aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-12-12 19:50:12 +0000
committerAnthony G. Basile <blueness@gentoo.org>2012-12-12 14:57:46 -0500
commit382afaee42d294e84e45318790de6593b5b39219 (patch)
tree41c370be1d35e58c34e5597b30ceb53bf7738533
parentconfigure.ac: disable silent rules (diff)
downloadelfix-382afaee42d294e84e45318790de6593b5b39219.tar.gz
elfix-382afaee42d294e84e45318790de6593b5b39219.tar.bz2
elfix-382afaee42d294e84e45318790de6593b5b39219.zip
Add logic for NEED_PAX_DECLS when gelf.h is present but lacks them
On a gentoo system <sys-libs/glibc-2.16, elf.h is no longer patched to provide PT_PAX_FLAGS and PF_* for the PAX program header of ELF binaries. As a result, we must include them. These will eventuall be exported by upstream PAX team in a separate header but for now we test 1) do we want PT_PAX, if yes, then test for gelf.h and for the DECLS. If we don't have the DECLS, then include our local copy. or 2) so we want only XATTR PAX, in which case don't test for gelf.h, don't include it and provide our local DECLS.
-rw-r--r--configure.ac6
-rw-r--r--scripts/paxmodule.c7
-rwxr-xr-xscripts/setup.py89
-rw-r--r--src/paxctl-ng.c7
4 files changed, 86 insertions, 23 deletions
diff --git a/configure.ac b/configure.ac
index 43c74e9..7c7e3f7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -66,13 +66,15 @@ AS_IF(
AC_CHECK_DECLS(
[PT_PAX_FLAGS, PF_PAGEEXEC, PF_MPROTECT, PF_RANDMMAP],
[],
- [AC_MSG_ERROR(["Missing necessary define's in gelf.h"])],
+ [
+ CFLAGS+=" -DNEED_PAX_DECLS"
+ ],
[[#include <gelf.h>]]
)
CFLAGS+=" -DPTPAX"
],
[
- CFLAGS+=" -UPTPAX"
+ CFLAGS+=" -UPTPAX -DNEED_PAX_DECLS"
]
)
diff --git a/scripts/paxmodule.c b/scripts/paxmodule.c
index 56cef3a..8ae10be 100644
--- a/scripts/paxmodule.c
+++ b/scripts/paxmodule.c
@@ -26,13 +26,18 @@
#ifdef PTPAX
#include <gelf.h>
-#else
+#endif
+
+#ifdef NEED_PAX_DECLS
+ #define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */
#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */
#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */
#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */
#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */
#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */
#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */
+ #define PF_RANDEXEC (1 << 10) /* DEPRECATED: Enable RANDEXEC */
+ #define PF_NORANDEXEC (1 << 11) /* DEPRECATED: Disable RANDEXEC */
#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */
#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */
#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */
diff --git a/scripts/setup.py b/scripts/setup.py
index 528cfa0..0c6e9cc 100755
--- a/scripts/setup.py
+++ b/scripts/setup.py
@@ -1,40 +1,91 @@
#!/usr/bin/env python
-import os
+import sys, os, re
from distutils.core import setup, Extension
ptpax = os.getenv('PTPAX')
xtpax = os.getenv('XTPAX')
-if ptpax != None and xtpax == None:
- module1 = Extension(
- name='pax',
- sources = ['paxmodule.c'],
- libraries = ['elf'],
- undef_macros = ['XTPAX'],
- define_macros = [('PTPAX', 1)]
- )
+# This is a bit hacky since we include gelf.h but
+# the pax decls are in elf.h. The stacking goes as
+# gelf.h
+# libelf.h
+# elf.h
+
-elif ptpax == None and xtpax != None:
+# we want only XTPAX and so NEED_PAX_DECLS
+if ptpax == None and xtpax != None:
module1 = Extension(
name='pax',
sources = ['paxmodule.c'],
libraries = ['attr'],
undef_macros = ['PTPAX'],
- define_macros = [('PTPAX', 1)]
+ define_macros = [('XTPAX', 1), ('NEED_PAX_DECLS', 1)]
)
-if ptpax != None and xtpax != None:
- module1 = Extension(
- name='pax',
- sources = ['paxmodule.c'],
- libraries = ['elf', 'attr'],
- define_macros = [('PTPAX', 1), ('XTPAX', 1)]
- )
+# We want PTPAX but don't know if we NEED_PAX_DECLS
+else:
+ try:
+ need_pax_decls = True
+ f = open('/usr/include/elf.h', 'r')
+ for line in f.readlines():
+ if re.search('PF_PAGEEXEC', line):
+ need_pax_decls = False
+ f.close()
+
+ except IOError as e:
+ print("Can't find elf.h in the usual place!")
+ sys.exit(1)
+
+ # We NEED_PAX_DECLS
+ if need_pax_decls:
+
+ # We want PTPAX but not XTPAX
+ if ptpax != None and xtpax == None:
+ module1 = Extension(
+ name='pax',
+ sources = ['paxmodule.c'],
+ libraries = ['elf'],
+ undef_macros = ['XTPAX'],
+ define_macros = [('PTPAX', 1), ('NEED_PAX_DECLS', 1)]
+ )
+
+ # We want both PTAPX and XTPAX
+ elif ptpax != None and xtpax != None:
+ module1 = Extension(
+ name='pax',
+ sources = ['paxmodule.c'],
+ libraries = ['elf', 'attr'],
+ define_macros = [('PTPAX', 1), ('XTPAX', 1), ('NEED_PAX_DECLS', 1)]
+ )
+
+ # We don't NEED_PAX_DECLS
+ else:
+
+ # We want both PTAPX and XTPAX
+ if ptpax != None and xtpax == None:
+ module1 = Extension(
+ name='pax',
+ sources = ['paxmodule.c'],
+ libraries = ['elf'],
+ undef_macros = ['XTPAX', 'NEED_PAX_DECLS'],
+ define_macros = [('PTPAX', 1)]
+ )
+
+ # We want both PTAPX and XTPAX
+ elif ptpax != None and xtpax != None:
+ module1 = Extension(
+ name='pax',
+ sources = ['paxmodule.c'],
+ libraries = ['elf', 'attr'],
+ undef_macros = ['NEED_PAX_DECLS'],
+ define_macros = [('PTPAX', 1), ('XTPAX', 1)]
+ )
+
setup(
name = 'PaxPython',
- version = '2.0',
+ version = '0.6.1',
author = 'Anthony G. Basile',
author_email = 'blueness@gentoo.org',
url = 'http://dev.gentoo.org/~blueness/elfix',
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index e58cebb..d5acaf8 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -29,13 +29,18 @@
#ifdef PTPAX
#include <gelf.h>
-#else
+#endif
+
+#ifdef NEED_PAX_DECLS
+ #define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */
#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */
#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */
#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */
#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */
#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */
#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */
+ #define PF_RANDEXEC (1 << 10) /* DEPRECATED: Enable RANDEXEC */
+ #define PF_NORANDEXEC (1 << 11) /* DEPRECATED: Disable RANDEXEC */
#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */
#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */
#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */