/[gentoo-projects]/pax-utils/scanelf.c
Gentoo

Diff of /pax-utils/scanelf.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.101 Revision 1.102
1/* 1/*
2 * Copyright 2003-2006 Gentoo Foundation 2 * Copyright 2003-2006 Gentoo Foundation
3 * Distributed under the terms of the GNU General Public License v2 3 * Distributed under the terms of the GNU General Public License v2
4 * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.101 2006/01/10 01:40:15 vapier Exp $ 4 * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.102 2006/01/11 01:12:12 vapier Exp $
5 * 5 *
6 * Copyright 2003-2006 Ned Ludd - <solar@gentoo.org> 6 * Copyright 2003-2006 Ned Ludd - <solar@gentoo.org>
7 * Copyright 2004-2006 Mike Frysinger - <vapier@gentoo.org> 7 * Copyright 2004-2006 Mike Frysinger - <vapier@gentoo.org>
8 */ 8 */
9 9
10#include "paxinc.h" 10#include "paxinc.h"
11 11
12static const char *rcsid = "$Id: scanelf.c,v 1.101 2006/01/10 01:40:15 vapier Exp $"; 12static const char *rcsid = "$Id: scanelf.c,v 1.102 2006/01/11 01:12:12 vapier Exp $";
13#define argv0 "scanelf" 13#define argv0 "scanelf"
14 14
15#define IS_MODIFIER(c) (c == '%' || c == '#') 15#define IS_MODIFIER(c) (c == '%' || c == '#')
16 16
17 17
53static char *find_lib = NULL; 53static char *find_lib = NULL;
54static char *out_format = NULL; 54static char *out_format = NULL;
55static char *search_path = NULL; 55static char *search_path = NULL;
56static char fix_elf = 0; 56static char fix_elf = 0;
57static char gmatch = 0; 57static char gmatch = 0;
58static char printcache = 0; 58static char use_ldcache = 0;
59 59
60 60
61caddr_t ldcache = 0; 61caddr_t ldcache = 0;
62size_t ldcache_size = 0; 62size_t ldcache_size = 0;
63 63
361 warnf("ELF %s has TEXTREL markings but doesnt appear to have any real TEXTREL's !?", elf->filename); 361 warnf("ELF %s has TEXTREL markings but doesnt appear to have any real TEXTREL's !?", elf->filename);
362 362
363 return NULL; 363 return NULL;
364} 364}
365 365
366static void rpath_security_checks(elfobj *, char *); 366static void rpath_security_checks(elfobj *, char *, const char *);
367static void rpath_security_checks(elfobj *elf, char *item) 367static void rpath_security_checks(elfobj *elf, char *item, const char *dt_type)
368{ 368{
369 struct stat st; 369 struct stat st;
370 switch (*item) { 370 switch (*item) {
371 case '/': break; 371 case '/': break;
372 case '.': 372 case '.':
373 warnf("Security problem with relative RPATH '%s' in %s", item, elf->filename); 373 warnf("Security problem with relative %s '%s' in %s", dt_type, item, elf->filename);
374 break; 374 break;
375 case ':': 375 case ':':
376 case '\0': 376 case '\0':
377 warnf("Security problem NULL RPATH in %s", elf->filename); 377 warnf("Security problem NULL %s in %s", dt_type, elf->filename);
378 break; 378 break;
379 case '$': 379 case '$':
380 if (fstat(elf->fd, &st) != -1) 380 if (fstat(elf->fd, &st) != -1)
381 if ((st.st_mode & S_ISUID) || (st.st_mode & S_ISGID)) 381 if ((st.st_mode & S_ISUID) || (st.st_mode & S_ISGID))
382 warnf("Security problem with RPATH='%s' in %s with mode set of %o", 382 warnf("Security problem with %s='%s' in %s with mode set of %o",
383 item, elf->filename, st.st_mode & 07777); 383 dt_type, item, elf->filename, st.st_mode & 07777);
384 break; 384 break;
385 default: 385 default:
386 warnf("Maybe? sec problem with RPATH='%s' in %s", item, elf->filename); 386 warnf("Maybe? sec problem with %s='%s' in %s", dt_type, item, elf->filename);
387 break; 387 break;
388 } 388 }
389} 389}
390static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len) 390static void scanelf_file_rpath(elfobj *elf, char *found_rpath, char **ret, size_t *ret_len)
391{ 391{
436 /* note that we only 'chop' off leading known paths. */ \ 436 /* note that we only 'chop' off leading known paths. */ \
437 /* since *r is read-only memory, we can only move the ptr forward. */ \ 437 /* since *r is read-only memory, we can only move the ptr forward. */ \
438 start = *r; \ 438 start = *r; \
439 /* scan each path in : delimited list */ \ 439 /* scan each path in : delimited list */ \
440 while (start) { \ 440 while (start) { \
441 rpath_security_checks(elf, start); \ 441 rpath_security_checks(elf, start, get_elfdtype(word)); \
442 end = strchr(start, ':'); \ 442 end = strchr(start, ':'); \
443 len = (end ? abs(end - start) : strlen(start)); \ 443 len = (end ? abs(end - start) : strlen(start)); \
444 if (use_ldcache) \
444 for (s = 0; ldpaths[s]; ++s) { \ 445 for (s = 0; ldpaths[s]; ++s) \
445 if (!strncmp(ldpaths[s], start, len) && !ldpaths[s][len]) { \ 446 if (!strncmp(ldpaths[s], start, len) && !ldpaths[s][len]) { \
446 *r = (end ? end + 1 : NULL); \ 447 *r = end; \
448 /* corner case ... if RPATH reads "/usr/lib:", we want \
449 * to show ':' rather than '' */ \
450 if (end && end[1] != '\0') \
451 (*r)++; \
447 break; \ 452 break; \
448 } \ 453 } \
449 } \
450 if (!*r || !end) \ 454 if (!*r || !end) \
451 break; \ 455 break; \
452 else \ 456 else \
453 start = start + len + 1; \ 457 start = start + len + 1; \
454 } \ 458 } \
455 } \ 459 } \
456 if (*r) { \ 460 if (*r) { \
457 *found_rpath = 1; \
458 if (fix_elf > 2 || *r == '\0') { \ 461 if (fix_elf > 2 || **r == '\0') { \
459 /* just nuke it */ \ 462 /* just nuke it */ \
460 nuke_it##B: \ 463 nuke_it##B: \
464 *r = NULL; \
461 ESET(dyn->d_tag, DT_DEBUG); \ 465 ESET(dyn->d_tag, DT_DEBUG); \
462 } else if (fix_elf) { \ 466 } else if (fix_elf) { \
463 /* try to clean "bad" paths */ \ 467 /* try to clean "bad" paths */ \
464 size_t len, tmpdir_len; \ 468 size_t len, tmpdir_len; \
465 char *start, *end; \ 469 char *start, *end; \
485 } \ 489 } \
486 if (!end) \ 490 if (!end) \
487 break; \ 491 break; \
488 start = end + 1; \ 492 start = end + 1; \
489 } \ 493 } \
494 if (**r == '\0') \
495 goto nuke_it##B; \
490 } \ 496 } \
497 if (*r) \
498 *found_rpath = 1; \
491 } \ 499 } \
492 } \ 500 } \
493 ++dyn; \ 501 ++dyn; \
494 } \ 502 } \
495 } } 503 } }
634 } \ 642 } \
635 needed = (char*)(elf->data + offset); \ 643 needed = (char*)(elf->data + offset); \
636 if (op == 0) { \ 644 if (op == 0) { \
637 if (!be_wewy_wewy_quiet) { \ 645 if (!be_wewy_wewy_quiet) { \
638 if (*found_needed) xchrcat(ret, ',', ret_len); \ 646 if (*found_needed) xchrcat(ret, ',', ret_len); \
639 if (printcache) \ 647 if (use_ldcache) \
640 if ((p = lookup_cache_lib(elf, needed)) != NULL) \ 648 if ((p = lookup_cache_lib(elf, needed)) != NULL) \
641 needed = p; \ 649 needed = p; \
642 xstrcat(ret, needed, ret_len); \ 650 xstrcat(ret, needed, ret_len); \
643 } \ 651 } \
644 *found_needed = 1; \ 652 *found_needed = 1; \
1192 "Print PaX markings", 1200 "Print PaX markings",
1193 "Print GNU_STACK/PT_LOAD markings", 1201 "Print GNU_STACK/PT_LOAD markings",
1194 "Print TEXTREL information", 1202 "Print TEXTREL information",
1195 "Print RPATH information", 1203 "Print RPATH information",
1196 "Print NEEDED information", 1204 "Print NEEDED information",
1197 "Resolve NEEDED information (use with -n)", 1205 "Utilize ld.so.cache information (use with -r/-n)",
1198 "Print INTERP information", 1206 "Print INTERP information",
1199 "Print BIND information", 1207 "Print BIND information",
1200 "Print SONAME information", 1208 "Print SONAME information",
1201 "Find a specified symbol", 1209 "Find a specified symbol",
1202 "Find a specified library", 1210 "Find a specified library",
1292 out_format = optarg; 1300 out_format = optarg;
1293 break; 1301 break;
1294 } 1302 }
1295 1303
1296 case 'g': gmatch = 1; /* break; any reason we dont breal; here ? */ 1304 case 'g': gmatch = 1; /* break; any reason we dont breal; here ? */
1297 case 'L': printcache = 1; break; 1305 case 'L': use_ldcache = 1; break;
1298 case 'y': scan_symlink = 0; break; 1306 case 'y': scan_symlink = 0; break;
1299 case 'B': show_banner = 0; break; 1307 case 'B': show_banner = 0; break;
1300 case 'l': scan_ldpath = 1; break; 1308 case 'l': scan_ldpath = 1; break;
1301 case 'p': scan_envpath = 1; break; 1309 case 'p': scan_envpath = 1; break;
1302 case 'R': dir_recurse = 1; break; 1310 case 'R': dir_recurse = 1; break;
1375 if (!be_quiet) xstrcat(&out_format, "%F ", &fmt_len); 1383 if (!be_quiet) xstrcat(&out_format, "%F ", &fmt_len);
1376 } 1384 }
1377 if (be_verbose > 2) printf("Format: %s\n", out_format); 1385 if (be_verbose > 2) printf("Format: %s\n", out_format);
1378 1386
1379 /* now lets actually do the scanning */ 1387 /* now lets actually do the scanning */
1380 if (scan_ldpath || (show_rpath && be_quiet)) 1388 if (scan_ldpath || use_ldcache)
1381 load_ld_so_conf(); 1389 load_ld_so_conf();
1382 if (scan_ldpath) scanelf_ldpath(); 1390 if (scan_ldpath) scanelf_ldpath();
1383 if (scan_envpath) scanelf_envpath(); 1391 if (scan_envpath) scanelf_envpath();
1384 if (from_file) { 1392 if (from_file) {
1385 scanelf_from_file(from_file); 1393 scanelf_from_file(from_file);

Legend:
Removed from v.1.101  
changed lines
  Added in v.1.102

  ViewVC Help
Powered by ViewVC 1.1.20