karasz
/
package-update
1
0
Fork 0
Code Issues Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5085 Commits
46 Branches
0 Tags
0 B
 
 
 
 
 
 
Branch: user/chris/old/linux-pax
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'user/chris/old/linux-pax'
${ noResults }
package-update/security/paxctl/patches/binutils-2.17.50.0.10-pt_pa...

260 lines
10 KiB
Raw Permalink Blame History

# --- SDE-COPYRIGHT-NOTE-BEGIN ---
# This copyright note is auto-generated by ./scripts/Create-CopyPatch.
#
# Filename: package/.../paxctl/patches/binutils-2.17.50.0.10-pt_pax.patch
# Copyright (C) 2008 The OpenSDE Project
#
# More information can be found in the files COPYING and README.
#
# This patch file is dual-licensed. It is available under the license the
# patched project is licensed under, as long as it is an OpenSource license
# as defined at http://www.opensource.org/ (e.g. BSD, X11) or under the terms
# of the GNU General Public License as published by the Free Software
# Foundation; either version 2 of the License, or (at your option) any later
# version.
# --- SDE-COPYRIGHT-NOTE-END ---
diff -ruN binutils-2.17.50.0.10.orig/bfd/elf-bfd.h binutils-2.17.50.0.10/bfd/elf-bfd.h
--- binutils-2.17.50.0.10.orig/bfd/elf-bfd.h 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/bfd/elf-bfd.h 2007-01-26 16:32:19.000000000 +0100
@@ -1355,6 +1355,9 @@
/* Segment flags for the PT_GNU_STACK segment. */
unsigned int stack_flags;
+ /* Segment flags for the PT_PAX_FLAGS segment. */
+ unsigned int pax_flags;
+
/* Symbol version definitions in external objects. */
Elf_Internal_Verdef *verdef;
diff -ruN binutils-2.17.50.0.10.orig/bfd/elf.c binutils-2.17.50.0.10/bfd/elf.c
--- binutils-2.17.50.0.10.orig/bfd/elf.c 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/bfd/elf.c 2007-01-26 16:32:19.000000000 +0100
@@ -1109,6 +1109,7 @@
case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break;
case PT_GNU_STACK: pt = "STACK"; break;
case PT_GNU_RELRO: pt = "RELRO"; break;
+ case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break;
default: pt = NULL; break;
}
return pt;
@@ -2683,6 +2684,9 @@
case PT_GNU_RELRO:
return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro");
+ case PT_PAX_FLAGS:
+ return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags");
+
default:
/* Check for any processor-specific program segment types. */
bed = get_elf_backend_data (abfd);
@@ -3655,6 +3659,11 @@
++segs;
}
+ {
+ /* We need a PT_PAX_FLAGS segment. */
+ ++segs;
+ }
+
for (s = abfd->sections; s != NULL; s = s->next)
{
if ((s->flags & SEC_LOAD) != 0
@@ -4238,6 +4247,20 @@
pm = &m->next;
}
+ {
+ amt = sizeof (struct elf_segment_map);
+ m = bfd_zalloc (abfd, amt);
+ if (m == NULL)
+ goto error_return;
+ m->next = NULL;
+ m->p_type = PT_PAX_FLAGS;
+ m->p_flags = elf_tdata (abfd)->pax_flags;
+ m->p_flags_valid = 1;
+
+ *pm = m;
+ pm = &m->next;
+ }
+
free (sections);
elf_tdata (abfd)->segment_map = mfirst;
}
@@ -5400,7 +5423,8 @@
6. PT_TLS segment includes only SHF_TLS sections.
7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments.
8. PT_DYNAMIC should not contain empty sections at the beginning
- (with the possible exception of .dynamic). */
+ (with the possible exception of .dynamic).
+ 9. PT_PAX_FLAGS segments does not include any sections. */
#define IS_SECTION_IN_INPUT_SEGMENT(section, segment, bed) \
((((segment->p_paddr \
? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \
@@ -5408,6 +5432,7 @@
&& (section->flags & SEC_ALLOC) != 0) \
|| IS_COREFILE_NOTE (segment, section)) \
&& segment->p_type != PT_GNU_STACK \
+ && segment->p_type != PT_PAX_FLAGS \
&& (segment->p_type != PT_TLS \
|| (section->flags & SEC_THREAD_LOCAL)) \
&& (segment->p_type == PT_LOAD \
diff -ruN binutils-2.17.50.0.10.orig/bfd/elflink.c binutils-2.17.50.0.10/bfd/elflink.c
--- binutils-2.17.50.0.10.orig/bfd/elflink.c 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/bfd/elflink.c 2007-01-26 17:09:17.000000000 +0100
@@ -5286,16 +5286,30 @@
if (!is_elf_hash_table (info->hash))
return TRUE;
+ elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC;
+
+ if (info->execheap)
+ elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT;
+ else if (info->noexecheap)
+ elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT;
+
if (info->execstack)
- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
+ {
+ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
+ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
+ }
else if (info->noexecstack)
- elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
+ {
+ elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
+ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
+ }
else
{
bfd *inputobj;
asection *notesec = NULL;
int exec = 0;
+ elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
for (inputobj = info->input_bfds;
inputobj;
inputobj = inputobj->link_next)
@@ -5308,7 +5322,11 @@
if (s)
{
if (s->flags & SEC_CODE)
- exec = PF_X;
+ {
+ elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP;
+ elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
+ exec = PF_X;
+ }
notesec = s;
}
else
diff -ruN binutils-2.17.50.0.10.orig/binutils/readelf.c binutils-2.17.50.0.10/binutils/readelf.c
--- binutils-2.17.50.0.10.orig/binutils/readelf.c 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/binutils/readelf.c 2007-01-26 16:32:19.000000000 +0100
@@ -2442,6 +2442,7 @@
return "GNU_EH_FRAME";
case PT_GNU_STACK: return "GNU_STACK";
case PT_GNU_RELRO: return "GNU_RELRO";
+ case PT_PAX_FLAGS: return "PAX_FLAGS";
default:
if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC))
diff -ruN binutils-2.17.50.0.10.orig/include/bfdlink.h binutils-2.17.50.0.10/include/bfdlink.h
--- binutils-2.17.50.0.10.orig/include/bfdlink.h 2007-01-22 20:00:01.000000000 +0100
+++ binutils-2.17.50.0.10/include/bfdlink.h 2007-01-26 16:32:19.000000000 +0100
@@ -320,6 +320,14 @@
/* TRUE if PT_GNU_RELRO segment should be created. */
unsigned int relro: 1;
+ /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT
+ flags. */
+ unsigned int execheap: 1;
+
+ /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT
+ flags. */
+ unsigned int noexecheap: 1;
+
/* TRUE if we should warn when adding a DT_TEXTREL to a shared object. */
unsigned int warn_shared_textrel: 1;
diff -ruN binutils-2.17.50.0.10.orig/include/elf/common.h binutils-2.17.50.0.10/include/elf/common.h
--- binutils-2.17.50.0.10.orig/include/elf/common.h 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/include/elf/common.h 2007-01-26 17:13:47.000000000 +0100
@@ -307,12 +307,29 @@
#define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */
#define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */
#define PT_GNU_SHR (PT_LOOS + 0x474e554) /* Sharable segment */
+#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */
/* Program segment permissions, in program header p_flags field. */
#define PF_X (1 << 0) /* Segment is executable */
#define PF_W (1 << 1) /* Segment is writable */
#define PF_R (1 << 2) /* Segment is readable */
+
+/* Flags to control PaX behavior. */
+
+#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */
+#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */
+#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */
+#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */
+#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */
+#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */
+#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */
+#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */
+#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */
+#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */
+#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */
+#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */
+
/* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */
#define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */
#define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */
diff -ruN binutils-2.17.50.0.10.orig/ld/emultempl/elf32.em binutils-2.17.50.0.10/ld/emultempl/elf32.em
--- binutils-2.17.50.0.10.orig/ld/emultempl/elf32.em 2007-01-22 20:00:09.000000000 +0100
+++ binutils-2.17.50.0.10/ld/emultempl/elf32.em 2007-01-26 16:32:19.000000000 +0100
@@ -1906,6 +1906,16 @@
link_info.noexecstack = TRUE;
link_info.execstack = FALSE;
}
+ else if (strcmp (optarg, "execheap") == 0)
+ {
+ link_info.execheap = TRUE;
+ link_info.noexecheap = FALSE;
+ }
+ else if (strcmp (optarg, "noexecheap") == 0)
+ {
+ link_info.noexecheap = TRUE;
+ link_info.execheap = FALSE;
+ }
EOF
if test -n "$COMMONPAGESIZE"; then
@@ -1978,6 +1988,7 @@
fprintf (file, _(" -z combreloc\t\tMerge dynamic relocs into one section and sort\n"));
fprintf (file, _(" -z defs\t\tReport unresolved symbols in object files.\n"));
fprintf (file, _(" -z execstack\t\tMark executable as requiring executable stack\n"));
+ fprintf (file, _(" -z execheap\t\tMark executable as requiring executable heap\n"));
fprintf (file, _(" -z initfirst\t\tMark DSO to be initialized first at runtime\n"));
fprintf (file, _(" -z interpose\t\tMark object to interpose all DSOs but executable\n"));
fprintf (file, _(" -z lazy\t\tMark object lazy runtime binding (default)\n"));
@@ -1990,6 +2001,7 @@
fprintf (file, _(" -z nodlopen\t\tMark DSO not available to dlopen\n"));
fprintf (file, _(" -z nodump\t\tMark DSO not available to dldump\n"));
fprintf (file, _(" -z noexecstack\tMark executable as not requiring executable stack\n"));
+ fprintf (file, _(" -z noexecheap\tMark executable as not requiring executable heap\n"));
EOF
if test -n "$COMMONPAGESIZE"; then
diff -ruN binutils-2.17.50.0.10.orig/ld/ldgram.y binutils-2.17.50.0.10/ld/ldgram.y
--- binutils-2.17.50.0.10.orig/ld/ldgram.y 2006-09-24 17:19:58.000000000 +0200
+++ binutils-2.17.50.0.10/ld/ldgram.y 2007-01-26 16:32:19.000000000 +0100
@@ -1094,6 +1094,8 @@
$$ = exp_intop (0x6474e550);
else if (strcmp (s, "PT_GNU_STACK") == 0)
$$ = exp_intop (0x6474e551);
+ else if (strcmp (s, "PT_PAX_FLAGS") == 0)
+ $$ = exp_intop (0x65041580);
else
{
einfo (_("\