[gentoo-commits] proj/hardened-dev:master commit in: eclass/ - gentoo-commits

From:	"Anthony G. Basile" <blueness@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/hardened-dev:master commit in: eclass/
Date:	Sun, 30 Dec 2012 01:29:24
Message-Id:	`1356830939.30566dc16112b2b0b2c1dc1eea2bc1806016d3f8.blueness@gentoo`

1

commit:     30566dc16112b2b0b2c1dc1eea2bc1806016d3f8

2

Author:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

3

AuthorDate: Sun Dec 30 01:28:59 2012 +0000

4

Commit:     Anthony G. Basile <blueness <AT> gentoo <DOT> org>

5

CommitDate: Sun Dec 30 01:28:59 2012 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=30566dc1

7

8

eclass/pax-utils.eclass: correct to test if PT_PAX or XATTR_PAX is supported, bug #447616

9

10

---

11

 eclass/pax-utils.eclass |   25 +++++++++++--------------

12

 1 files changed, 11 insertions(+), 14 deletions(-)

13

14

diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass

15

index e860d04..acd11a3 100644

16

--- a/eclass/pax-utils.eclass

17

+++ b/eclass/pax-utils.eclass

18

@@ -1,4 +1,4 @@

19

-# Copyright 1999-2011 Gentoo Foundation

20

+# Copyright 1999-2012 Gentoo Foundation

21

 # Distributed under the terms of the GNU General Public License v2

22

 # $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.18 2012/04/06 18:03:54 blueness Exp $

23

24

@@ -11,17 +11,16 @@

25

 # Modifications for bug #431092: Anthony G. Basile <blueness@g.o>

26

 # @BLURB: functions to provide pax markings

27

 # @DESCRIPTION:

28

+#

29

 # This eclass provides support for manipulating PaX markings on ELF binaries,

30

-# wrapping the use of the paxctl and scanelf utilities.  It decides which to

31

-# use depending on what is installed on the build host, preferring paxctl to

32

-# scanelf.  If paxctl is not installed, we fall back to scanelf since it is

33

-# always present.  However, currently scanelf doesn't do all that paxctl can.

34

+# whether the system is using legacy PT_PAX markings or the newer XATTR_PAX.

35

+# The eclass wraps the use of paxctl-ng, paxctl, set/getattr and scanelf utilities,

36

+# deciding which to use depending on what's installed on the build host, and

37

+# whether we're working with PT_PAX, XATTR_PAX or both.

38

#

39

 # To control what markings are made, set PAX_MARKINGS in /etc/portage/make.conf

40

-# to contain either "PT", "XT" or "none".  If PAX_MARKINGS contains "PT", and

41

-# the necessary utility is installed, then PT_PAX_FLAGS markings will be made.

42

-# Similarly, if  PAX_MARKINGS contains "XT", then xattr markings will be made.

43

-# If PAX_MARKINGS is set to "none", no markings will be made.

44

+# to contain either "PT", "XT" or "none".  The default is to attempt both

45

+# PT_PAX and XATTR_PAX.

46

47

 if [[ ${___ECLASS_ONCE_PAX_UTILS} != "recur -_+^+_- spank" ]] ; then

48

 ___ECLASS_ONCE_PAX_UTILS="recur -_+^+_- spank"

49

@@ -35,8 +34,7 @@ PAX_MARKINGS=${PAX_MARKINGS:="PT XT"}

50

 # @DESCRIPTION:

51

 # Marks <ELF files> with provided PaX <flags>

52

#

53

-# Flags are passed directly to the utilities unchanged.  Possible flags at the

54

-# time of writing, taken from /sbin/paxctl, are:

55

+# Flags are passed directly to the utilities unchanged

56

#

57

 #	p: disable PAGEEXEC		P: enable PAGEEXEC

58

 #	e: disable EMUTRMAP		E: enable EMUTRMAP

59

@@ -46,7 +44,6 @@ PAX_MARKINGS=${PAX_MARKINGS:="PT XT"}

60

#

61

 # Default flags are 'PeMRS', which are the most restrictive settings.  Refer

62

 # to http://pax.grsecurity.net/ for details on what these flags are all about.

63

-# Do not use the obsolete flag 'x'/'X' which has been deprecated.

64

#

65

 # Please confirm any relaxation of restrictions with the Gentoo Hardened team.

66

 # Either ask on the gentoo-hardened mailing list, or CC/assign hardened@g.o on

67

@@ -67,7 +64,7 @@ pax-mark() {

68

 	if has PT ${PAX_MARKINGS}; then

69

70

 		#First try paxctl-ng

71

-		if type -p paxctl-ng > /dev/null; then

72

+		if type -p paxctl-ng > /dev/null && paxctl-ng -L ; then

73

 			einfo "PT PaX marking -${flags}"

74

 			_pax_list_files einfo "$@"

75

 			for f in "$@"; do

76

@@ -113,7 +110,7 @@ pax-mark() {

77

 	if has XT ${PAX_MARKINGS}; then

78

79

 		#First try paxctl-ng

80

-		if type -p paxctl-ng > /dev/null; then

81

+		if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then

82

 			einfo "XT PaX marking -${flags}"

83

 			_pax_list_files einfo "$@"

84

 			for f in "$@"; do

1	commit: 30566dc16112b2b0b2c1dc1eea2bc1806016d3f8
2	Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
3	AuthorDate: Sun Dec 30 01:28:59 2012 +0000
4	Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org>
5	CommitDate: Sun Dec 30 01:28:59 2012 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=30566dc1
7
8	eclass/pax-utils.eclass: correct to test if PT_PAX or XATTR_PAX is supported, bug #447616
9
10	---
11	eclass/pax-utils.eclass \| 25 +++++++++++--------------
12	1 files changed, 11 insertions(+), 14 deletions(-)
13
14	diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass
15	index e860d04..acd11a3 100644
16	--- a/eclass/pax-utils.eclass
17	+++ b/eclass/pax-utils.eclass
18	@@ -1,4 +1,4 @@
19	-# Copyright 1999-2011 Gentoo Foundation
20	+# Copyright 1999-2012 Gentoo Foundation
21	# Distributed under the terms of the GNU General Public License v2
22	# $Header: /var/cvsroot/gentoo-x86/eclass/pax-utils.eclass,v 1.18 2012/04/06 18:03:54 blueness Exp $
23
24	@@ -11,17 +11,16 @@
25	# Modifications for bug #431092: Anthony G. Basile <blueness@g.o>
26	# @BLURB: functions to provide pax markings
27	# @DESCRIPTION:
28	+#
29	# This eclass provides support for manipulating PaX markings on ELF binaries,
30	-# wrapping the use of the paxctl and scanelf utilities. It decides which to
31	-# use depending on what is installed on the build host, preferring paxctl to
32	-# scanelf. If paxctl is not installed, we fall back to scanelf since it is
33	-# always present. However, currently scanelf doesn't do all that paxctl can.
34	+# whether the system is using legacy PT_PAX markings or the newer XATTR_PAX.
35	+# The eclass wraps the use of paxctl-ng, paxctl, set/getattr and scanelf utilities,
36	+# deciding which to use depending on what's installed on the build host, and
37	+# whether we're working with PT_PAX, XATTR_PAX or both.
38	#
39	# To control what markings are made, set PAX_MARKINGS in /etc/portage/make.conf
40	-# to contain either "PT", "XT" or "none". If PAX_MARKINGS contains "PT", and
41	-# the necessary utility is installed, then PT_PAX_FLAGS markings will be made.
42	-# Similarly, if PAX_MARKINGS contains "XT", then xattr markings will be made.
43	-# If PAX_MARKINGS is set to "none", no markings will be made.
44	+# to contain either "PT", "XT" or "none". The default is to attempt both
45	+# PT_PAX and XATTR_PAX.
46
47	if [[ ${___ECLASS_ONCE_PAX_UTILS} != "recur -_+^+_- spank" ]] ; then
48	___ECLASS_ONCE_PAX_UTILS="recur -_+^+_- spank"
49	@@ -35,8 +34,7 @@ PAX_MARKINGS=${PAX_MARKINGS:="PT XT"}
50	# @DESCRIPTION:
51	# Marks <ELF files> with provided PaX <flags>
52	#
53	-# Flags are passed directly to the utilities unchanged. Possible flags at the
54	-# time of writing, taken from /sbin/paxctl, are:
55	+# Flags are passed directly to the utilities unchanged
56	#
57	# p: disable PAGEEXEC P: enable PAGEEXEC
58	# e: disable EMUTRMAP E: enable EMUTRMAP
59	@@ -46,7 +44,6 @@ PAX_MARKINGS=${PAX_MARKINGS:="PT XT"}
60	#
61	# Default flags are 'PeMRS', which are the most restrictive settings. Refer
62	# to http://pax.grsecurity.net/ for details on what these flags are all about.
63	-# Do not use the obsolete flag 'x'/'X' which has been deprecated.
64	#
65	# Please confirm any relaxation of restrictions with the Gentoo Hardened team.
66	# Either ask on the gentoo-hardened mailing list, or CC/assign hardened@g.o on
67	@@ -67,7 +64,7 @@ pax-mark() {
68	if has PT ${PAX_MARKINGS}; then
69
70	#First try paxctl-ng
71	- if type -p paxctl-ng > /dev/null; then
72	+ if type -p paxctl-ng > /dev/null && paxctl-ng -L ; then
73	einfo "PT PaX marking -${flags}"
74	_pax_list_files einfo "$@"
75	for f in "$@"; do
76	@@ -113,7 +110,7 @@ pax-mark() {
77	if has XT ${PAX_MARKINGS}; then
78
79	#First try paxctl-ng
80	- if type -p paxctl-ng > /dev/null; then
81	+ if type -p paxctl-ng > /dev/null && paxctl-ng -l ; then
82	einfo "XT PaX marking -${flags}"
83	_pax_list_files einfo "$@"
84	for f in "$@"; do

Gentoo Archives: gentoo-commits