From d2395ee3f3af84353d6428f9b20e99522840f4d0 Mon Sep 17 00:00:00 2001 From: Christian Wiese Date: Sat, 12 Apr 2008 15:52:29 +0300 Subject: [PATCH] [paxctl] Added paxctl 0.5 - A user-space utility to control PaX flags --- security/paxctl/kernel-pax.config.in | 23 ++ security/paxctl/parse-config-9 | 22 ++ .../.binutils-2.17.50.0.11-pt_pax.patch.swp | Bin 0 -> 16384 bytes .../binutils-2.17.50.0.10-pt_pax.patch | 260 +++++++++++++++++ .../binutils-2.17.50.0.11-pt_pax.patch | 260 +++++++++++++++++ .../binutils-2.17.50.0.18.pt_pax.patch | 271 ++++++++++++++++++ .../patches/binutils-2.17.50.0.9-pt_pax.patch | 261 +++++++++++++++++ .../glibc-2.5-dl_execstack_PaX-1.patch | 85 ++++++ .../patches/glibc-2.5-iconv_unnest-1.patch | 106 +++++++ .../glibc-2.5-localedef_segfault-1.patch | 74 +++++ .../paxctl/patches/glibc-2.5-pt_pax-1.patch | 56 ++++ ...glibc-2.5.1-iconvconfig_trampoline-1.patch | 113 ++++++++ .../glibc-2.5.1-localedef_trampoline-1.patch | 80 ++++++ .../paxctl/patches/glibc-2.5.1-pt_pax-1.patch | 56 ++++ security/paxctl/paxctl.cache | 8 + security/paxctl/paxctl.desc | 43 +++ security/paxctl/pkg_linux-header_post.conf | 15 + security/paxctl/pkg_linux26_post.conf | 15 + security/paxctl/pkg_linux_post.conf | 28 ++ 19 files changed, 1776 insertions(+) create mode 100644 security/paxctl/kernel-pax.config.in create mode 100644 security/paxctl/parse-config-9 create mode 100644 security/paxctl/patches/.binutils-2.17.50.0.11-pt_pax.patch.swp create mode 100644 security/paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch create mode 100644 security/paxctl/patches/binutils-2.17.50.0.11-pt_pax.patch create mode 100644 security/paxctl/patches/binutils-2.17.50.0.18.pt_pax.patch create mode 100644 security/paxctl/patches/binutils-2.17.50.0.9-pt_pax.patch create mode 100644 security/paxctl/patches/glibc-2.5-dl_execstack_PaX-1.patch create mode 100644 security/paxctl/patches/glibc-2.5-iconv_unnest-1.patch create mode 100644 security/paxctl/patches/glibc-2.5-localedef_segfault-1.patch create mode 100644 security/paxctl/patches/glibc-2.5-pt_pax-1.patch create mode 100644 security/paxctl/patches/glibc-2.5.1-iconvconfig_trampoline-1.patch create mode 100644 security/paxctl/patches/glibc-2.5.1-localedef_trampoline-1.patch create mode 100644 security/paxctl/patches/glibc-2.5.1-pt_pax-1.patch create mode 100644 security/paxctl/paxctl.cache create mode 100644 security/paxctl/paxctl.desc create mode 100644 security/paxctl/pkg_linux-header_post.conf create mode 100644 security/paxctl/pkg_linux26_post.conf create mode 100644 security/paxctl/pkg_linux_post.conf diff --git a/security/paxctl/kernel-pax.config.in b/security/paxctl/kernel-pax.config.in new file mode 100644 index 000000000..35eaf7a9a --- /dev/null +++ b/security/paxctl/kernel-pax.config.in @@ -0,0 +1,23 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/kernel-pax.config.in +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. A copy of the +# GNU General Public License can be found in the file COPYING. +# --- SDE-COPYRIGHT-NOTE-END --- + +CONFIG_PAX=y +CONFIG_PAX_SOFTMODE=y +CONFIG_PAX_PT_PAX_FLAGS=y +CONFIG_PAX_HOOK_ACL_FLAGS=y +CONFIG_PAX_NOEXEC=y +CONFIG_PAX_ASLR=y +CONFIG_PAX_RANDKSTACK=y +CONFIG_PAX_RANDUSTACK=y +CONFIG_PAX_RANDMMAP=y diff --git a/security/paxctl/parse-config-9 b/security/paxctl/parse-config-9 new file mode 100644 index 000000000..61becb9d9 --- /dev/null +++ b/security/paxctl/parse-config-9 @@ -0,0 +1,22 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/parse-config-9 +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. A copy of the +# GNU General Public License can be found in the file COPYING. +# --- SDE-COPYRIGHT-NOTE-END --- + +pkg_pax_patches="$base/package/*/paxctl/patches" + +# add PaX patches found in package/*/paxctl/patches/ +if [ -d $pkg_pax_patches ] ; then + for x in $( ls -1 $pkg_pax_patches/$pkg*$ver*.patch 2>/dev/null ); do + var_append patchfiles " " "$x" + done +fi diff --git a/security/paxctl/patches/.binutils-2.17.50.0.11-pt_pax.patch.swp b/security/paxctl/patches/.binutils-2.17.50.0.11-pt_pax.patch.swp new file mode 100644 index 0000000000000000000000000000000000000000..906f27fef6dd6c8522feec2f80c1e209138aa316 GIT binary patch literal 16384 zcmeHOU2Gd!6`pSC?uISpr|b(t=r*m2UH@e4IB}A)*?JSF4NdGQNxR)uU^MnzJ441Z z!^}7&X$#^J=z?HZs1Ha8t$0{oU>}h9kq}706G*%v-~sW9kPr)kMOq2IbMMT=PU0l} zk$7ONd>VUv?z!iF_uPBWIpZ|coAZmToG&PNy-!hgrhZiY>JOX~wTp_~bAO~^ z+TFmk{9G|#DCfu2yqYf*a&DkOE-!?R>^c!h7)TgUPAQ|sf=Wc3A3n#P1#*Jl*vx4=E%i+~552hIU!fnUEH`ha`DU0@RkfDZ6HpaN;&qrl&X6y-0#FM;m@ z-vI6dUkAPd=)g3P0?q>OJgq2y0KNmf0(=R$4RGL-z#1?MJPVuw-hN6^egfj## zD$37*yTCN?5#aZyQ1bv@1$3YUJO%vmUFZk+Ja7s49mswK=mLwtWndCG37i1_j6%$t zz^lL-@G|fMa1wY2b0p?T`bma~7q?nkVCaF)QcgE;yMfkd8R^`#AK+&dTFcVgK6{QW z&1uW*4qaZ9ms^(=q2RWXBQ+1N1&z%XOPO}d$xZVu-V`0Dm5kIsNHKo95gK<#Shu*e zTwkrutO~QZ%L-G- z5a#iq>)C8|`9>A@Bo*gOUn7m{y1%Xkdc)!oJ#;6XR<2xOxv}D8AzK({8S!RRWmm2! znM{Tq_+yt5Oz8+zTBf~`Zw?hzwVYE6x#Bo0OiUHaQ=|AzO!Q(IwVE|)u4SKjf= z_F#qT=u~NZN-ghGXqc@Q%X!_}vDF?d*xxmA#x7oDDWA7H+zxWnt`=;&oIMA|SG9$D zWp;>OYeJBO@7y8bW?(vYZd$tcMYd9%(N?c5S1YqiHqWnUGxg=_-26gStHIOb5ogh> z7)`Iu5hn)>v$B8@rWs6A)6#h1PNl+lmb|G{QnO`pCeblt&&!@`tCjg$byj=fC2e7` z5;I7h3*O^5Gy$$|7+zX(p2Dk#7V(uBnwXRG25*@*r#>(RtMm1mHcx*`H&$`u>SDFF z8ckN*LzXqT0n;VxWaea^<~pW1vdL$L!+mBu0W7~S7AETX!LG4P4}@h6-ZpL9wA)IgsGMgj*XA_%VmvaYdz?A8wT*ETGxVL~ zMe8A^Cm-t=7sf~xVmc$je5qz{2YI;#mDCCN3Vdd?ke!Hq=5D06XIIq2GetU!*3n&@ zDV>(-`GMH>XfQ30W1|b5*-v95my>fhnj^P^Mi)D|X`64Mnb^s}skq&V#TkQyE6)aP zQ@2b5tqQUD?w7c|-@^C==x-pmls+%(6(ED4u6AQ#0k? zqTyi#gV7cQX*;@QIZc)#wz5p`1VjQ+!{`Hqd~=7x5mSEPb(?`OKU`ZxX(WA{4woTJ z!w_S8IHRRrDvnOjQZE%t**eMxp8nCF%197%C5ZrLv&}85v+%tAWSTnQEn;T-7v}3rQ)8xMIcsbwY zO|xY-=~mm*JCS{i93fDkmRr zvsi=%-^#M#*eQpjDQ@ZraC-N=sVJa$q>empc@A|V#t?NvN78b2VYxmfmVI%2Vw5Px zwUnI<84lwZH(Ji&d!iAM^&^3B78u6$Ga zSry^wyd7}Q)-CNO_b|`w(x$iy=fM(M+3qwPi{YkE=chR6O*%?_I+d_tipI=odc z%fP>p-+vqUGGGDMfvdo?!21Ep`+o!c3b+rv2Kc}VPzOE^Tmy!I)4=zT`+ov>0(b*? z{u1yOa`5vOiR59Pb=o zDOoDwA$3xu1qg~qWi?=MJcNJRvkc0g^4pIi8XBOEVxh6AV(H-`;vS^~BB34$N|=z_ z2iy->&St|GX6lQJ_1aS9YISA)?-nr!kYVXN+p&6? zgfP0tysjOX9Zqv@5X-4BhfN>JFD8_GC>`>>dNJ_$JBAt$12;ZvbWy>Hr}r4z%|H~) zV(r8*R5$Rb!$xL>Qr8Z$CLu%R!f+s=;=w+*>v0Eq#l!m>DGt5u_?nOBYnT(Ccv$AH z;{`|=J?=Z!CWh~ev{U4m;jGdM^YcgY+jKgpOrZWI_~l-kv#{QahcviND#5mcYIRt( zK{Xluq5n{~bis02)C49c%5fe20d@wI?J_t-=s^w6gqD+!W(ViQTxDSePl@`!-`z1F zAs-`UhHgh?!+nQ`;|99d#tE|9F5c=h`#Rqh8q|G{c@NNe)GF>eDp&T8Tlm6m&s5Lc z6_BNi1FEP17AA4U1F}P(i(w1r9n|SiY`5qE*=RA(JCEr|I$ZIim1_>Pd+;%} u-xP&Kk6!Rdcd@c^9gk0EhSaUO@G;;JN-azK%br+f+@odIFaw_+pZpgwxhBT| literal 0 HcmV?d00001 diff --git a/security/paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch b/security/paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch new file mode 100644 index 000000000..ad02c2f11 --- /dev/null +++ b/security/paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch @@ -0,0 +1,260 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +diff -ruN binutils-2.17.50.0.10.orig/bfd/elf-bfd.h binutils-2.17.50.0.10/bfd/elf-bfd.h +--- binutils-2.17.50.0.10.orig/bfd/elf-bfd.h 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/bfd/elf-bfd.h 2007-01-26 16:32:19.000000000 +0100 +@@ -1355,6 +1355,9 @@ + /* Segment flags for the PT_GNU_STACK segment. */ + unsigned int stack_flags; + ++ /* Segment flags for the PT_PAX_FLAGS segment. */ ++ unsigned int pax_flags; ++ + /* Symbol version definitions in external objects. */ + Elf_Internal_Verdef *verdef; + +diff -ruN binutils-2.17.50.0.10.orig/bfd/elf.c binutils-2.17.50.0.10/bfd/elf.c +--- binutils-2.17.50.0.10.orig/bfd/elf.c 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/bfd/elf.c 2007-01-26 16:32:19.000000000 +0100 +@@ -1109,6 +1109,7 @@ + case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break; + case PT_GNU_STACK: pt = "STACK"; break; + case PT_GNU_RELRO: pt = "RELRO"; break; ++ case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break; + default: pt = NULL; break; + } + return pt; +@@ -2683,6 +2684,9 @@ + case PT_GNU_RELRO: + return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro"); + ++ case PT_PAX_FLAGS: ++ return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags"); ++ + default: + /* Check for any processor-specific program segment types. */ + bed = get_elf_backend_data (abfd); +@@ -3655,6 +3659,11 @@ + ++segs; + } + ++ { ++ /* We need a PT_PAX_FLAGS segment. */ ++ ++segs; ++ } ++ + for (s = abfd->sections; s != NULL; s = s->next) + { + if ((s->flags & SEC_LOAD) != 0 +@@ -4238,6 +4247,20 @@ + pm = &m->next; + } + ++ { ++ amt = sizeof (struct elf_segment_map); ++ m = bfd_zalloc (abfd, amt); ++ if (m == NULL) ++ goto error_return; ++ m->next = NULL; ++ m->p_type = PT_PAX_FLAGS; ++ m->p_flags = elf_tdata (abfd)->pax_flags; ++ m->p_flags_valid = 1; ++ ++ *pm = m; ++ pm = &m->next; ++ } ++ + free (sections); + elf_tdata (abfd)->segment_map = mfirst; + } +@@ -5400,7 +5423,8 @@ + 6. PT_TLS segment includes only SHF_TLS sections. + 7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments. + 8. PT_DYNAMIC should not contain empty sections at the beginning +- (with the possible exception of .dynamic). */ ++ (with the possible exception of .dynamic). ++ 9. PT_PAX_FLAGS segments does not include any sections. */ + #define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed) \ + ((((segment->p_paddr \ + ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \ +@@ -5408,6 +5432,7 @@ + && (section->flags & SEC_ALLOC) != 0) \ + || IS_COREFILE_NOTE (segment, section)) \ + && segment->p_type != PT_GNU_STACK \ ++ && segment->p_type != PT_PAX_FLAGS \ + && (segment->p_type != PT_TLS \ + || (section->flags & SEC_THREAD_LOCAL)) \ + && (segment->p_type == PT_LOAD \ +diff -ruN binutils-2.17.50.0.10.orig/bfd/elflink.c binutils-2.17.50.0.10/bfd/elflink.c +--- binutils-2.17.50.0.10.orig/bfd/elflink.c 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/bfd/elflink.c 2007-01-26 17:09:17.000000000 +0100 +@@ -5286,16 +5286,30 @@ + if (!is_elf_hash_table (info->hash)) + return TRUE; + ++ elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC; ++ ++ if (info->execheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT; ++ else if (info->noexecheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT; ++ + if (info->execstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ } + else if (info->noexecstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; ++ } + else + { + bfd *inputobj; + asection *notesec = NULL; + int exec = 0; + ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; + for (inputobj = info->input_bfds; + inputobj; + inputobj = inputobj->link_next) +@@ -5308,7 +5322,11 @@ + if (s) + { + if (s->flags & SEC_CODE) +- exec = PF_X; ++ { ++ elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ exec = PF_X; ++ } + notesec = s; + } + else +diff -ruN binutils-2.17.50.0.10.orig/binutils/readelf.c binutils-2.17.50.0.10/binutils/readelf.c +--- binutils-2.17.50.0.10.orig/binutils/readelf.c 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/binutils/readelf.c 2007-01-26 16:32:19.000000000 +0100 +@@ -2442,6 +2442,7 @@ + return "GNU_EH_FRAME"; + case PT_GNU_STACK: return "GNU_STACK"; + case PT_GNU_RELRO: return "GNU_RELRO"; ++ case PT_PAX_FLAGS: return "PAX_FLAGS"; + + default: + if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC)) +diff -ruN binutils-2.17.50.0.10.orig/include/bfdlink.h binutils-2.17.50.0.10/include/bfdlink.h +--- binutils-2.17.50.0.10.orig/include/bfdlink.h 2007-01-22 20:00:01.000000000 +0100 ++++ binutils-2.17.50.0.10/include/bfdlink.h 2007-01-26 16:32:19.000000000 +0100 +@@ -320,6 +320,14 @@ + /* TRUE if PT_GNU_RELRO segment should be created. */ + unsigned int relro: 1; + ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT ++ flags. */ ++ unsigned int execheap: 1; ++ ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT ++ flags. */ ++ unsigned int noexecheap: 1; ++ + /* TRUE if we should warn when adding a DT_TEXTREL to a shared object. */ + unsigned int warn_shared_textrel: 1; + +diff -ruN binutils-2.17.50.0.10.orig/include/elf/common.h binutils-2.17.50.0.10/include/elf/common.h +--- binutils-2.17.50.0.10.orig/include/elf/common.h 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/include/elf/common.h 2007-01-26 17:13:47.000000000 +0100 +@@ -307,12 +307,29 @@ + #define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */ + #define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */ + #define PT_GNU_SHR (PT_LOOS + 0x474e554) /* Sharable segment */ ++#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */ + + /* Program segment permissions, in program header p_flags field. */ + + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++ ++/* Flags to control PaX behavior. */ ++ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ ++ + /* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */ + #define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */ + #define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */ +diff -ruN binutils-2.17.50.0.10.orig/ld/emultempl/elf32.em binutils-2.17.50.0.10/ld/emultempl/elf32.em +--- binutils-2.17.50.0.10.orig/ld/emultempl/elf32.em 2007-01-22 20:00:09.000000000 +0100 ++++ binutils-2.17.50.0.10/ld/emultempl/elf32.em 2007-01-26 16:32:19.000000000 +0100 +@@ -1906,6 +1906,16 @@ + link_info.noexecstack = TRUE; + link_info.execstack = FALSE; + } ++ else if (strcmp (optarg, "execheap") == 0) ++ { ++ link_info.execheap = TRUE; ++ link_info.noexecheap = FALSE; ++ } ++ else if (strcmp (optarg, "noexecheap") == 0) ++ { ++ link_info.noexecheap = TRUE; ++ link_info.execheap = FALSE; ++ } + EOF + + if test -n "$COMMONPAGESIZE"; then +@@ -1978,6 +1988,7 @@ + fprintf (file, _(" -z combreloc\t\tMerge dynamic relocs into one section and sort\n")); + fprintf (file, _(" -z defs\t\tReport unresolved symbols in object files.\n")); + fprintf (file, _(" -z execstack\t\tMark executable as requiring executable stack\n")); ++ fprintf (file, _(" -z execheap\t\tMark executable as requiring executable heap\n")); + fprintf (file, _(" -z initfirst\t\tMark DSO to be initialized first at runtime\n")); + fprintf (file, _(" -z interpose\t\tMark object to interpose all DSOs but executable\n")); + fprintf (file, _(" -z lazy\t\tMark object lazy runtime binding (default)\n")); +@@ -1990,6 +2001,7 @@ + fprintf (file, _(" -z nodlopen\t\tMark DSO not available to dlopen\n")); + fprintf (file, _(" -z nodump\t\tMark DSO not available to dldump\n")); + fprintf (file, _(" -z noexecstack\tMark executable as not requiring executable stack\n")); ++ fprintf (file, _(" -z noexecheap\tMark executable as not requiring executable heap\n")); + EOF + + if test -n "$COMMONPAGESIZE"; then +diff -ruN binutils-2.17.50.0.10.orig/ld/ldgram.y binutils-2.17.50.0.10/ld/ldgram.y +--- binutils-2.17.50.0.10.orig/ld/ldgram.y 2006-09-24 17:19:58.000000000 +0200 ++++ binutils-2.17.50.0.10/ld/ldgram.y 2007-01-26 16:32:19.000000000 +0100 +@@ -1094,6 +1094,8 @@ + $$ = exp_intop (0x6474e550); + else if (strcmp (s, "PT_GNU_STACK") == 0) + $$ = exp_intop (0x6474e551); ++ else if (strcmp (s, "PT_PAX_FLAGS") == 0) ++ $$ = exp_intop (0x65041580); + else + { + einfo (_("\ diff --git a/security/paxctl/patches/binutils-2.17.50.0.11-pt_pax.patch b/security/paxctl/patches/binutils-2.17.50.0.11-pt_pax.patch new file mode 100644 index 000000000..b4a41eeab --- /dev/null +++ b/security/paxctl/patches/binutils-2.17.50.0.11-pt_pax.patch @@ -0,0 +1,260 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/binutils-2.17.50.0.11-pt_pax.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +diff -ruN binutils-2.17.50.0.11.orig/bfd/elf-bfd.h binutils-2.17.50.0.11/bfd/elf-bfd.h +--- binutils-2.17.50.0.11.orig/bfd/elf-bfd.h 2007-01-26 03:46:07.000000000 +0100 ++++ binutils-2.17.50.0.11/bfd/elf-bfd.h 2007-01-26 18:27:30.000000000 +0100 +@@ -1355,6 +1355,9 @@ + /* Segment flags for the PT_GNU_STACK segment. */ + unsigned int stack_flags; + ++ /* Segment flags for the PT_PAX_FLAGS segment. */ ++ unsigned int pax_flags; ++ + /* Symbol version definitions in external objects. */ + Elf_Internal_Verdef *verdef; + +diff -ruN binutils-2.17.50.0.11.orig/bfd/elf.c binutils-2.17.50.0.11/bfd/elf.c +--- binutils-2.17.50.0.11.orig/bfd/elf.c 2007-01-26 03:46:08.000000000 +0100 ++++ binutils-2.17.50.0.11/bfd/elf.c 2007-01-26 18:27:30.000000000 +0100 +@@ -1109,6 +1109,7 @@ + case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break; + case PT_GNU_STACK: pt = "STACK"; break; + case PT_GNU_RELRO: pt = "RELRO"; break; ++ case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break; + default: pt = NULL; break; + } + return pt; +@@ -2683,6 +2684,9 @@ + case PT_GNU_RELRO: + return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro"); + ++ case PT_PAX_FLAGS: ++ return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags"); ++ + default: + /* Check for any processor-specific program segment types. */ + bed = get_elf_backend_data (abfd); +@@ -3655,6 +3659,11 @@ + ++segs; + } + ++ { ++ /* We need a PT_PAX_FLAGS segment. */ ++ ++segs; ++ } ++ + for (s = abfd->sections; s != NULL; s = s->next) + { + if ((s->flags & SEC_LOAD) != 0 +@@ -4238,6 +4247,20 @@ + pm = &m->next; + } + ++ { ++ amt = sizeof (struct elf_segment_map); ++ m = bfd_zalloc (abfd, amt); ++ if (m == NULL) ++ goto error_return; ++ m->next = NULL; ++ m->p_type = PT_PAX_FLAGS; ++ m->p_flags = elf_tdata (abfd)->pax_flags; ++ m->p_flags_valid = 1; ++ ++ *pm = m; ++ pm = &m->next; ++ } ++ + free (sections); + elf_tdata (abfd)->segment_map = mfirst; + } +@@ -5408,7 +5431,8 @@ + 6. PT_TLS segment includes only SHF_TLS sections. + 7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments. + 8. PT_DYNAMIC should not contain empty sections at the beginning +- (with the possible exception of .dynamic). */ ++ (with the possible exception of .dynamic). ++ 9. PT_PAX_FLAGS segments does not include any sections. */ + #define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed) \ + ((((segment->p_paddr \ + ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \ +@@ -5416,6 +5440,7 @@ + && (section->flags & SEC_ALLOC) != 0) \ + || IS_COREFILE_NOTE (segment, section)) \ + && segment->p_type != PT_GNU_STACK \ ++ && segment->p_type != PT_PAX_FLAGS \ + && (segment->p_type != PT_TLS \ + || (section->flags & SEC_THREAD_LOCAL)) \ + && (segment->p_type == PT_LOAD \ +diff -ruN binutils-2.17.50.0.11.orig/bfd/elflink.c binutils-2.17.50.0.11/bfd/elflink.c +--- binutils-2.17.50.0.11.orig/bfd/elflink.c 2007-01-26 03:46:07.000000000 +0100 ++++ binutils-2.17.50.0.11/bfd/elflink.c 2007-01-26 18:27:30.000000000 +0100 +@@ -5291,16 +5291,30 @@ + if (!is_elf_hash_table (info->hash)) + return TRUE; + ++ elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC; ++ ++ if (info->execheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT; ++ else if (info->noexecheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT; ++ + if (info->execstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ } + else if (info->noexecstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; ++ } + else + { + bfd *inputobj; + asection *notesec = NULL; + int exec = 0; + ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; + for (inputobj = info->input_bfds; + inputobj; + inputobj = inputobj->link_next) +@@ -5313,7 +5327,11 @@ + if (s) + { + if (s->flags & SEC_CODE) +- exec = PF_X; ++ { ++ elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ exec = PF_X; ++ } + notesec = s; + } + else +diff -ruN binutils-2.17.50.0.11.orig/binutils/readelf.c binutils-2.17.50.0.11/binutils/readelf.c +--- binutils-2.17.50.0.11.orig/binutils/readelf.c 2007-01-26 03:46:07.000000000 +0100 ++++ binutils-2.17.50.0.11/binutils/readelf.c 2007-01-26 18:27:30.000000000 +0100 +@@ -2442,6 +2442,7 @@ + return "GNU_EH_FRAME"; + case PT_GNU_STACK: return "GNU_STACK"; + case PT_GNU_RELRO: return "GNU_RELRO"; ++ case PT_PAX_FLAGS: return "PAX_FLAGS"; + + default: + if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC)) +diff -ruN binutils-2.17.50.0.11.orig/include/bfdlink.h binutils-2.17.50.0.11/include/bfdlink.h +--- binutils-2.17.50.0.11.orig/include/bfdlink.h 2007-01-26 03:46:07.000000000 +0100 ++++ binutils-2.17.50.0.11/include/bfdlink.h 2007-01-26 18:27:30.000000000 +0100 +@@ -320,6 +320,14 @@ + /* TRUE if PT_GNU_RELRO segment should be created. */ + unsigned int relro: 1; + ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT ++ flags. */ ++ unsigned int execheap: 1; ++ ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT ++ flags. */ ++ unsigned int noexecheap: 1; ++ + /* TRUE if we should warn when adding a DT_TEXTREL to a shared object. */ + unsigned int warn_shared_textrel: 1; + +diff -ruN binutils-2.17.50.0.11.orig/include/elf/common.h binutils-2.17.50.0.11/include/elf/common.h +--- binutils-2.17.50.0.11.orig/include/elf/common.h 2007-01-26 03:46:08.000000000 +0100 ++++ binutils-2.17.50.0.11/include/elf/common.h 2007-01-26 18:27:30.000000000 +0100 +@@ -307,12 +307,29 @@ + #define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */ + #define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */ + #define PT_GNU_SHR (PT_LOOS + 0x474e554) /* Sharable segment */ ++#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */ + + /* Program segment permissions, in program header p_flags field. */ + + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++ ++/* Flags to control PaX behavior. */ ++ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ ++ + /* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */ + #define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */ + #define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */ +diff -ruN binutils-2.17.50.0.11.orig/ld/emultempl/elf32.em binutils-2.17.50.0.11/ld/emultempl/elf32.em +--- binutils-2.17.50.0.11.orig/ld/emultempl/elf32.em 2007-01-26 03:46:08.000000000 +0100 ++++ binutils-2.17.50.0.11/ld/emultempl/elf32.em 2007-01-26 18:27:30.000000000 +0100 +@@ -1905,6 +1905,16 @@ + link_info.noexecstack = TRUE; + link_info.execstack = FALSE; + } ++ else if (strcmp (optarg, "execheap") == 0) ++ { ++ link_info.execheap = TRUE; ++ link_info.noexecheap = FALSE; ++ } ++ else if (strcmp (optarg, "noexecheap") == 0) ++ { ++ link_info.noexecheap = TRUE; ++ link_info.execheap = FALSE; ++ } + EOF + + if test -n "$COMMONPAGESIZE"; then +@@ -1977,6 +1987,7 @@ + fprintf (file, _(" -z combreloc\t\tMerge dynamic relocs into one section and sort\n")); + fprintf (file, _(" -z defs\t\tReport unresolved symbols in object files.\n")); + fprintf (file, _(" -z execstack\t\tMark executable as requiring executable stack\n")); ++ fprintf (file, _(" -z execheap\t\tMark executable as requiring executable heap\n")); + fprintf (file, _(" -z initfirst\t\tMark DSO to be initialized first at runtime\n")); + fprintf (file, _(" -z interpose\t\tMark object to interpose all DSOs but executable\n")); + fprintf (file, _(" -z lazy\t\tMark object lazy runtime binding (default)\n")); +@@ -1989,6 +2000,7 @@ + fprintf (file, _(" -z nodlopen\t\tMark DSO not available to dlopen\n")); + fprintf (file, _(" -z nodump\t\tMark DSO not available to dldump\n")); + fprintf (file, _(" -z noexecstack\tMark executable as not requiring executable stack\n")); ++ fprintf (file, _(" -z noexecheap\tMark executable as not requiring executable heap\n")); + EOF + + if test -n "$COMMONPAGESIZE"; then +diff -ruN binutils-2.17.50.0.11.orig/ld/ldgram.y binutils-2.17.50.0.11/ld/ldgram.y +--- binutils-2.17.50.0.11.orig/ld/ldgram.y 2007-01-26 03:45:24.000000000 +0100 ++++ binutils-2.17.50.0.11/ld/ldgram.y 2007-01-26 18:27:30.000000000 +0100 +@@ -1093,6 +1093,8 @@ + $$ = exp_intop (0x6474e550); + else if (strcmp (s, "PT_GNU_STACK") == 0) + $$ = exp_intop (0x6474e551); ++ else if (strcmp (s, "PT_PAX_FLAGS") == 0) ++ $$ = exp_intop (0x65041580); + else + { + einfo (_("\ diff --git a/security/paxctl/patches/binutils-2.17.50.0.18.pt_pax.patch b/security/paxctl/patches/binutils-2.17.50.0.18.pt_pax.patch new file mode 100644 index 000000000..c6d5dcc85 --- /dev/null +++ b/security/paxctl/patches/binutils-2.17.50.0.18.pt_pax.patch @@ -0,0 +1,271 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/binutils-2.17.50.0.18.pt_pax.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +diff --git a/bfd/elf-bfd.h b/bfd/elf-bfd.h +index aa4d44d..00f3df0 100644 +--- a/bfd/elf-bfd.h ++++ b/bfd/elf-bfd.h +@@ -1428,6 +1428,9 @@ struct elf_obj_tdata + /* Segment flags for the PT_GNU_STACK segment. */ + unsigned int stack_flags; + ++ /* Segment flags for the PT_PAX_FLAGS segment. */ ++ unsigned int pax_flags; ++ + /* Symbol version definitions in external objects. */ + Elf_Internal_Verdef *verdef; + +diff --git a/bfd/elf.c b/bfd/elf.c +index 37b1254..84bcb35 100644 +--- a/bfd/elf.c ++++ b/bfd/elf.c +@@ -1085,6 +1085,7 @@ get_segment_type (unsigned int p_type) + case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break; + case PT_GNU_STACK: pt = "STACK"; break; + case PT_GNU_RELRO: pt = "RELRO"; break; ++ case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break; + default: pt = NULL; break; + } + return pt; +@@ -2346,6 +2347,9 @@ bfd_section_from_phdr (bfd *abfd, Elf_Internal_Phdr *hdr, int index) + case PT_GNU_RELRO: + return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro"); + ++ case PT_PAX_FLAGS: ++ return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags"); ++ + default: + /* Check for any processor-specific program segment types. */ + bed = get_elf_backend_data (abfd); +@@ -3326,6 +3330,11 @@ get_program_header_size (bfd *abfd, struct bfd_link_info *info) + ++segs; + } + ++ { ++ /* We need a PT_PAX_FLAGS segment. */ ++ ++segs; ++ } ++ + for (s = abfd->sections; s != NULL; s = s->next) + { + if ((s->flags & SEC_LOAD) != 0 +@@ -3945,6 +3954,20 @@ _bfd_elf_map_sections_to_segments (bfd *abfd, struct bfd_link_info *info) + pm = &m->next; + } + ++ { ++ amt = sizeof (struct elf_segment_map); ++ m = bfd_zalloc (abfd, amt); ++ if (m == NULL) ++ goto error_return; ++ m->next = NULL; ++ m->p_type = PT_PAX_FLAGS; ++ m->p_flags = elf_tdata (abfd)->pax_flags; ++ m->p_flags_valid = 1; ++ ++ *pm = m; ++ pm = &m->next; ++ } ++ + free (sections); + elf_tdata (abfd)->segment_map = mfirst; + } +@@ -5130,7 +5153,8 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd, + 6. PT_TLS segment includes only SHF_TLS sections. + 7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments. + 8. PT_DYNAMIC should not contain empty sections at the beginning +- (with the possible exception of .dynamic). */ ++ (with the possible exception of .dynamic). ++ 9. PT_PAX_FLAGS segments do not include any sections. */ + #define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed) \ + ((((segment->p_paddr \ + ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \ +@@ -5138,6 +5162,7 @@ rewrite_elf_program_header (bfd *ibfd, bfd *obfd, + && (section->flags & SEC_ALLOC) != 0) \ + || IS_COREFILE_NOTE (segment, section)) \ + && segment->p_type != PT_GNU_STACK \ ++ && segment->p_type != PT_PAX_FLAGS \ + && (segment->p_type != PT_TLS \ + || (section->flags & SEC_THREAD_LOCAL)) \ + && (segment->p_type == PT_LOAD \ +diff --git a/bfd/elflink.c b/bfd/elflink.c +index 48ff628..e1c49f8 100644 +--- a/bfd/elflink.c ++++ b/bfd/elflink.c +@@ -5387,17 +5387,32 @@ bfd_elf_size_dynamic_sections (bfd *output_bfd, + if (!is_elf_hash_table (info->hash)) + return TRUE; + ++ elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC; ++ ++ if (info->execheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT; ++ else if (info->noexecheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT; ++ + bed = get_elf_backend_data (output_bfd); + if (info->execstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ } + else if (info->noexecstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; ++ } + else + { + bfd *inputobj; + asection *notesec = NULL; + int exec = 0; + ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; ++ + for (inputobj = info->input_bfds; + inputobj; + inputobj = inputobj->link_next) +@@ -5410,7 +5425,11 @@ bfd_elf_size_dynamic_sections (bfd *output_bfd, + if (s) + { + if (s->flags & SEC_CODE) +- exec = PF_X; ++ { ++ elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ exec = PF_X; ++ } + notesec = s; + } + else if (bed->default_execstack) +diff --git a/binutils/readelf.c b/binutils/readelf.c +index 5a8cd2d..fe39af4 100644 +--- a/binutils/readelf.c ++++ b/binutils/readelf.c +@@ -2472,6 +2472,7 @@ get_segment_type (unsigned long p_type) + return "GNU_EH_FRAME"; + case PT_GNU_STACK: return "GNU_STACK"; + case PT_GNU_RELRO: return "GNU_RELRO"; ++ case PT_PAX_FLAGS: return "PAX_FLAGS"; + + default: + if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC)) +diff --git a/include/bfdlink.h b/include/bfdlink.h +index 05824ed..52988cb 100644 +--- a/include/bfdlink.h ++++ b/include/bfdlink.h +@@ -321,6 +321,14 @@ struct bfd_link_info + /* TRUE if PT_GNU_RELRO segment should be created. */ + unsigned int relro: 1; + ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT ++ flags. */ ++ unsigned int execheap: 1; ++ ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT ++ flags. */ ++ unsigned int noexecheap: 1; ++ + /* TRUE if we should warn when adding a DT_TEXTREL to a shared object. */ + unsigned int warn_shared_textrel: 1; + +diff --git a/include/elf/common.h b/include/elf/common.h +index 13b4857..7271d2c 100644 +--- a/include/elf/common.h ++++ b/include/elf/common.h +@@ -310,12 +310,30 @@ + #define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */ + #define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */ + #define PT_GNU_SHR (PT_LOOS + 0x474e554) /* Sharable segment */ ++#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */ + + /* Program segment permissions, in program header p_flags field. */ + + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++ ++ ++/* Flags to control PaX behavior. */ ++ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ ++ + /* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */ + #define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */ + #define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */ +diff --git a/ld/emultempl/elf32.em b/ld/emultempl/elf32.em +index 73f2a1d..53d40b6 100644 +--- a/ld/emultempl/elf32.em ++++ b/ld/emultempl/elf32.em +@@ -2140,6 +2140,16 @@ fragment <sections; s != NULL; s = s->next) + { + if ((s->flags & SEC_LOAD) != 0 +@@ -4136,6 +4145,20 @@ + pm = &m->next; + } + ++ { ++ amt = sizeof (struct elf_segment_map); ++ m = bfd_zalloc (abfd, amt); ++ if (m == NULL) ++ goto error_return; ++ m->next = NULL; ++ m->p_type = PT_PAX_FLAGS; ++ m->p_flags = elf_tdata (abfd)->pax_flags; ++ m->p_flags_valid = 1; ++ ++ *pm = m; ++ pm = &m->next; ++ } ++ + free (sections); + elf_tdata (abfd)->segment_map = mfirst; + } +@@ -5263,7 +5286,8 @@ + 6. PT_TLS segment includes only SHF_TLS sections. + 7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments. + 8. PT_DYNAMIC should not contain empty sections at the beginning +- (with the possible exception of .dynamic). */ ++ (with the possible exception of .dynamic). ++ 9. PT_PAX_FLAGS segments does not include any sections. */ + #define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed) \ + ((((segment->p_paddr \ + ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \ +@@ -5271,6 +5295,7 @@ + && (section->flags & SEC_ALLOC) != 0) \ + || IS_COREFILE_NOTE (segment, section)) \ + && segment->p_type != PT_GNU_STACK \ ++ && segment->p_type != PT_PAX_FLAGS \ + && (segment->p_type != PT_TLS \ + || (section->flags & SEC_THREAD_LOCAL)) \ + && (segment->p_type == PT_LOAD \ +diff -ruN binutils-2.17.50.0.9.orig/bfd/elflink.c binutils-2.17.50.0.9/bfd/elflink.c +--- binutils-2.17.50.0.9.orig/bfd/elflink.c 2007-01-03 20:49:13.000000000 +0100 ++++ binutils-2.17.50.0.9/bfd/elflink.c 2007-01-14 19:31:18.000000000 +0100 +@@ -5221,17 +5221,31 @@ + if (!is_elf_hash_table (info->hash)) + return TRUE; + ++ elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC; ++ ++ if (info->execheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT; ++ else if (info->noexecheap) ++ elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT; ++ + elf_tdata (output_bfd)->relro = info->relro; + if (info->execstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ } + else if (info->noexecstack) +- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ { ++ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; ++ } + else + { + bfd *inputobj; + asection *notesec = NULL; + int exec = 0; + ++ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; + for (inputobj = info->input_bfds; + inputobj; + inputobj = inputobj->link_next) +@@ -5244,7 +5258,11 @@ + if (s) + { + if (s->flags & SEC_CODE) +- exec = PF_X; ++ { ++ elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP; ++ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; ++ exec = PF_X; ++ } + notesec = s; + } + else +diff -ruN binutils-2.17.50.0.9.orig/binutils/readelf.c binutils-2.17.50.0.9/binutils/readelf.c +--- binutils-2.17.50.0.9.orig/binutils/readelf.c 2007-01-03 20:49:13.000000000 +0100 ++++ binutils-2.17.50.0.9/binutils/readelf.c 2007-01-14 19:31:18.000000000 +0100 +@@ -2441,6 +2441,7 @@ + return "GNU_EH_FRAME"; + case PT_GNU_STACK: return "GNU_STACK"; + case PT_GNU_RELRO: return "GNU_RELRO"; ++ case PT_PAX_FLAGS: return "PAX_FLAGS"; + + default: + if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC)) +diff -ruN binutils-2.17.50.0.9.orig/include/bfdlink.h binutils-2.17.50.0.9/include/bfdlink.h +--- binutils-2.17.50.0.9.orig/include/bfdlink.h 2006-11-27 23:21:04.000000000 +0100 ++++ binutils-2.17.50.0.9/include/bfdlink.h 2007-01-14 19:31:18.000000000 +0100 +@@ -320,6 +320,14 @@ + /* TRUE if PT_GNU_RELRO segment should be created. */ + unsigned int relro: 1; + ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT ++ flags. */ ++ unsigned int execheap: 1; ++ ++ /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT ++ flags. */ ++ unsigned int noexecheap: 1; ++ + /* TRUE if we should warn when adding a DT_TEXTREL to a shared object. */ + unsigned int warn_shared_textrel: 1; + +diff -ruN binutils-2.17.50.0.9.orig/include/elf/common.h binutils-2.17.50.0.9/include/elf/common.h +--- binutils-2.17.50.0.9.orig/include/elf/common.h 2006-11-27 23:21:04.000000000 +0100 ++++ binutils-2.17.50.0.9/include/elf/common.h 2007-01-14 19:31:18.000000000 +0100 +@@ -306,12 +306,29 @@ + #define PT_SUNW_EH_FRAME PT_GNU_EH_FRAME /* Solaris uses the same value */ + #define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */ + #define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */ ++#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */ + + /* Program segment permissions, in program header p_flags field. */ + + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++ ++/* Flags to control PaX behavior. */ ++ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ ++ + /* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */ + #define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */ + #define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */ +diff -ruN binutils-2.17.50.0.9.orig/ld/emultempl/elf32.em binutils-2.17.50.0.9/ld/emultempl/elf32.em +--- binutils-2.17.50.0.9.orig/ld/emultempl/elf32.em 2007-01-03 20:49:14.000000000 +0100 ++++ binutils-2.17.50.0.9/ld/emultempl/elf32.em 2007-01-14 19:31:18.000000000 +0100 +@@ -1898,6 +1898,16 @@ + link_info.noexecstack = TRUE; + link_info.execstack = FALSE; + } ++ else if (strcmp (optarg, "execheap") == 0) ++ { ++ link_info.execheap = TRUE; ++ link_info.noexecheap = FALSE; ++ } ++ else if (strcmp (optarg, "noexecheap") == 0) ++ { ++ link_info.noexecheap = TRUE; ++ link_info.execheap = FALSE; ++ } + EOF + + if test -n "$COMMONPAGESIZE"; then +@@ -1964,6 +1974,7 @@ + fprintf (file, _(" -z combreloc\t\tMerge dynamic relocs into one section and sort\n")); + fprintf (file, _(" -z defs\t\tReport unresolved symbols in object files.\n")); + fprintf (file, _(" -z execstack\t\tMark executable as requiring executable stack\n")); ++ fprintf (file, _(" -z execheap\t\tMark executable as requiring executable heap\n")); + fprintf (file, _(" -z initfirst\t\tMark DSO to be initialized first at runtime\n")); + fprintf (file, _(" -z interpose\t\tMark object to interpose all DSOs but executable\n")); + fprintf (file, _(" -z lazy\t\tMark object lazy runtime binding (default)\n")); +@@ -1976,6 +1987,7 @@ + fprintf (file, _(" -z nodlopen\t\tMark DSO not available to dlopen\n")); + fprintf (file, _(" -z nodump\t\tMark DSO not available to dldump\n")); + fprintf (file, _(" -z noexecstack\tMark executable as not requiring executable stack\n")); ++ fprintf (file, _(" -z noexecheap\tMark executable as not requiring executable heap\n")); + EOF + + if test -n "$COMMONPAGESIZE"; then +diff -ruN binutils-2.17.50.0.9.orig/ld/ldgram.y binutils-2.17.50.0.9/ld/ldgram.y +--- binutils-2.17.50.0.9.orig/ld/ldgram.y 2006-09-24 17:19:58.000000000 +0200 ++++ binutils-2.17.50.0.9/ld/ldgram.y 2007-01-14 19:31:18.000000000 +0100 +@@ -1094,6 +1094,8 @@ + $$ = exp_intop (0x6474e550); + else if (strcmp (s, "PT_GNU_STACK") == 0) + $$ = exp_intop (0x6474e551); ++ else if (strcmp (s, "PT_PAX_FLAGS") == 0) ++ $$ = exp_intop (0x65041580); + else + { + einfo (_("\ diff --git a/security/paxctl/patches/glibc-2.5-dl_execstack_PaX-1.patch b/security/paxctl/patches/glibc-2.5-dl_execstack_PaX-1.patch new file mode 100644 index 000000000..8d212fd6a --- /dev/null +++ b/security/paxctl/patches/glibc-2.5-dl_execstack_PaX-1.patch @@ -0,0 +1,85 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5-dl_execstack_PaX-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2004-11-13 +Initial Package Version: 2.3.6 +Upstream Status: Submitted - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3332 +Origin: http://csociety-ftp.ecn.purdue.edu/pub/gentoo-portage/ \ + sys-libs/glibc/files/2.3.3/glibc-2.3.3-dl_execstack-PaX-support.patch +Description: This is needed for Pax. http://pax.grsecurity.net/ + +Also see: +http://www.linuxfromscratch.org/hlfs/ + +diff -Naur glibc-2.3.6.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.3.6/sysdeps/unix/sysv/linux/dl-execstack.c +--- glibc-2.3.6.orig/sysdeps/unix/sysv/linux/dl-execstack.c 2005-07-18 04:11:19.000000000 +0000 ++++ glibc-2.3.6/sysdeps/unix/sysv/linux/dl-execstack.c 2005-11-13 08:50:35.000000000 +0000 +@@ -58,14 +58,20 @@ + __stack_prot) == 0, 1)) + goto return_success; + # if __ASSUME_PROT_GROWSUPDOWN == 0 +- if (errno == EINVAL) ++ if (errno == EINVAL) { + no_growsupdown = true; +- else ++ } else { + # endif ++ if (errno == EACCES) /* PAX is enabled */ ++ return 0; ++ else + { + result = errno; + goto out; + } ++# if __ASSUME_PROT_GROWSUPDOWN == 0 ++ } ++# endif + } + #endif + +@@ -89,11 +95,14 @@ + page -= size; + else + { +- if (errno != ENOMEM) /* Unexpected failure mode. */ ++ if (errno == EACCES) { /* PAX is enabled */ ++ return 0; ++ } else if (errno != ENOMEM) { /* Unexpected failure mode. */ + { + result = errno; + goto out; + } ++ } + + if (size == GLRO(dl_pagesize)) + /* We just tried to mprotect the top hole page and failed. +@@ -115,11 +124,14 @@ + page += size; + else + { +- if (errno != ENOMEM) /* Unexpected failure mode. */ ++ if (errno == EACCES) { /* PAX is enabled */ ++ return 0; ++ } else if (errno != ENOMEM) /* Unexpected failure mode. */ + { + result = errno; + goto out; + } ++ } + + if (size == GLRO(dl_pagesize)) + /* We just tried to mprotect the lowest hole page and failed. diff --git a/security/paxctl/patches/glibc-2.5-iconv_unnest-1.patch b/security/paxctl/patches/glibc-2.5-iconv_unnest-1.patch new file mode 100644 index 000000000..a0f571f62 --- /dev/null +++ b/security/paxctl/patches/glibc-2.5-iconv_unnest-1.patch @@ -0,0 +1,106 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5-iconv_unnest-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2006-10-11 +Initial Package Version: 2.5 +Upstream Status: Submitted - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3350 +Origin: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.3.5/\ + 4010_all_2.3.5-hardened-iconvconfig-unnest.patch +Description: Move nested function to a static one so we avoid generating a trampoline. + +diff -Naur glibc-2.5.orig/iconv/iconvconfig.c glibc-2.5/iconv/iconvconfig.c +--- glibc-2.5.orig/iconv/iconvconfig.c 2006-09-21 03:57:30.000000000 +0000 ++++ glibc-2.5/iconv/iconvconfig.c 2006-10-11 21:36:18.000000000 +0000 +@@ -1011,6 +1011,38 @@ + module name offset + (following last entry with step count 0) + */ ++ ++/* Function to insert the names. */ ++/* Made non-nested to avoid trampoline. ++ * Requires hash_table and hash_size to be made global, ++ * but since the caller (write_output) is called once ++ * in the only thread there should be no problem */ ++static struct hash_entry *hash_table; ++static size_t hash_size; ++static void ++name_insert (const void *nodep, VISIT value, int level) ++ { ++ struct name *name; ++ unsigned int idx; ++ unsigned int hval2; ++ ++ if (value != leaf && value != postorder) ++ return; ++ ++ name = *(struct name **) nodep; ++ idx = name->hashval % hash_size; ++ hval2 = 1 + name->hashval % (hash_size - 2); ++ ++ while (hash_table[idx].string_offset != 0) ++ if ((idx += hval2) >= hash_size) ++ idx -= hash_size; ++ ++ hash_table[idx].string_offset = strtaboffset (name->strent); ++ ++ assert (name->module_idx != -1); ++ hash_table[idx].module_idx = name->module_idx; ++ } ++ + static int + write_output (void) + { +@@ -1018,8 +1050,6 @@ + char *string_table; + size_t string_table_size; + struct gconvcache_header header; +- struct hash_entry *hash_table; +- size_t hash_size; + struct module_entry *module_table; + char *extra_table; + char *cur_extra_table; +@@ -1032,30 +1062,6 @@ + char tmpfname[(output_file == NULL ? sizeof finalname : output_file_len + 1) + + strlen (".XXXXXX")]; + +- /* Function to insert the names. */ +- auto void +- name_insert (const void *nodep, VISIT value, int level) +- { +- struct name *name; +- unsigned int idx; +- unsigned int hval2; +- +- if (value != leaf && value != postorder) +- return; +- +- name = *(struct name **) nodep; +- idx = name->hashval % hash_size; +- hval2 = 1 + name->hashval % (hash_size - 2); +- +- while (hash_table[idx].string_offset != 0) +- if ((idx += hval2) >= hash_size) +- idx -= hash_size; +- +- hash_table[idx].string_offset = strtaboffset (name->strent); +- +- assert (name->module_idx != -1); +- hash_table[idx].module_idx = name->module_idx; +- } + + /* Open the output file. */ + if (output_file == NULL) diff --git a/security/paxctl/patches/glibc-2.5-localedef_segfault-1.patch b/security/paxctl/patches/glibc-2.5-localedef_segfault-1.patch new file mode 100644 index 000000000..3272b7661 --- /dev/null +++ b/security/paxctl/patches/glibc-2.5-localedef_segfault-1.patch @@ -0,0 +1,74 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5-localedef_segfault-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Jim Gifford +Date: 2006-10-10 +Initial Package Version: 2.5 +Origin: Debian +Upstream Status: Submitted - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3333 +Description: Fixes Segfault when using localdef. + This problem is only noticed when using PaX + and some architectures besides x86. + See debian bug # 231438 + +Rediffed against Jim Gifford's patch, just to remove fuzz. + +diff -Naur glibc-2.5.orig/locale/programs/3level.h glibc-2.5/locale/programs/3level.h +--- glibc-2.5.orig/locale/programs/3level.h 2005-12-07 05:47:27.000000000 +0000 ++++ glibc-2.5/locale/programs/3level.h 2006-10-11 08:05:00.000000000 +0000 +@@ -202,6 +202,42 @@ + } + } + } ++ ++/* GCC ATM seems to do a poor job with pointers to nested functions passed ++ to inlined functions. Help it a little bit with this hack. */ ++#define wchead_table_iterate(tp, fn) \ ++do \ ++ { \ ++ struct wchead_table *t = (tp); \ ++ uint32_t index1; \ ++ for (index1 = 0; index1 < t->level1_size; index1++) \ ++ { \ ++ uint32_t lookup1 = t->level1[index1]; \ ++ if (lookup1 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup1_shifted = lookup1 << t->q; \ ++ uint32_t index2; \ ++ for (index2 = 0; index2 < (1 << t->q); index2++) \ ++ { \ ++ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \ ++ if (lookup2 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup2_shifted = lookup2 << t->p; \ ++ uint32_t index3; \ ++ for (index3 = 0; index3 < (1 << t->p); index3++) \ ++ { \ ++ struct element_t *lookup3 \ ++ = t->level3[index3 + lookup2_shifted]; \ ++ if (lookup3 != NULL) \ ++ fn ((((index1 << t->q) + index2) << t->p) + index3, \ ++ lookup3); \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } while (0) ++ + #endif + + #ifndef NO_FINALIZE diff --git a/security/paxctl/patches/glibc-2.5-pt_pax-1.patch b/security/paxctl/patches/glibc-2.5-pt_pax-1.patch new file mode 100644 index 000000000..f10f440fd --- /dev/null +++ b/security/paxctl/patches/glibc-2.5-pt_pax-1.patch @@ -0,0 +1,56 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5-pt_pax-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2006-10-11 +Initial Package Version: 2.5 +Upstream Status: Not submitted - PaX specific. Will not be accepted upstream. +Origin: http://www.gtlib.cc.gatech.edu/pub/gentoo/gentoo-x86-portage/sys-libs/ \ + glibc/files/2.3.3/glibc-2.3.3_pre20040117-pt_pax.diff +Description: This is needed for Pax. http://pax.grsecurity.net/ +Also see: +http://www.linuxfromscratch.org/hlfs/ + +diff -Naur glibc-2.5.orig/elf/elf.h glibc-2.5/elf/elf.h +--- glibc-2.5.orig/elf/elf.h 2006-07-10 21:54:02.000000000 +0000 ++++ glibc-2.5/elf/elf.h 2006-10-11 21:30:02.000000000 +0000 +@@ -569,6 +569,7 @@ + #define PT_GNU_EH_FRAME 0x6474e550 /* GCC .eh_frame_hdr segment */ + #define PT_GNU_STACK 0x6474e551 /* Indicates stack executability */ + #define PT_GNU_RELRO 0x6474e552 /* Read-only after relocation */ ++#define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */ + #define PT_LOSUNW 0x6ffffffa + #define PT_SUNWBSS 0x6ffffffa /* Sun Specific segment */ + #define PT_SUNWSTACK 0x6ffffffb /* Stack segment */ +@@ -582,6 +583,18 @@ + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ + #define PF_MASKOS 0x0ff00000 /* OS-specific */ + #define PF_MASKPROC 0xf0000000 /* Processor-specific */ + diff --git a/security/paxctl/patches/glibc-2.5.1-iconvconfig_trampoline-1.patch b/security/paxctl/patches/glibc-2.5.1-iconvconfig_trampoline-1.patch new file mode 100644 index 000000000..c5ca121f4 --- /dev/null +++ b/security/paxctl/patches/glibc-2.5.1-iconvconfig_trampoline-1.patch @@ -0,0 +1,113 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5.1-iconvconfig_trampoline-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2007-05-05 +Initial Package Version: 2.5 +Upstream Status: Rejected - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3350 +Origin: Fedora's glibc-fedora.patch (via glibc-2.5.90-21) +Description: Avoid segmentation faults, or kills, on PaX and Exe-Shield kernels, + and some non-x86 architectures. + +* Fri May 2 2003 Jakub Jelinek 2.3.2-34 + - avoid using trampolines in iconvconfig for now + +This patch is also known as: +local-iconv-fix-trampoline.diff (Debian) +4010_all_2.3.5-hardened-iconvconfig-unnest.patch (Gentoo) + +Also see: +http://bugs.gentoo.org/show_bug.cgi?id=85718 + +diff -Naur glibc-2.5.orig/iconv/iconvconfig.c glibc-2.5/iconv/iconvconfig.c +--- glibc-2.5.orig/iconv/iconvconfig.c 2006-09-21 03:57:30.000000000 +0000 ++++ glibc-2.5/iconv/iconvconfig.c 2007-05-05 08:28:57.000000000 +0000 +@@ -1011,6 +1011,34 @@ + module name offset + (following last entry with step count 0) + */ ++ ++static struct hash_entry *hash_table; ++static size_t hash_size; ++ ++/* Function to insert the names. */ ++static void name_insert (const void *nodep, VISIT value, int level) ++{ ++ struct name *name; ++ unsigned int idx; ++ unsigned int hval2; ++ ++ if (value != leaf && value != postorder) ++ return; ++ ++ name = *(struct name **) nodep; ++ idx = name->hashval % hash_size; ++ hval2 = 1 + name->hashval % (hash_size - 2); ++ ++ while (hash_table[idx].string_offset != 0) ++ if ((idx += hval2) >= hash_size) ++ idx -= hash_size; ++ ++ hash_table[idx].string_offset = strtaboffset (name->strent); ++ ++ assert (name->module_idx != -1); ++ hash_table[idx].module_idx = name->module_idx; ++} ++ + static int + write_output (void) + { +@@ -1018,8 +1046,6 @@ + char *string_table; + size_t string_table_size; + struct gconvcache_header header; +- struct hash_entry *hash_table; +- size_t hash_size; + struct module_entry *module_table; + char *extra_table; + char *cur_extra_table; +@@ -1032,31 +1058,6 @@ + char tmpfname[(output_file == NULL ? sizeof finalname : output_file_len + 1) + + strlen (".XXXXXX")]; + +- /* Function to insert the names. */ +- auto void +- name_insert (const void *nodep, VISIT value, int level) +- { +- struct name *name; +- unsigned int idx; +- unsigned int hval2; +- +- if (value != leaf && value != postorder) +- return; +- +- name = *(struct name **) nodep; +- idx = name->hashval % hash_size; +- hval2 = 1 + name->hashval % (hash_size - 2); +- +- while (hash_table[idx].string_offset != 0) +- if ((idx += hval2) >= hash_size) +- idx -= hash_size; +- +- hash_table[idx].string_offset = strtaboffset (name->strent); +- +- assert (name->module_idx != -1); +- hash_table[idx].module_idx = name->module_idx; +- } +- + /* Open the output file. */ + if (output_file == NULL) + { diff --git a/security/paxctl/patches/glibc-2.5.1-localedef_trampoline-1.patch b/security/paxctl/patches/glibc-2.5.1-localedef_trampoline-1.patch new file mode 100644 index 000000000..8600c53ca --- /dev/null +++ b/security/paxctl/patches/glibc-2.5.1-localedef_trampoline-1.patch @@ -0,0 +1,80 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5.1-localedef_trampoline-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2007-05-05 +Initial Package Version: 2.5 +Upstream Status: Rejected - http://sources.redhat.com/bugzilla/show_bug.cgi?id=3333 +Origin: Fedora's glibc-fedora.patch (via glibc-2.5.90-21) +Description: Avoid segmentation faults, or kills, on PaX and Exe-Shield kernels, + and some non-x86 architectures. + +* Sun Jun 01 2003 Jakub Jelinek 2.3.2-46 + - avoid using trampolines in localedef + +This patch is also known as: +local-localedef-fix-trampoline.diff (Debian) +1040_all_2.3.3-localedef-fix-trampoline.patch (Gentoo) + +Also see: +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=231438 + +diff -Naur glibc-2.5.orig/locale/programs/3level.h glibc-2.5/locale/programs/3level.h +--- glibc-2.5.orig/locale/programs/3level.h 2005-12-07 05:47:27.000000000 +0000 ++++ glibc-2.5/locale/programs/3level.h 2006-10-11 08:05:00.000000000 +0000 +@@ -202,6 +202,42 @@ + } + } + } ++ ++/* GCC ATM seems to do a poor job with pointers to nested functions passed ++ to inlined functions. Help it a little bit with this hack. */ ++#define wchead_table_iterate(tp, fn) \ ++do \ ++ { \ ++ struct wchead_table *t = (tp); \ ++ uint32_t index1; \ ++ for (index1 = 0; index1 < t->level1_size; index1++) \ ++ { \ ++ uint32_t lookup1 = t->level1[index1]; \ ++ if (lookup1 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup1_shifted = lookup1 << t->q; \ ++ uint32_t index2; \ ++ for (index2 = 0; index2 < (1 << t->q); index2++) \ ++ { \ ++ uint32_t lookup2 = t->level2[index2 + lookup1_shifted]; \ ++ if (lookup2 != ((uint32_t) ~0)) \ ++ { \ ++ uint32_t lookup2_shifted = lookup2 << t->p; \ ++ uint32_t index3; \ ++ for (index3 = 0; index3 < (1 << t->p); index3++) \ ++ { \ ++ struct element_t *lookup3 \ ++ = t->level3[index3 + lookup2_shifted]; \ ++ if (lookup3 != NULL) \ ++ fn ((((index1 << t->q) + index2) << t->p) + index3, \ ++ lookup3); \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } \ ++ } while (0) ++ + #endif + + #ifndef NO_FINALIZE diff --git a/security/paxctl/patches/glibc-2.5.1-pt_pax-1.patch b/security/paxctl/patches/glibc-2.5.1-pt_pax-1.patch new file mode 100644 index 000000000..6830eddc1 --- /dev/null +++ b/security/paxctl/patches/glibc-2.5.1-pt_pax-1.patch @@ -0,0 +1,56 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/patches/glibc-2.5.1-pt_pax-1.patch +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This patch file is dual-licensed. It is available under the license the +# patched project is licensed under, as long as it is an OpenSource license +# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms +# of the GNU General Public License as published by the Free Software +# Foundation; either version 2 of the License, or (at your option) any later +# version. +# --- SDE-COPYRIGHT-NOTE-END --- + +Submitted By: Robert Connolly (ashes) +Date: 2006-10-11 +Initial Package Version: 2.5 +Upstream Status: Not submitted - PaX specific. Will not be accepted upstream. +Origin: http://www.gtlib.cc.gatech.edu/pub/gentoo/gentoo-x86-portage/sys-libs/ \ + glibc/files/2.3.3/glibc-2.3.3_pre20040117-pt_pax.diff +Description: This is needed for Pax. http://pax.grsecurity.net/ +Also see: +http://www.linuxfromscratch.org/hlfs/ + +diff -Naur glibc-2.5.orig/elf/elf.h glibc-2.5/elf/elf.h +--- glibc-2.5.orig/elf/elf.h 2006-07-10 21:54:02.000000000 +0000 ++++ glibc-2.5/elf/elf.h 2006-10-11 21:30:02.000000000 +0000 +@@ -569,6 +569,7 @@ + #define PT_GNU_EH_FRAME 0x6474e550 /* GCC .eh_frame_hdr segment */ + #define PT_GNU_STACK 0x6474e551 /* Indicates stack executability */ + #define PT_GNU_RELRO 0x6474e552 /* Read-only after relocation */ ++#define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */ + #define PT_LOSUNW 0x6ffffffa + #define PT_SUNWBSS 0x6ffffffa /* Sun Specific segment */ + #define PT_SUNWSTACK 0x6ffffffb /* Stack segment */ +@@ -582,6 +583,18 @@ + #define PF_X (1 << 0) /* Segment is executable */ + #define PF_W (1 << 1) /* Segment is writable */ + #define PF_R (1 << 2) /* Segment is readable */ ++#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */ ++#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */ ++#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */ ++#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */ ++#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */ ++#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */ ++#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */ ++#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */ ++#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */ ++#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */ ++#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */ ++#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */ + #define PF_MASKOS 0x0ff00000 /* OS-specific */ + #define PF_MASKPROC 0xf0000000 /* Processor-specific */ + diff --git a/security/paxctl/paxctl.cache b/security/paxctl/paxctl.cache new file mode 100644 index 000000000..f41ed8da5 --- /dev/null +++ b/security/paxctl/paxctl.cache @@ -0,0 +1,8 @@ +paxctl: sbin/paxctl +paxctl: usr/share/man/man1/paxctl.1 +paxctl: var/adm/cksums/paxctl +paxctl: var/adm/dependencies/paxctl +paxctl: var/adm/descs/paxctl +paxctl: var/adm/flists/paxctl +paxctl: var/adm/md5sums/paxctl +paxctl: var/adm/packages/paxctl diff --git a/security/paxctl/paxctl.desc b/security/paxctl/paxctl.desc new file mode 100644 index 000000000..1124b64c1 --- /dev/null +++ b/security/paxctl/paxctl.desc @@ -0,0 +1,43 @@ +[COPY] --- SDE-COPYRIGHT-NOTE-BEGIN --- +[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. +[COPY] +[COPY] Filename: package/.../paxctl/paxctl.desc +[COPY] Copyright (C) 2007 - 2008 The OpenSDE Project +[COPY] +[COPY] More information can be found in the files COPYING and README. +[COPY] +[COPY] This program is free software; you can redistribute it and/or modify +[COPY] it under the terms of the GNU General Public License as published by +[COPY] the Free Software Foundation; version 2 of the License. A copy of the +[COPY] GNU General Public License can be found in the file COPYING. +[COPY] --- SDE-COPYRIGHT-NOTE-END --- + +[I] A user-space utility to control PaX flags + +[T] paxctl is a tool that allows PaX flags to be modified on a per-binary basis. +[T] PaX is part of common security-enhancing kernel patches like grsecurity and +[T] RSBAC. Your system needs to be running a properly patched and configured +[T] kernel for this program to have any effect. +[T] The PaX patch for the Linux kernel provides two ways to harden a system: +[T] 1. Address Space Layout Randomization (ASLR), which provides randomization +[T] of the addressing scheme of all data loaded into memory. +[T] When an application is built as a Position Independent Executable (PIE), +[T] PaX is also able to randomize the addresses of the application base +[T] additionally. +[T] 2. Non-Executable Memory, which prevents a common form of attack where +[T] executable code is inserted into memory by an attacker. + +[U] http://pax.grsecurity.net + +[A] The PaX Team +[M] Christian Wiese + +[C] extra/security + +[L] OpenSource +[S] Stable +[V] 0.5 +[P] X -----5---9 110.000 + +[D] 1979315920 paxctl-0.5.tar.gz http://pax.grsecurity.net/ +[D] 3048938916 pax-linux-2.6.24.4-test37.patch http://grsecurity.net/test/ diff --git a/security/paxctl/pkg_linux-header_post.conf b/security/paxctl/pkg_linux-header_post.conf new file mode 100644 index 000000000..532e9e918 --- /dev/null +++ b/security/paxctl/pkg_linux-header_post.conf @@ -0,0 +1,15 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/pkg_linux-header_post.conf +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. A copy of the +# GNU General Public License can be found in the file COPYING. +# --- SDE-COPYRIGHT-NOTE-END --- + +. $base/package/*/paxctl/pkg_linux_post.conf diff --git a/security/paxctl/pkg_linux26_post.conf b/security/paxctl/pkg_linux26_post.conf new file mode 100644 index 000000000..e90f3afd8 --- /dev/null +++ b/security/paxctl/pkg_linux26_post.conf @@ -0,0 +1,15 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/pkg_linux26_post.conf +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. A copy of the +# GNU General Public License can be found in the file COPYING. +# --- SDE-COPYRIGHT-NOTE-END --- + +. $base/package/*/paxctl/pkg_linux_post.conf diff --git a/security/paxctl/pkg_linux_post.conf b/security/paxctl/pkg_linux_post.conf new file mode 100644 index 000000000..e5f442513 --- /dev/null +++ b/security/paxctl/pkg_linux_post.conf @@ -0,0 +1,28 @@ +# --- SDE-COPYRIGHT-NOTE-BEGIN --- +# This copyright note is auto-generated by ./scripts/Create-CopyPatch. +# +# Filename: package/.../paxctl/pkg_linux_post.conf +# Copyright (C) 2008 The OpenSDE Project +# +# More information can be found in the files COPYING and README. +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; version 2 of the License. A copy of the +# GNU General Public License can be found in the file COPYING. +# --- SDE-COPYRIGHT-NOTE-END --- + +# just include the PaX patch if grsecurity and rsbac are not enabled +# because they include it yet +if ! pkginstalled grsecurity && ! pkginstalled rsbac ; then + pkg_pax_confdir=$base/package/*/paxctl + pkg_pax_lxpatch=`match_source_file -p pax-linux-${ver:0:3} paxctl` + pax_ver=${pkg_pax_lxpatch%.patch} pax_ver=${pax_ver#*linux-} + + # manualy adjusting EXTRAVERSION + hook_add postpatch 5 "lx_extraversion=\$lx_extraversion-pax" + + echo_status "Including PaX support ($pax_ver)" + var_append patchfiles ' ' "$pkg_pax_lxpatch" + var_append lx_confmerge ' ' "$pkg_pax_confdir/kernel-pax.config.in" +fi