1 |
commit: c29a5d5f3be5a22025aa7a783ecfcad5fbbaf548 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Sep 8 23:40:50 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Sep 8 23:40:50 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=c29a5d5f |
7 |
|
8 |
doc/paxctl-ng-design.txt: ready for release as RFC |
9 |
|
10 |
--- |
11 |
doc/paxctl-ng-design.txt | 41 +++++++++++++++++++++++++++++++++++++++-- |
12 |
1 files changed, 39 insertions(+), 2 deletions(-) |
13 |
|
14 |
diff --git a/doc/paxctl-ng-design.txt b/doc/paxctl-ng-design.txt |
15 |
index 18f59f4..9d837cf 100644 |
16 |
--- a/doc/paxctl-ng-design.txt |
17 |
+++ b/doc/paxctl-ng-design.txt |
18 |
@@ -31,9 +31,46 @@ PURPOSAL |
19 |
To avoid ambiguity in Hardened Gentoo and to smooth the transition to a |
20 |
future, we propose the following standards to how pax markings are treated: |
21 |
|
22 |
-1) The kernel. |
23 |
+1) The kernel. The kernel will be patched to force respect of PT_PAX markings |
24 |
+first, and only if these are missing, revert to EI_PAX. If both markings are |
25 |
+misssing, then the kernel will revert to enforcing maximum protection, meaning |
26 |
|
27 |
-2) Userland utility. |
28 |
+ PAGEEXEC enabled |
29 |
+ SEGMEXEC enabled |
30 |
+ MPROTECT enabled |
31 |
+ EMUTRAMP disabled |
32 |
+ RANDMMAP enabled |
33 |
+ |
34 |
+Once xattr pax markings are introduced, then the kernel will be patched to |
35 |
+force respect of xattr markings first. If these are missing, either because |
36 |
+the file has not been pax marked in their xattr fields, or because the |
37 |
+filesystem doesn't support xattrs, then the kernel will revert to using |
38 |
+PT_PAX. If the PT_PAX header is missing, the kernel will then revert to |
39 |
+EI_PAX markings, and if even these are missing, it will finaly revert to |
40 |
+enforcing maximum protection. |
41 |
+ |
42 |
+ |
43 |
+2) Userland utility. A new userland utility will be required to ensure |
44 |
+consistency between the two (eventually three) types of pax markings. |
45 |
+ |
46 |
+If an ELF binary has a PT_PAX header, it will use that for pax markings. |
47 |
+For consistency, and until standards say otherwise, it will also mark |
48 |
+the EI_PAX field with the same flags. |
49 |
+ |
50 |
+If the binary does not have a PT_PAX header, it will not attempt to add |
51 |
+such a header, nor convert a GNU_STACK header. Rather, it will only mark |
52 |
+the EI_PAX fields. |
53 |
+ |
54 |
+When xattr pax markings are introduced, then the utility will try to add |
55 |
+the same markings to all three: xattrs, PT_PAX and EI_PAX. It may fail |
56 |
+to add the markings to either xattrs and/or PT_PAX for the reasons stated |
57 |
+above, but at least the markings will be in EI_PAX. |
58 |
+ |
59 |
+ |
60 |
+3) It is hoped that by the time EI_PAX markings must be deprecated because |
61 |
+ehdr.e_ident[14] and ehdr.e_ident[15] are allocated to some other official |
62 |
+purpose, xattr marking will be fully supported and EI_PAX can be dropped |
63 |
+from both the kernel and the userland utility. |