| 1 |
blueness 11/07/02 17:03:51 |
| 2 |
|
| 3 |
Modified: pax-utils.eclass |
| 4 |
Log: |
| 5 |
Make dependency on pax-utils and paxctl explicit |
| 6 |
|
| 7 |
Revision Changes Path |
| 8 |
1.12 eclass/pax-utils.eclass |
| 9 |
|
| 10 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.12&view=markup |
| 11 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?rev=1.12&content-type=text/plain |
| 12 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/eclass/pax-utils.eclass?r1=1.11&r2=1.12 |
| 13 |
|
| 14 |
Index: pax-utils.eclass |
| 15 |
=================================================================== |
| 16 |
RCS file: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v |
| 17 |
retrieving revision 1.11 |
| 18 |
retrieving revision 1.12 |
| 19 |
diff -u -r1.11 -r1.12 |
| 20 |
--- pax-utils.eclass 22 May 2011 01:01:40 -0000 1.11 |
| 21 |
+++ pax-utils.eclass 2 Jul 2011 17:03:51 -0000 1.12 |
| 22 |
@@ -1,6 +1,6 @@ |
| 23 |
# Copyright 1999-2011 Gentoo Foundation |
| 24 |
# Distributed under the terms of the GNU General Public License v2 |
| 25 |
-# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.11 2011/05/22 01:01:40 blueness Exp $ |
| 26 |
+# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.12 2011/07/02 17:03:51 blueness Exp $ |
| 27 |
|
| 28 |
# @ECLASS: pax-utils.eclass |
| 29 |
# @MAINTAINER: |
| 30 |
@@ -25,6 +25,11 @@ |
| 31 |
|
| 32 |
inherit eutils |
| 33 |
|
| 34 |
+IUSE="hardened" |
| 35 |
+ |
| 36 |
+DEPEND="hardened? ( app-misc/pax-utils |
| 37 |
+ sys-apps/paxctl )" |
| 38 |
+ |
| 39 |
# Default to PT markings. |
| 40 |
PAX_MARKINGS=${PAX_MARKINGS:="PT"} |
| 41 |
|
| 42 |
@@ -51,6 +56,10 @@ |
| 43 |
# Either ask on the gentoo-hardened mailing list, or CC/assign hardened@g.o on |
| 44 |
# the bug report. |
| 45 |
pax-mark() { |
| 46 |
+ # It doesn't make sense to pax-mark on non-hardened systems |
| 47 |
+ # so we'll just do nothing. |
| 48 |
+ use hardened || return 0; |
| 49 |
+ |
| 50 |
local f flags fail=0 failures="" zero_load_alignment |
| 51 |
# Ignore '-' characters - in particular so that it doesn't matter if |
| 52 |
# the caller prefixes with - |
| 53 |
@@ -69,18 +78,23 @@ |
| 54 |
# Third, try pulling the base down a page, to create space and |
| 55 |
# insert a PT_GNU_STACK header (works on ET_EXEC) |
| 56 |
paxctl -qC${flags} "${f}" && continue |
| 57 |
+ # |
| 58 |
+ # prelink is masked on hardened so we wont use this method. |
| 59 |
+ # We're working on a new utiity to try to do the same safely. See |
| 60 |
+ # http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=summary |
| 61 |
+ # |
| 62 |
# Fourth - check if it loads to 0 (probably an ET_DYN) and if so, |
| 63 |
# try rebasing with prelink first to give paxctl some space to |
| 64 |
# grow downwards into. |
| 65 |
- if type -p objdump > /dev/null && type -p prelink > /dev/null; then |
| 66 |
- zero_load_alignment=$(objdump -p "${f}" | \ |
| 67 |
- grep -E '^[[:space:]]*LOAD[[:space:]]*off[[:space:]]*0x0+[[:space:]]' | \ |
| 68 |
- sed -e 's/.*align\(.*\)/\1/') |
| 69 |
- if [[ ${zero_load_alignment} != "" ]]; then |
| 70 |
- prelink -r $(( 2*(${zero_load_alignment}) )) && |
| 71 |
- paxctl -qC${flags} "${f}" && continue |
| 72 |
- fi |
| 73 |
- fi |
| 74 |
+ #if type -p objdump > /dev/null && type -p prelink > /dev/null; then |
| 75 |
+ # zero_load_alignment=$(objdump -p "${f}" | \ |
| 76 |
+ # grep -E '^[[:space:]]*LOAD[[:space:]]*off[[:space:]]*0x0+[[:space:]]' | \ |
| 77 |
+ # sed -e 's/.*align\(.*\)/\1/') |
| 78 |
+ # if [[ ${zero_load_alignment} != "" ]]; then |
| 79 |
+ # prelink -r $(( 2*(${zero_load_alignment}) )) && |
| 80 |
+ # paxctl -qC${flags} "${f}" && continue |
| 81 |
+ # fi |
| 82 |
+ #fi |
| 83 |
fail=1 |
| 84 |
failures="${failures} ${f}" |
| 85 |
done |
Archives