| 1 |
commit: c29a5d5f3be5a22025aa7a783ecfcad5fbbaf548 |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Sep 8 23:40:50 2011 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Sep 8 23:40:50 2011 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=c29a5d5f |
| 7 |
|
| 8 |
doc/paxctl-ng-design.txt: ready for release as RFC |
| 9 |
|
| 10 |
--- |
| 11 |
doc/paxctl-ng-design.txt | 41 +++++++++++++++++++++++++++++++++++++++-- |
| 12 |
1 files changed, 39 insertions(+), 2 deletions(-) |
| 13 |
|
| 14 |
diff --git a/doc/paxctl-ng-design.txt b/doc/paxctl-ng-design.txt |
| 15 |
index 18f59f4..9d837cf 100644 |
| 16 |
--- a/doc/paxctl-ng-design.txt |
| 17 |
+++ b/doc/paxctl-ng-design.txt |
| 18 |
@@ -31,9 +31,46 @@ PURPOSAL |
| 19 |
To avoid ambiguity in Hardened Gentoo and to smooth the transition to a |
| 20 |
future, we propose the following standards to how pax markings are treated: |
| 21 |
|
| 22 |
-1) The kernel. |
| 23 |
+1) The kernel. The kernel will be patched to force respect of PT_PAX markings |
| 24 |
+first, and only if these are missing, revert to EI_PAX. If both markings are |
| 25 |
+misssing, then the kernel will revert to enforcing maximum protection, meaning |
| 26 |
|
| 27 |
-2) Userland utility. |
| 28 |
+ PAGEEXEC enabled |
| 29 |
+ SEGMEXEC enabled |
| 30 |
+ MPROTECT enabled |
| 31 |
+ EMUTRAMP disabled |
| 32 |
+ RANDMMAP enabled |
| 33 |
+ |
| 34 |
+Once xattr pax markings are introduced, then the kernel will be patched to |
| 35 |
+force respect of xattr markings first. If these are missing, either because |
| 36 |
+the file has not been pax marked in their xattr fields, or because the |
| 37 |
+filesystem doesn't support xattrs, then the kernel will revert to using |
| 38 |
+PT_PAX. If the PT_PAX header is missing, the kernel will then revert to |
| 39 |
+EI_PAX markings, and if even these are missing, it will finaly revert to |
| 40 |
+enforcing maximum protection. |
| 41 |
+ |
| 42 |
+ |
| 43 |
+2) Userland utility. A new userland utility will be required to ensure |
| 44 |
+consistency between the two (eventually three) types of pax markings. |
| 45 |
+ |
| 46 |
+If an ELF binary has a PT_PAX header, it will use that for pax markings. |
| 47 |
+For consistency, and until standards say otherwise, it will also mark |
| 48 |
+the EI_PAX field with the same flags. |
| 49 |
+ |
| 50 |
+If the binary does not have a PT_PAX header, it will not attempt to add |
| 51 |
+such a header, nor convert a GNU_STACK header. Rather, it will only mark |
| 52 |
+the EI_PAX fields. |
| 53 |
+ |
| 54 |
+When xattr pax markings are introduced, then the utility will try to add |
| 55 |
+the same markings to all three: xattrs, PT_PAX and EI_PAX. It may fail |
| 56 |
+to add the markings to either xattrs and/or PT_PAX for the reasons stated |
| 57 |
+above, but at least the markings will be in EI_PAX. |
| 58 |
+ |
| 59 |
+ |
| 60 |
+3) It is hoped that by the time EI_PAX markings must be deprecated because |
| 61 |
+ehdr.e_ident[14] and ehdr.e_ident[15] are allocated to some other official |
| 62 |
+purpose, xattr marking will be fully supported and EI_PAX can be dropped |
| 63 |
+from both the kernel and the userland utility. |
Archives