diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2012-12-12 19:50:12 +0000 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2012-12-12 14:57:46 -0500 |
commit | 382afaee42d294e84e45318790de6593b5b39219 (patch) | |
tree | 41c370be1d35e58c34e5597b30ceb53bf7738533 | |
parent | configure.ac: disable silent rules (diff) | |
download | elfix-382afaee42d294e84e45318790de6593b5b39219.tar.gz elfix-382afaee42d294e84e45318790de6593b5b39219.tar.bz2 elfix-382afaee42d294e84e45318790de6593b5b39219.zip |
Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them
On a gentoo system <sys-libs/glibc-2.16, elf.h is no longer patched
to provide PT_PAX_FLAGS and PF_* for the PAX program header of ELF
binaries. As a result, we must include them. These will eventuall
be exported by upstream PAX team in a separate header but for now
we test 1) do we want PT_PAX, if yes, then test for gelf.h and for
the DECLS. If we don't have the DECLS, then include our local copy.
or 2) so we want only XATTR PAX, in which case don't test for gelf.h,
don't include it and provide our local DECLS.
-rw-r--r-- | configure.ac | 6 | ||||
-rw-r--r-- | scripts/paxmodule.c | 7 | ||||
-rwxr-xr-x | scripts/setup.py | 89 | ||||
-rw-r--r-- | src/paxctl-ng.c | 7 |
4 files changed, 86 insertions, 23 deletions
diff --git a/configure.ac b/configure.ac index 43c74e9..7c7e3f7 100644 --- a/configure.ac +++ b/configure.ac @@ -66,13 +66,15 @@ AS_IF( AC_CHECK_DECLS( [PT_PAX_FLAGS, PF_PAGEEXEC, PF_MPROTECT, PF_RANDMMAP], [], - [AC_MSG_ERROR(["Missing necessary define's in gelf.h"])], + [ + CFLAGS+=" -DNEED_PAX_DECLS" + ], [[#include <gelf.h>]] ) CFLAGS+=" -DPTPAX" ], [ - CFLAGS+=" -UPTPAX" + CFLAGS+=" -UPTPAX -DNEED_PAX_DECLS" ] ) diff --git a/scripts/paxmodule.c b/scripts/paxmodule.c index 56cef3a..8ae10be 100644 --- a/scripts/paxmodule.c +++ b/scripts/paxmodule.c @@ -26,13 +26,18 @@ #ifdef PTPAX #include <gelf.h> -#else +#endif + +#ifdef NEED_PAX_DECLS + #define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */ #define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ #define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ #define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ #define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ #define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ #define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ + #define PF_RANDEXEC (1 << 10) /* DEPRECATED: Enable RANDEXEC */ + #define PF_NORANDEXEC (1 << 11) /* DEPRECATED: Disable RANDEXEC */ #define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ #define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ #define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ diff --git a/scripts/setup.py b/scripts/setup.py index 528cfa0..0c6e9cc 100755 --- a/scripts/setup.py +++ b/scripts/setup.py @@ -1,40 +1,91 @@ #!/usr/bin/env python -import os +import sys, os, re from distutils.core import setup, Extension ptpax = os.getenv('PTPAX') xtpax = os.getenv('XTPAX') -if ptpax != None and xtpax == None: - module1 = Extension( - name='pax', - sources = ['paxmodule.c'], - libraries = ['elf'], - undef_macros = ['XTPAX'], - define_macros = [('PTPAX', 1)] - ) +# This is a bit hacky since we include gelf.h but +# the pax decls are in elf.h. The stacking goes as +# gelf.h +# libelf.h +# elf.h + -elif ptpax == None and xtpax != None: +# we want only XTPAX and so NEED_PAX_DECLS +if ptpax == None and xtpax != None: module1 = Extension( name='pax', sources = ['paxmodule.c'], libraries = ['attr'], undef_macros = ['PTPAX'], - define_macros = [('PTPAX', 1)] + define_macros = [('XTPAX', 1), ('NEED_PAX_DECLS', 1)] ) -if ptpax != None and xtpax != None: - module1 = Extension( - name='pax', - sources = ['paxmodule.c'], - libraries = ['elf', 'attr'], - define_macros = [('PTPAX', 1), ('XTPAX', 1)] - ) +# We want PTPAX but don't know if we NEED_PAX_DECLS +else: + try: + need_pax_decls = True + f = open('/usr/include/elf.h', 'r') + for line in f.readlines(): + if re.search('PF_PAGEEXEC', line): + need_pax_decls = False + f.close() + + except IOError as e: + print("Can't find elf.h in the usual place!") + sys.exit(1) + + # We NEED_PAX_DECLS + if need_pax_decls: + + # We want PTPAX but not XTPAX + if ptpax != None and xtpax == None: + module1 = Extension( + name='pax', + sources = ['paxmodule.c'], + libraries = ['elf'], + undef_macros = ['XTPAX'], + define_macros = [('PTPAX', 1), ('NEED_PAX_DECLS', 1)] + ) + + # We want both PTAPX and XTPAX + elif ptpax != None and xtpax != None: + module1 = Extension( + name='pax', + sources = ['paxmodule.c'], + libraries = ['elf', 'attr'], + define_macros = [('PTPAX', 1), ('XTPAX', 1), ('NEED_PAX_DECLS', 1)] + ) + + # We don't NEED_PAX_DECLS + else: + + # We want both PTAPX and XTPAX + if ptpax != None and xtpax == None: + module1 = Extension( + name='pax', + sources = ['paxmodule.c'], + libraries = ['elf'], + undef_macros = ['XTPAX', 'NEED_PAX_DECLS'], + define_macros = [('PTPAX', 1)] + ) + + # We want both PTAPX and XTPAX + elif ptpax != None and xtpax != None: + module1 = Extension( + name='pax', + sources = ['paxmodule.c'], + libraries = ['elf', 'attr'], + undef_macros = ['NEED_PAX_DECLS'], + define_macros = [('PTPAX', 1), ('XTPAX', 1)] + ) + setup( name = 'PaxPython', - version = '2.0', + version = '0.6.1', author = 'Anthony G. Basile', author_email = 'blueness@gentoo.org', url = 'http://dev.gentoo.org/~blueness/elfix', diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c index e58cebb..d5acaf8 100644 --- a/src/paxctl-ng.c +++ b/src/paxctl-ng.c @@ -29,13 +29,18 @@ #ifdef PTPAX #include <gelf.h> -#else +#endif + +#ifdef NEED_PAX_DECLS + #define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */ #define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ #define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ #define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ #define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ #define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ #define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ + #define PF_RANDEXEC (1 << 10) /* DEPRECATED: Enable RANDEXEC */ + #define PF_NORANDEXEC (1 << 11) /* DEPRECATED: Disable RANDEXEC */ #define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ #define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ #define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ |