/[gentoo-x86]/eclass/pax-utils.eclass
Gentoo

Diff of /eclass/pax-utils.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.1 Revision 1.2
1# Copyright 1999-2006 Gentoo Foundation 1# Copyright 1999-2006 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.1 2006/01/22 14:18:48 kevquinn Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.2 2006/11/15 22:14:25 kevquinn Exp $
4 4
5# Author: 5# Author:
6# Kevin F. Quinn <kevquinn@gentoo.org> 6# Kevin F. Quinn <kevquinn@gentoo.org>
7# 7#
8# This eclass provides support for manipulating PaX markings on ELF 8# This eclass provides support for manipulating PaX markings on ELF
9# binaries, wrapping the use of the chpax and paxctl utilities. 9# binaries, wrapping the use of the chpax and paxctl utilities.
10 10
11inherit eutils 11inherit eutils
12 12
13##### pax-mark #### 13##### pax-mark ####
14# Mark a file for PaX with the given flags. 14# Mark a file for PaX, with the provided flags, and log it into
15# Tries chpax (EI_FLAGS) and paxctl (PT_FLAGS) if they are installed. 15# a PaX database. Returns non-zero if flag marking failed.
16# If neither are installed, returns 0 (i.e. has no effect on non-PaX
17# systems unless the owner has installed chpax and/or paxctl).
18# Deliberately does _not_ check whether the build system is PaX or not.
19# 16#
20# Syntax: 17# If paxctl is installed, but not chpax, then the legacy
21# pax-mark [-q] {<flags>} [{<files>}] 18# EI flags (which are not strip-safe) will not be set.
22# 19# If neither are installed, falls back to scanelf (which
23# -q: do things quietly (no einfo/ewarn) 20# is always present, but currently doesn't quite do all
24# 21# that paxctl can do).
25# There must be at least one <flags>, and can include:
26# -execstack equivalent to -E
27# -execheap equivalent to -m
28# -unrestricted equivalent to -psmxer
29# -{[pPsSmMxXeErR]} as used direcly by chpax/paxctl
30#
31# Where more than one flag is given they are concatenated.
32#
33# {<files>} may be empty, so it's safe to use for example the results
34# of a find that may not return any results.
35#
36# Return codes:
37# 0: for all files, all installed utilities succeed.
38# 1: No flags specified
39# >1: bit 2 => chpax failed, bit 3 => paxctl failed
40 22
41pax-mark() { 23pax-mark() {
42 local flags ret quiet 24 local flags fail=0
43 # Fail if no parameters at all (especially no flags)
44 [[ -z $1 ]] && return 1
45 flags= 25 flags=$1
46 ret=0
47 quiet=
48 while [[ ${1:0:1} == "-" ]]; do
49 case ${1} in
50 -execstack)
51 flags="${flags}E"
52 ;;
53 -execheap)
54 flags="${flags}m"
55 ;;
56 -unrestricted)
57 flags="${flags}psmxer"
58 ;;
59 -q)
60 quiet="/bin/false "
61 ;;
62 *)
63 flags="${flags}${1:1}"
64 ;;
65 esac
66 shift 26 shift
67 done
68 # Fail if no flags given
69 [[ -z ${flags} ]] && return 1
70 # Quietly exit if no files given
71 [[ -z $1 ]] && return 0
72 if [[ -x /sbin/chpax ]]; then 27 if [[ -x /sbin/chpax ]]; then
73 if /sbin/chpax -${flags} $*; then 28 einfo "Legacy EI PaX marking $* with ${flags}"
74 ${quiet} einfo "PaX EI flags set to ${flags} on $*" 29 /sbin/chpax -${flags} $* || fail=1
75 else
76 ${quiet} ewarn "Failed to set EI flags to ${flags} on $*"
77 (( ret=${ret}|2 ))
78 fi
79 fi 30 fi
80 if [[ -x /sbin/paxctl ]]; then 31 if [[ -x /sbin/paxctl ]]; then
81 # Steal PT_GNU_STACK if paxctl supports it 32 einfo "PT PaX marking $* with ${flags}"
82 /sbin/paxctl -v 2>&1 | grep PT_GNU_STACK > /dev/null && \
83 flags="c${flags}"
84 if /sbin/paxctl -${flags} $*; then 33 /sbin/paxctl -${flags} $* ||
85 ${quiet} einfo "PaX PT flags set to ${flags} on $*" 34 /sbin/paxctl -c${flags} $* ||
35 /sbin/paxctl -C${flags} $* || fail=1
36 elif [[ -x /usr/bin/scanelf ]]; then
37 einfo "Fallback PaX marking $* with ${flags}"
38 /usr/bin/scanelf -Xxz ${flags} $*
86 else 39 else
87 ${quiet} ewarn "Failed to set PT flags to ${flags} on $*" 40 ewarn "Failed to set PaX markings ${flags} for files $*. Executables may be killed by PaX kernels."
88 (( ret=${ret}|4)) 41 fail=1
89 fi
90 fi 42 fi
91 return ${ret} 43 return ${fail}
92} 44}
45
46##### host-is-pax
47# Indicates whether the build machine has PaX or not; intended for use
48# where the build process must be modified conditionally in order to satisfy PaX.
49host-is-pax() {
50 # We need procfs to work this out. PaX is only available on Linux,
51 # so result is always false on non-linux machines (e.g. Gentoo/*BSD)
52 [[ -e /proc/self/status ]] || return 1
53 grep ^PaX: /proc/self/status > /dev/null
54 return $?
55}

Legend:
Removed from v.1.1  
changed lines
  Added in v.1.2

  ViewVC Help
Powered by ViewVC 1.1.20