diff options
| author |   Anthony G. Basile <blueness@gentoo.org> | 2016-08-26 20:02:44 -0400 |
|---|---|---|
| committer | Anthony G. Basile <blueness@gentoo.org> | 2016-08-27 19:17:45 -0400 |
| commit | 5bd65cd07e1d72c1a5e3cb12453ac2077425842e (patch) | |
| tree | 49f252cc02b68a56c49ab2bcae409d49382d1523 /eclass/pax-utils.eclass | |
| parent | media-video/devedeng: version bump (diff) | |
| download | gentoo-5bd65cd07e1d72c1a5e3cb12453ac2077425842e.tar.gz gentoo-5bd65cd07e1d72c1a5e3cb12453ac2077425842e.tar.bz2 gentoo-5bd65cd07e1d72c1a5e3cb12453ac2077425842e.zip | |
pax-utils.eclass: do not attempt to create/convert a PT_PAX_FLAGS program header
Support for the creation of PT_PAX_FLAGS program headers in ELF objects is being
dropped in >=sys-devel/binutils-2.26.1. Running paxctl -C or -c either to create
a PT_PAX_FLAGS header or to convert a PT_GNU_STACK header on such ELF objects
results in broken executables. For backwards compatibility we continue to support
PT_PAX_FLAGS markings with paxctl but remove these unsafe methods from the eclass.
Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=590422
Diffstat (limited to 'eclass/pax-utils.eclass')
| -rw-r--r-- | eclass/pax-utils.eclass | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass index 9ed117002391..137f3efe8527 100644 --- a/eclass/pax-utils.eclass +++ b/eclass/pax-utils.eclass @@ -1,4 +1,4 @@ -# Copyright 1999-2015 Gentoo Foundation +# Copyright 1999-2016 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # $Id$ @@ -6,8 +6,8 @@ # @MAINTAINER: # The Gentoo Linux Hardened Team <hardened@gentoo.org> # @AUTHOR: -# Original Author: Kevin F. Quinn <kevquinn@gentoo.org> -# Modifications for bugs #365825, #431092, #520198, @ ECLASS markup: Anthony G. Basile <blueness@gentoo.org> +# Author: Kevin F. Quinn <kevquinn@gentoo.org> +# Author: Anthony G. Basile <blueness@gentoo.org> # @BLURB: functions to provide PaX markings for hardened kernels # @DESCRIPTION: # @@ -77,16 +77,14 @@ pax-mark() { # _pax_list_files einfo "$@" for f in "$@"; do - # First try paxctl -> this might try to create/convert program headers. + # First try paxctl if type -p paxctl >/dev/null; then einfo "PT_PAX marking -${flags} ${f} with paxctl" - # First, try modifying the existing PAX_FLAGS header. + # We try modifying the existing PT_PAX_FLAGS header. paxctl -q${flags} "${f}" >/dev/null 2>&1 && continue - # Second, try creating a PT_PAX header (works on ET_EXEC). - # Even though this is less safe, most exes need it. #463170 - paxctl -qC${flags} "${f}" >/dev/null 2>&1 && continue - # Third, try stealing the (unused under PaX) PT_GNU_STACK header - paxctl -qc${flags} "${f}" >/dev/null 2>&1 && continue + # We no longer try to create/convert a PT_PAX_FLAGS header, bug #590422 + # paxctl -qC${flags} "${f}" >/dev/null 2>&1 && continue + # paxctl -qc${flags} "${f}" >/dev/null 2>&1 && continue fi # Next try paxctl-ng -> this will not create/convert any program headers. |