/[gentoo-x86]/eclass/pax-utils.eclass
Gentoo

Diff of /eclass/pax-utils.eclass

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

Revision 1.5 Revision 1.6
1# Copyright 1999-2006 Gentoo Foundation 1# Copyright 1999-2006 Gentoo Foundation
2# Distributed under the terms of the GNU General Public License v2 2# Distributed under the terms of the GNU General Public License v2
3# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.5 2006/12/02 12:24:50 kevquinn Exp $ 3# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.6 2007/04/24 18:27:11 kevquinn Exp $
4 4
5# Author: 5# Author:
6# Kevin F. Quinn <kevquinn@gentoo.org> 6# Kevin F. Quinn <kevquinn@gentoo.org>
7# 7#
8# This eclass provides support for manipulating PaX markings on ELF 8# This eclass provides support for manipulating PaX markings on ELF
79# Default to both EI and PT markings. 79# Default to both EI and PT markings.
80PAX_MARKINGS=${PAX_MARKINGS:="EI PT"} 80PAX_MARKINGS=${PAX_MARKINGS:="EI PT"}
81 81
82# pax-mark <flags> {<ELF files>} 82# pax-mark <flags> {<ELF files>}
83pax-mark() { 83pax-mark() {
84 local f flags fail=0 failures="" 84 local f flags fail=0 failures="" zero_load_alignment
85 # Ignore '-' characters - in particular so that it doesn't matter if 85 # Ignore '-' characters - in particular so that it doesn't matter if
86 # the caller prefixes with - 86 # the caller prefixes with -
87 flags=${1//-} 87 flags=${1//-}
88 shift 88 shift
89 # Try chpax, for (deprecated) EI legacy marking. 89 # Try chpax, for (deprecated) EI legacy marking.
101 if type -p paxctl > /dev/null && hasq PT ${PAX_MARKINGS}; then 101 if type -p paxctl > /dev/null && hasq PT ${PAX_MARKINGS}; then
102 # Try paxctl, the upstream supported tool. 102 # Try paxctl, the upstream supported tool.
103 einfo "PT PaX marking -${flags}" 103 einfo "PT PaX marking -${flags}"
104 _pax_list_files elog "$@" 104 _pax_list_files elog "$@"
105 for f in "$@"; do 105 for f in "$@"; do
106 # First, try modifying the existing PAX_FLAGS header
106 paxctl -q${flags} "${f}" && continue 107 paxctl -q${flags} "${f}" && continue
108 # Second, try stealing the (unused under PaX) PT_GNU_STACK header
107 paxctl -qc${flags} "${f}" && continue 109 paxctl -qc${flags} "${f}" && continue
110 # Third, try pulling the base down a page, to create space and
111 # insert a PT_GNU_STACK header (works on ET_EXEC)
108 paxctl -qC${flags} "${f}" && continue 112 paxctl -qC${flags} "${f}" && continue
113 # Fourth - check if it loads to 0 (probably an ET_DYN) and if so,
114 # try rebasing with prelink first to give paxctl some space to
115 # grow downwards into.
116 if type -p objdump > /dev/null && type -p prelink > /dev/null; then
117 zero_load_alignment=$(objdump -p "${f}" | \
118 grep -E '^[[:space:]]*LOAD[[:space:]]*off[[:space:]]*0x0+[[:space:]]' | \
119 sed -e 's/.*align\(.*\)/\1/')
120 if [[ ${zero_load_alignment} != "" ]]; then
121 prelink -r $(( 2*(${zero_load_alignment}) )) &&
122 paxctl -qC${flags} "${f}" && continue
123 fi
124 fi
109 fail=1 125 fail=1
110 failures="${failures} ${f}" 126 failures="${failures} ${f}"
111 done 127 done
112 elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then 128 elif type -p scanelf > /dev/null && [[ ${PAX_MARKINGS} != "none" ]]; then
113 # Try scanelf, Gentoo's swiss-army knife ELF utility 129 # Try scanelf, the Gentoo swiss-army knife ELF utility
114 # Currently this sets EI and PT if it can, no option to 130 # Currently this sets EI and PT if it can, no option to
115 # control what it does. 131 # control what it does.
116 einfo "Fallback PaX marking -${flags}" 132 einfo "Fallback PaX marking -${flags}"
117 _pax_list_files elog "$@" 133 _pax_list_files elog "$@"
118 scanelf -Xxz ${flags} "$@" 134 scanelf -Xxz ${flags} "$@"
129 return ${fail} 145 return ${fail}
130} 146}
131 147
132# list-paxables {<files>} 148# list-paxables {<files>}
133list-paxables() { 149list-paxables() {
134 file "$@" 2> /dev/null | grep ELF | sed -e 's/: .*$//' 150 file "$@" 2> /dev/null | grep -E 'ELF.*(executable|shared object)' | sed -e 's/: .*$//'
135} 151}
136 152
137# host-is-pax 153# host-is-pax
138# Note: if procfs is not on /proc, this returns False (e.g. Gentoo/FBSD). 154# Note: if procfs is not on /proc, this returns False (e.g. Gentoo/FBSD).
139host-is-pax() { 155host-is-pax() {

Legend:
Removed from v.1.5  
changed lines
  Added in v.1.6

  ViewVC Help
Powered by ViewVC 1.1.20