UTC (permalink / raw
  To: gentoo-commits

commit:     bbcdee4fec695a1591909ab1d687e3589fabac17
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Fri Dec 28 23:06:50 2012 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Fri Dec 28 23:06:50 2012 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=bbcdee4f

src/paxctl-ng.c: fix uninitialized value for xt_flags

---
 src/paxctl-ng.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 6dbcf4c..dcfdde9 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -707,6 +707,9 @@ create_xt_flags(int fd, int cp_flags)
 			PF_NOEMUTRAMP | PF_RANDMMAP ;
 	else if(cp_flags == CREATE_XT_FLAGS_DEFAULT)
 		xt_flags = 0;
+	else
+		//Why are we here?
+		return EXIT_FAILURE;
 
 	memset(buf, 0, FLAGS_SIZE);
 	bin2string(xt_flags, buf);


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2013-09-26 12:24 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2013-09-26 12:24 UTC (permalink / raw
  To: gentoo-commits

commit:     2f98962eccca32b60f93ef358eb7dc638067f9da
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Sep 26 12:20:08 2013 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Sep 26 12:20:08 2013 +0000
URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=2f98962e

Return EXIT_SUCCESS if user.pax.flags is done after paxctl-ng -d

If the user.pax.flags field exists and we have permissions to remove
it, the first invocation of paxctl-ng -d returns 0.  But subsequently
it returns 1 because it fails to remove an xattr field that is not
there.  We make sure we return 0 if the field is gone for whatever
reason.  We only fail upon not having permissions to change the xattr
filed, or the filesystem not supporting xattrs (ENOTSUP).

Reported-by: Maxim Kammerer <mk <AT> dee.su>

X-Gentoo-Bug: 485908
X-Gentoo-Bug-URL: https://bugs.gentoo.org/485908

---
 src/paxctl-ng.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 4d69ab4..8071d50 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -26,6 +26,7 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <errno.h>
 
 #ifdef PTPAX
  #include <gelf.h>
@@ -744,7 +745,15 @@ delete_xt_flags(int fd)
 	if( !fremovexattr(fd, PAX_NAMESPACE) )
 		return EXIT_SUCCESS;
 	else
-		return EXIT_FAILURE;
+	{
+		// If this fails because there was no such named xattr
+		// in the first place, then in a sense, we succeeded.
+		// See: https://bugs.gentoo.org/show_bug.cgi?id=485908
+		if( errno == ENOATTR )
+			return EXIT_SUCCESS;
+		else
+			return EXIT_FAILURE;
+	}
 }
 #endif
 


^ permalink raw reply related	[flat|nested] 40+ messages in thread

* [gentoo-commits] proj/elfix:master commit in: src/
@ 2018-12-13 14:48 Anthony G. Basile
  0 siblings, 0 replies; 40+ messages in thread
From: Anthony G. Basile @ 2018-12-13 14:48 UTC (permalink / raw
  To: gentoo-commits

commit:     cede3de716079a1a00d95409caf1244f2df1c9d1
Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 13 14:47:38 2018 +0000
Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>
CommitDate: Thu Dec 13 14:48:28 2018 +0000
URL:        https://gitweb.gentoo.org/proj/elfix.git/commit/?id=cede3de7

src/paxctl-ng.c: return ENOENT if a file is not found

This addresses https://bugs.gentoo.org/672072

Signed-off-by: Anthony G. Basile <blueness <AT> gentoo.org>

 src/paxctl-ng.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 25396d4..43718de 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -805,6 +805,13 @@ main( int argc, char *argv[])
 
 		if((fd = open(argv[fi], O_RDWR)) < 0)
 		{
+			if(errno == ENOENT) {
+				if(verbose)
+					printf("\topen() failed: file does not exist\n\n");
+				ret |= ENOENT;
+				continue;
+			}
+
 			rdwr_pt_pax = 0;
 #ifdef PTPAX
 			if(verbose)


^ permalink raw reply related	[flat|nested] 40+ messages in thread

end of thread, other threads:[~2018-12-13 14:48 UTC | newest]

Thread overview: 40+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-09-10 21:11 [gentoo-commits] proj/elfix:master commit in: src/ Anthony G. Basile
  -- strict thread matches above, loose matches on Subject: below --
2018-12-13 14:48 Anthony G. Basile
2013-09-26 12:24 Anthony G. Basile
2012-12-28 23:07 Anthony G. Basile
2012-12-22 17:48 Anthony G. Basile
2012-12-21 20:36 Anthony G. Basile
2012-11-10 23:27 Anthony G. Basile
2012-11-10 22:29 Anthony G. Basile
2012-11-10 21:55 Anthony G. Basile
2012-11-10 21:35 Anthony G. Basile
2012-11-10 21:26 Anthony G. Basile
2012-07-27 22:00 Anthony G. Basile
2012-07-23 10:47 Anthony G. Basile
2012-07-21 12:37 Anthony G. Basile
2012-07-20 13:24 Anthony G. Basile
2012-07-20 11:56 Anthony G. Basile
2012-07-20  9:30 Anthony G. Basile
2011-11-27  0:59 Anthony G. Basile
2011-11-27  0:26 Anthony G. Basile
2011-11-15 16:07 Anthony G. Basile
2011-11-03 18:45 Anthony G. Basile
2011-11-03 18:16 Anthony G. Basile
2011-11-03 12:33 Anthony G. Basile
2011-10-22 19:51 Anthony G. Basile
2011-10-18 22:48 Anthony G. Basile
2011-09-27 18:49 Anthony G. Basile
2011-09-27 17:58 Anthony G. Basile
2011-09-27 17:30 Anthony G. Basile
2011-09-18 22:48 Anthony G. Basile
2011-09-18 14:20 Anthony G. Basile
2011-09-11 21:12 Anthony G. Basile
2011-09-11  3:40 Anthony G. Basile
2011-09-11  2:32 Anthony G. Basile
2011-09-11  1:54 Anthony G. Basile
2011-09-11  0:23 Anthony G. Basile
2011-09-10 21:36 Anthony G. Basile
2011-09-10 21:35 Anthony G. Basile
2011-05-13 12:01 Anthony G. Basile
2011-05-05 22:40 Anthony G. Basile
2011-05-04  2:15 Anthony G. Basile

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox