Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Francisco Blas Izquierdo Riera <klondike@×××××××××.es>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] proj/hardened-docs:master commit in: xml/
Date: Mon, 02 Apr 2012 15:50:39
Message-Id: 1333381749.036119a286cf69f29a0aad81ee98d5f1128cdf1f.klondike@gentoo
1 commit: 036119a286cf69f29a0aad81ee98d5f1128cdf1f
2 Author: klondike <klondike <AT> xiscosoft <DOT> es>
3 AuthorDate: Mon Apr 2 15:49:09 2012 +0000
4 Commit: Francisco Blas Izquierdo Riera <klondike <AT> xiscosoft <DOT> es>
5 CommitDate: Mon Apr 2 15:49:09 2012 +0000
6 URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-docs.git;a=commit;h=036119a2
7
8 WIP on the revdep-pax guide
9
10 ---
11 xml/revdep-pax.xml | 740 ++++++++++++++++++++++++++++++++++++++++++++++++++++
12 1 files changed, 740 insertions(+), 0 deletions(-)
13
14 diff --git a/xml/revdep-pax.xml b/xml/revdep-pax.xml
15 new file mode 100644
16 index 0000000..ba9f822
17 --- /dev/null
18 +++ b/xml/revdep-pax.xml
19 @@ -0,0 +1,740 @@
20 +<?xml version='1.0' encoding="UTF-8"?>
21 +<!DOCTYPE guide SYSTEM "/dtd/guide.dtd">
22 +<!-- $Header: $ -->
23 +
24 +<guide>
25 +<title>Gentoo revdep-pax introduction</title>
26 +
27 +<author title="Author">
28 + <mail link="klondike"/>
29 +</author>
30 +
31 +<abstract>
32 +This guide provides an introduction to revdep-pax and how to use it to propagate
33 +the PaC markings caused by libraries requiring them, for example, libraries
34 +requiring RWX memory in order to process JIT code.
35 +</abstract>
36 +
37 +<!-- The content of this document is licensed under the CC-BY-SA license -->
38 +<!-- See http://creativecommons.org/licenses/by-sa/2.5 -->
39 +<license/>
40 +
41 +<version>1</version>
42 +<date>2012-02-19</date>
43 +
44 +<chapter>
45 +<title>What's <c>revdep-pax</c> about?</title>
46 +
47 +<p by="Geroge Orwell">
48 +Since the early days of PaX it was known that all programs were equal although
49 +some were more equal than others and needed an environment with less
50 +restrictions in order to be able to run. Thus, in order to have a secure way of
51 +allowing system administrators and users telling the system which binaries
52 +needed this lessened environment the PaX marks were created.
53 +</p>
54 +
55 +<section>
56 +<title>A quick introduction to PaX markings.</title>
57 +<body>
58 +
59 +<p>
60 +There are some programs which won't be able to run in an environment with all
61 +the PaX features enabled, for example you may have a program which has so called
62 +<e>text relocations</e> or you may have a language interpreter doing JIT code
63 +compilation and requiring <e>RWX</e> mappings you may also have a program that
64 +saves data including internal pointers into an mmaped file and which needs to be
65 +restored in the same place no matter what. You could also be holding a security
66 +competition and need to disable the execution restrictions and force it to
67 +use fixed addresses on a particular program so it can be exploited doing a
68 +simple nop sled based stack overflow to get to the next level. For taking into
69 +account these issues binaries can be marked to force on or off some of the PaX
70 +features.
71 +</p>
72 +
73 +<p>
74 +Currently, the PaX features that can be lessened or enforced to allow programs
75 +to run are:
76 +</p>
77 +
78 +<dl>
79 + <dt><b>PAGEEXEC</b></dt>
80 + <dd>Paging based execution restrictions. This is what other OSes know as
81 + <e>NX</e>.</dd>
82 + <dt><b>EMUTRAMP</b></dt>
83 + <dd>Trampoline emulation. Required by for amongst other things code with
84 + nested functions.</dd>
85 + <dt><b>MPROTECT</b></dt>
86 + <dd>Prevents the introduction of new executable code in the task. This is the
87 + one you are more likely to need disabling with libraries generating JIT code.
88 + </dd>
89 + <dt><b>RANDMMAP</b></dt>
90 + <dd>Randomizes the addresses where mappings are made unless the program
91 + explicitly requests one (using the MAP_FIXED flag).</dd>
92 + <dt><b>RANDEXEC</b></dt>
93 + <dd>This flag is currently deprecated and was used to enforce random placement
94 + of the executable part of the binary.</dd>
95 + <dt><b>SEGMEXEC</b></dt>
96 + <dd>This flag enables segmentation based execution protection. This feature is
97 + not available on the amd64 architecture so in that architecture is disables by
98 + default.</dd>
99 +</dl>
100 +
101 +<p>
102 +There are various ways in which this advice to lessen the environment can be
103 +provided to the system, amongst others Mandatory Access Control rules, extended
104 +attributes and two kinds of markings on the binaries themselves, the legacy ones
105 +which abuse an unused field in the ELF headers and the new ones which add a new
106 +specific section to the ELF file with the markings.
107 +</p>
108 +
109 +<p>
110 +All this markings though are only read in the executable and not in the
111 +libraries linked by it to prevent some possible attacks (like libraries being
112 +injected via LD_PRELOAD) and because it eases a lot the implementation since the
113 +kernel shouldn't be aware of linking details.
114 +</p>
115 +
116 +<p>
117 +This system has a problem: if we have a binary linking to a library which
118 +requires, for example, trampoline emulation because it uses nested functions how
119 +can we make sure the binary gets the propper markings? Yeah we could add PaX
120 +marks to the library to state it needs trampoline emulation but still we haven't
121 +fixed the issue since the kernel will only read the marks on the binary being
122 +called. In order to solve this issue we have created <c>revdep-pax</c>.
123 +</p>
124 +
125 +</body>
126 +</section>
127 +<section>
128 +<title>What's <c>revdep-pax</c>?</title>
129 +<body>
130 +
131 +<p>
132 +<c>revdep-pax</c> is a tool that allows to check for differences in PaX markings
133 +between elf objects linking to libraries (for example <path>/bin/bash</path>)
134 +and the libraries themselves (for example <path>/lib64/libc.so.6</path>).
135 +</p>
136 +
137 +<p>
138 +<c>revdep-pax</c> is able to do this in various ways, it can check for
139 +differences <e>forward</e> from one binary to all the libraries it links and it
140 +can also check for PaX marking differences <e>backwards</e> from one library to
141 +all the binaries linking to it (which may include other libraries too). In a
142 +similar way it is possible to have all the forward and reverse mappings in the
143 +system checked to try finding issues.
144 +</p>
145 +
146 +<p>
147 +<c>revdep-pax</c> is also able to propagate these markings both forward to the
148 +libraries linked by an object and backwards to the objects linked by a library.
149 +</p>
150 +
151 +</body>
152 +</section>
153 +</chapter>
154 +
155 +<chapter>
156 +<title>Using <c>revdep-pax</c></title>
157 +
158 +<p by="The Emperor">
159 +In order to witness the firepower of this fully ARMED and OPERATIONAL tool
160 +you'll first need to learn how to use it, once you are done, you'll be
161 +able to fire at will.
162 +</p>
163 +
164 +<section>
165 +<title>Propagating PaX marks backwards from a library to objects that link at it
166 +</title>
167 +<body>
168 +
169 +<p>
170 +This is going to be probably the main way in which you are going to use this
171 +utility. What it does is check all the libraries linked statically
172 +The <c>scanelf</c> application is part of the <c>app-misc/pax-utils</c> package.
173 +With this application you can print out information specific to the ELF
174 +structure of a binary. The following table sums up the various options.
175 +</p>
176 +
177 +<table>
178 +<tr>
179 + <th>Option</th>
180 + <th>Long Option</th>
181 + <th>Description</th>
182 +</tr>
183 +<tr>
184 + <ti>-p</ti>
185 + <ti>--path</ti>
186 + <ti>Scan all directories in PATH environment</ti>
187 +</tr>
188 +<tr>
189 + <ti>-l</ti>
190 + <ti>--ldpath</ti>
191 + <ti>Scan all directories in /etc/ld.so.conf</ti>
192 +</tr>
193 +<tr>
194 + <ti>-R</ti>
195 + <ti>--recursive</ti>
196 + <ti>Scan directories recursively</ti>
197 +</tr>
198 +<tr>
199 + <ti>-m</ti>
200 + <ti>--mount</ti>
201 + <ti>Don't recursively cross mount points</ti>
202 +</tr>
203 +<tr>
204 + <ti>-y</ti>
205 + <ti>--symlink</ti>
206 + <ti>Don't scan symlinks</ti>
207 +</tr>
208 +<tr>
209 + <ti>-A</ti>
210 + <ti>--archives</ti>
211 + <ti>Scan archives (.a files)</ti>
212 +</tr>
213 +<tr>
214 + <ti>-L</ti>
215 + <ti>--ldcache</ti>
216 + <ti>Utilize ld.so.cache information (use with -r/-n)</ti>
217 +</tr>
218 +<tr>
219 + <ti>-X</ti>
220 + <ti>--fix</ti>
221 + <ti>Try and 'fix' bad things (use with -r/-e)</ti>
222 +</tr>
223 +<tr>
224 + <ti>-z [arg]</ti>
225 + <ti>--setpax [arg]</ti>
226 + <ti>Sets EI_PAX/PT_PAX_FLAGS to [arg] (use with -Xx)</ti>
227 +</tr>
228 +<tr>
229 + <th>Option</th>
230 + <th>Long Option</th>
231 + <th>Description</th>
232 +</tr>
233 +<tr>
234 + <ti>-x</ti>
235 + <ti>--pax</ti>
236 + <ti>Print PaX markings</ti>
237 +</tr>
238 +<tr>
239 + <ti>-e</ti>
240 + <ti>--header</ti>
241 + <ti>Print GNU_STACK/PT_LOAD markings</ti>
242 +</tr>
243 +<tr>
244 + <ti>-t</ti>
245 + <ti>--textrel</ti>
246 + <ti>Print TEXTREL information</ti>
247 +</tr>
248 +<tr>
249 + <ti>-r</ti>
250 + <ti>--rpath</ti>
251 + <ti>Print RPATH information</ti>
252 +</tr>
253 +<tr>
254 + <ti>-n</ti>
255 + <ti>--needed</ti>
256 + <ti>Print NEEDED information</ti>
257 +</tr>
258 +<tr>
259 + <ti>-i</ti>
260 + <ti>--interp</ti>
261 + <ti>Print INTERP information</ti>
262 +</tr>
263 +<tr>
264 + <ti>-b</ti>
265 + <ti>--bind</ti>
266 + <ti>Print BIND information</ti>
267 +</tr>
268 +<tr>
269 + <ti>-S</ti>
270 + <ti>--soname</ti>
271 + <ti>Print SONAME information</ti>
272 +</tr>
273 +<tr>
274 + <ti>-s [arg]</ti>
275 + <ti>--symbol [arg]</ti>
276 + <ti>Find a specified symbol</ti>
277 +</tr>
278 +<tr>
279 + <ti>-k [arg]</ti>
280 + <ti>--section [arg]</ti>
281 + <ti>Find a specified section</ti>
282 +</tr>
283 +<tr>
284 + <ti>-N [arg]</ti>
285 + <ti>--lib [arg]</ti>
286 + <ti>Find a specified library</ti>
287 +</tr>
288 +<tr>
289 + <ti>-g</ti>
290 + <ti>--gmatch</ti>
291 + <ti>Use strncmp to match libraries. (use with -N)</ti>
292 +</tr>
293 +<tr>
294 + <ti>-T</ti>
295 + <ti>--textrels</ti>
296 + <ti>Locate cause of TEXTREL</ti>
297 +</tr>
298 +<tr>
299 + <ti>-E [arg]</ti>
300 + <ti>--etype [arg]</ti>
301 + <ti>Print only ELF files matching etype ET_DYN,ET_EXEC ...</ti>
302 +</tr>
303 +<tr>
304 + <ti>-M [arg]</ti>
305 + <ti>--bits [arg]</ti>
306 + <ti>Print only ELF files matching numeric bits</ti>
307 +</tr>
308 +<tr>
309 + <ti>-a</ti>
310 + <ti>--all</ti>
311 + <ti>Print all scanned info (-x -e -t -r -b)</ti>
312 +</tr>
313 +<tr>
314 + <th>Option</th>
315 + <th>Long Option</th>
316 + <th>Description</th>
317 +</tr>
318 +<tr>
319 + <ti>-q</ti>
320 + <ti>--quiet</ti>
321 + <ti>Only output 'bad' things</ti>
322 +</tr>
323 +<tr>
324 + <ti>-v</ti>
325 + <ti>--verbose</ti>
326 + <ti>Be verbose (can be specified more than once)</ti>
327 +</tr>
328 +<tr>
329 + <ti>-F [arg]</ti>
330 + <ti>--format [arg]</ti>
331 + <ti>Use specified format for output</ti>
332 +</tr>
333 +<tr>
334 + <ti>-f [arg]</ti>
335 + <ti>--from [arg]</ti>
336 + <ti>Read input stream from a filename</ti>
337 +</tr>
338 +<tr>
339 + <ti>-o [arg]</ti>
340 + <ti>--file [arg]</ti>
341 + <ti>Write output stream to a filename</ti>
342 +</tr>
343 +<tr>
344 + <ti>-B</ti>
345 + <ti>--nobanner</ti>
346 + <ti>Don't display the header</ti>
347 +</tr>
348 +<tr>
349 + <ti>-h</ti>
350 + <ti>--help</ti>
351 + <ti>Print this help and exit</ti>
352 +</tr>
353 +<tr>
354 + <ti>-V</ti>
355 + <ti>--version</ti>
356 + <ti>Print version and exit</ti>
357 +</tr>
358 +</table>
359 +
360 +<p>
361 +The format specifiers for the <c>-F</c> option are given in the following table.
362 +Prefix each specifier with <c>%</c> (verbose) or <c>#</c> (silent) accordingly.
363 +</p>
364 +
365 +<table>
366 +<tr>
367 + <th>Specifier</th>
368 + <th>Full Name</th>
369 + <th>Specifier</th>
370 + <th>Full Name</th>
371 +</tr>
372 +<tr>
373 + <ti>F</ti>
374 + <ti>Filename</ti>
375 + <ti>x</ti>
376 + <ti>PaX Flags</ti>
377 +</tr>
378 +<tr>
379 + <ti>e</ti>
380 + <ti>STACK/RELRO</ti>
381 + <ti>t</ti>
382 + <ti>TEXTREL</ti>
383 +</tr>
384 +<tr>
385 + <ti>r</ti>
386 + <ti>RPATH</ti>
387 + <ti>n</ti>
388 + <ti>NEEDED</ti>
389 +</tr>
390 +<tr>
391 + <ti>i</ti>
392 + <ti>INTERP</ti>
393 + <ti>b</ti>
394 + <ti>BIND</ti>
395 +</tr>
396 +<tr>
397 + <ti>s</ti>
398 + <ti>Symbol</ti>
399 + <ti>N</ti>
400 + <ti>Library</ti>
401 +</tr>
402 +<tr>
403 + <ti>o</ti>
404 + <ti>Type</ti>
405 + <ti>p</ti>
406 + <ti>File name</ti>
407 +</tr>
408 +<tr>
409 + <ti>f</ti>
410 + <ti>Base file name</ti>
411 + <ti>k</ti>
412 + <ti>Section</ti>
413 +</tr>
414 +<tr>
415 + <ti>a</ti>
416 + <ti>ARCH/e_machine</ti>
417 + <ti>&nbsp;</ti>
418 + <ti>&nbsp;</ti>
419 +</tr>
420 +</table>
421 +
422 +</body>
423 +</section>
424 +<section>
425 +<title>Using scanelf for Text Relocations</title>
426 +<body>
427 +
428 +<p>
429 +As an example, we will use <c>scanelf</c> to find binaries containing text
430 +relocations.
431 +</p>
432 +
433 +<p>
434 +A relocation is an operation that rewrites an address in a loaded segment. Such
435 +an address rewrite can happen when a segment has references to a shared object
436 +and that shared object is loaded in memory. In this case, the references are
437 +substituted with the real address values. Similar events can occur inside the
438 +shared object itself.
439 +</p>
440 +
441 +<p>
442 +A text relocation is a relocation in the text segment. Since text segments
443 +contain executable code, system administrators might prefer not to have these
444 +segments writable. This is perfectly possible, but since text relocations
445 +actually write in the text segment, it is not always feasible.
446 +</p>
447 +
448 +<p>
449 +If you want to eliminate text relocations, you will need to make sure
450 +that the application and shared object is built with <e>Position Independent
451 +Code</e> (PIC), making references obsolete. This not only increases security,
452 +but also increases the performance in case of shared objects (allowing writes in
453 +the text segment requires a swap space reservation and a private copy of the
454 +shared object for each application that uses it).
455 +</p>
456 +
457 +<p>
458 +The following example will search your library paths recursively, without
459 +leaving the mounted file system and ignoring symbolic links, for any ELF binary
460 +containing a text relocation:
461 +</p>
462 +
463 +<pre caption="Scanning the system for text relocation binaries">
464 +# <i>scanelf -lqtmyR</i>
465 +</pre>
466 +
467 +<p>
468 +If you want to scan your entire system for <e>any</e> file containing text
469 +relocations:
470 +</p>
471 +
472 +<pre caption="Scanning the entire system for text relocation files">
473 +# <i>scanelf -qtmyR /</i>
474 +</pre>
475 +
476 +</body>
477 +</section>
478 +<section>
479 +<title>Using scanelf for Specific Header</title>
480 +<body>
481 +
482 +<p>
483 +The scanelf util can be used to quickly identify files that contain a
484 +given section header using the -k .section option.
485 +</p>
486 +
487 +<p>
488 +In this example we are looking for all files in /usr/lib/debug
489 +recursively using a format modifier with quiet mode enabled that have been
490 +stripped. A stripped elf will lack a .symtab entry, so we use the '!'
491 +to invert the matching logic.
492 +</p>
493 +
494 +<pre caption="Scanning for stripped or non stripped executables">
495 +# <i>scanelf -k '!.symtab' /usr/lib/debug -Rq -F%F#k</i>
496 +</pre>
497 +
498 +</body>
499 +</section>
500 +<section>
501 +<title>Using scanelf for Specific Segment Markings</title>
502 +<body>
503 +
504 +<p>
505 +Each segment has specific flags assigned to it in the Program Header of the
506 +binary. One of those flags is the type of the segment. Interesting values are
507 +PT_LOAD (the segment must be loaded in memory from file), PT_DYNAMIC (the
508 +segment contains dynamic linking information), PT_INTERP (the segment
509 +contains the name of the program interpreter), PT_GNU_STACK (a GNU extension
510 +for the ELF format, used by some stack protection mechanisms), and PT_PAX_FLAGS
511 +(a PaX extension for the ELF format, used by the security-minded
512 +<uri link="http://pax.grsecurity.net/">PaX Project</uri>.
513 +</p>
514 +
515 +<p>
516 +If we want to scan all executables in the current working directory, PATH
517 +environment and library paths and report those who have a writable and
518 +executable PT_LOAD or PT_GNU_STACK marking, you could use the following command:
519 +</p>
520 +
521 +<pre caption="Scanning for Write/eXecute flags for PT_LOAD and PT_GNU_STACK">
522 +# <i>scanelf -lpqe .</i>
523 +</pre>
524 +
525 +</body>
526 +</section>
527 +<section>
528 +<title>Using scanelf's Format Modifier Handler</title>
529 +<body>
530 +
531 +<p>
532 +A useful feature of the <c>scanelf</c> utility is the format modifier handler.
533 +With this option you can control the output of <c>scanelf</c>, thereby
534 +simplifying parsing the output with scripts.
535 +</p>
536 +
537 +<p>
538 +As an example, we will use <c>scanelf</c> to print the file names that contain
539 +text relocations:
540 +</p>
541 +
542 +<pre caption="Example of the scanelf format modifier handler">
543 +# <i>scanelf -l -p -R -q -F "%F #t"</i>
544 +</pre>
545 +
546 +</body>
547 +</section>
548 +</chapter>
549 +
550 +<chapter id="pspax">
551 +<title>Listing PaX Flags and Capabilities</title>
552 +<section>
553 +<title>About PaX</title>
554 +<body>
555 +
556 +<p>
557 +<uri link="http://pax.grsecurity.net">PaX</uri> is a project hosted by the <uri
558 +link="http://www.grsecurity.net">grsecurity</uri> project. Quoting the <uri
559 +link="http://pax.grsecurity.net/docs/pax.txt">PaX documentation</uri>, its main
560 +goal is "to research various defense mechanisms against the exploitation of
561 +software bugs that give an attacker arbitrary read/write access to the
562 +attacked task's address space. This class of bugs contains among others
563 +various forms of buffer overflow bugs (be they stack or heap based), user
564 +supplied format string bugs, etc."
565 +</p>
566 +
567 +<p>
568 +To be able to benefit from these defense mechanisms, you need to run a Linux
569 +kernel patched with the latest PaX code. The <uri
570 +link="http://hardened.gentoo.org">Hardened Gentoo</uri> project supports PaX and
571 +its parent project, grsecurity. The supported kernel package is
572 +<c>sys-kernel/hardened-sources</c>.
573 +</p>
574 +
575 +<p>
576 +The Gentoo/Hardened project has a <uri
577 +link="/proj/en/hardened/pax-quickstart.xml">Gentoo PaX Quickstart Guide</uri>
578 +for your reading pleasure.
579 +</p>
580 +
581 +</body>
582 +</section>
583 +<section>
584 +<title>Flags and Capabilities</title>
585 +<body>
586 +
587 +<p>
588 +If your toolchain supports it, your binaries can have additional PaX flags in
589 +their Program Header. The following flags are supported:
590 +</p>
591 +
592 +<table>
593 +<tr>
594 + <th>Flag</th>
595 + <th>Name</th>
596 + <th>Description</th>
597 +</tr>
598 +<tr>
599 + <ti>P</ti>
600 + <ti>PAGEEXEC</ti>
601 + <ti>
602 + Refuse code execution on writable pages based on the NX bit
603 + (or emulated NX bit)
604 + </ti>
605 +</tr>
606 +<tr>
607 + <ti>S</ti>
608 + <ti>SEGMEXEC</ti>
609 + <ti>
610 + Refuse code execution on writable pages based on the
611 + segmentation logic of IA-32
612 + </ti>
613 +</tr>
614 +<tr>
615 + <ti>E</ti>
616 + <ti>EMUTRAMP</ti>
617 + <ti>
618 + Allow known code execution sequences on writable pages that
619 + should not cause any harm
620 + </ti>
621 +</tr>
622 +<tr>
623 + <ti>M</ti>
624 + <ti>MPROTECT</ti>
625 + <ti>
626 + Prevent the creation of new executable code to the process
627 + address space
628 + </ti>
629 +</tr>
630 +<tr>
631 + <ti>R</ti>
632 + <ti>RANDMMAP</ti>
633 + <ti>
634 + Randomize the stack base to prevent certain stack overflow
635 + attacks from being successful
636 + </ti>
637 +</tr>
638 +<tr>
639 + <ti>X</ti>
640 + <ti>RANDEXEC</ti>
641 + <ti>
642 + Randomize the address where the application maps to prevent
643 + certain attacks from being exploitable
644 + </ti>
645 +</tr>
646 +</table>
647 +
648 +<p>
649 +The default Linux kernel also supports certain capabilities, grouped in the
650 +so-called <e>POSIX.1e Capabilities</e>. You can find a listing of those
651 +capabilities in our <uri
652 +link="/proj/en/hardened/capabilities.xml">POSIX Capabilities</uri> document.
653 +</p>
654 +
655 +</body>
656 +</section>
657 +<section>
658 +<title>Using pspax</title>
659 +<body>
660 +
661 +<p>
662 +The <c>pspax</c> application, part of the <c>pax-utils</c> package, displays the
663 +run-time capabilities of all programs you have permission for. On Linux kernels
664 +with additional support for extended attributes (such as SELinux) those
665 +attributes are shown as well.
666 +</p>
667 +
668 +<p>
669 +When ran, <c>pspax</c> shows the following information:
670 +</p>
671 +
672 +<table>
673 +<tr>
674 + <th>Column</th>
675 + <th>Description</th>
676 +</tr>
677 +<tr>
678 + <ti>USER</ti>
679 + <ti>Owner of the process</ti>
680 +</tr>
681 +<tr>
682 + <ti>PID</ti>
683 + <ti>Process id</ti>
684 +</tr>
685 +<tr>
686 + <ti>PAX</ti>
687 + <ti>Run-time PaX flags (if applicable)</ti>
688 +</tr>
689 +<tr>
690 + <ti>MAPS</ti>
691 + <ti>Write/eXecute markings for the process map</ti>
692 +</tr>
693 +<tr>
694 + <ti>ELF_TYPE</ti>
695 + <ti>Process executable type: ET_DYN or ET_EXEC</ti>
696 +</tr>
697 +<tr>
698 + <ti>NAME</ti>
699 + <ti>Name of the process</ti>
700 +</tr>
701 +<tr>
702 + <ti>CAPS</ti>
703 + <ti>POSIX.1e capabilities (see note)</ti>
704 +</tr>
705 +<tr>
706 + <ti>ATTR</ti>
707 + <ti>Extended attributes (if applicable)</ti>
708 +</tr>
709 +</table>
710 +
711 +<note>
712 +<c>pspax</c> only displays these capabilities when it is linked with
713 +the external capabilities library. This requires you to build <c>pax-utils</c>
714 +with -DWANT_SYSCAP.
715 +</note>
716 +
717 +<p>
718 +By default, <c>pspax</c> does not show any kernel processes. If you want those
719 +to be taken as well, use the <c>-a</c> switch.
720 +</p>
721 +
722 +</body>
723 +</section>
724 +</chapter>
725 +
726 +<chapter id="dumpelf">
727 +<title>Programming with ELF files</title>
728 +<section>
729 +<title>The dumpelf Utility</title>
730 +<body>
731 +
732 +<p>
733 +With the <c>dumpelf</c> utility you can convert a ELF file into human readable C
734 +code that defines a structure with the same image as the original ELF file.
735 +</p>
736 +
737 +<pre caption="dumpelf example">
738 +$ <i>dumpelf /bin/hostname</i>
739 +#include &lt;elf.h&gt;
740 +
741 +<comment>/*
742 + * ELF dump of '/bin/hostname'
743 + * 10276 (0x2824) bytes
744 + */</comment>
745 +
746 +struct {
747 + Elf32_Ehdr ehdr;
748 + Elf32_Phdr phdrs[8];
749 + Elf32_Shdr shdrs[26];
750 +} dumpedelf_0 = {
751 +
752 +.ehdr = {
753 +<comment>(... Output stripped ...)</comment>
754 +</pre>
755 +
756 +</body>
757 +</section>
758 +</chapter>
759 +</guide>
Report Message
Find on MARC Find on Google Groups