1 |
commit: 5fa9f4f5e606c44c75a5bc552792afa8fe810b45 |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Sep 27 23:35:05 2011 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Sep 27 23:35:05 2011 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/elfix.git;a=commit;h=5fa9f4f5 |
7 |
|
8 |
poc/paxctl-xattr.c: first working version |
9 |
|
10 |
--- |
11 |
poc/paxctl-xattr.c | 270 +++++++++++++++++++++++++++------------------------- |
12 |
1 files changed, 140 insertions(+), 130 deletions(-) |
13 |
|
14 |
diff --git a/poc/paxctl-xattr.c b/poc/paxctl-xattr.c |
15 |
index 5040f80..2232631 100644 |
16 |
--- a/poc/paxctl-xattr.c |
17 |
+++ b/poc/paxctl-xattr.c |
18 |
@@ -155,41 +155,50 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags) |
19 |
} |
20 |
|
21 |
|
22 |
-#define BUF_SIZE 7 |
23 |
-void |
24 |
-print_flags(int fd) |
25 |
+uint16_t |
26 |
+read_flags(int fd) |
27 |
{ |
28 |
- char xt_buf[BUF_SIZE]; |
29 |
- uint16_t xt_flags; |
30 |
+ //UINT16_MAX is an invalid value |
31 |
+ uint16_t xt_flags = UINT16_MAX; |
32 |
|
33 |
- static ssize_t vsize = 1024; |
34 |
- static char *value = NULL; |
35 |
- ssize_t i, vret = -1; |
36 |
+ if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1) |
37 |
+ { |
38 |
+ //xattrs is supported, PAX_NAMESPACE is present, but it is the wrong size |
39 |
+ if(errno == ERANGE) |
40 |
+ { |
41 |
+ printf("XT_PAX: malformed flags found\n"); |
42 |
+ //FIXME remove the user.pax field |
43 |
+ xt_flags = 0; |
44 |
+ } |
45 |
|
46 |
- memset(xt_buf, 0, BUF_SIZE); |
47 |
- value = malloc(vsize); |
48 |
+ //xattrs is supported, PAX_NAMESPACE is not present |
49 |
+ if(errno == ENOATTR) |
50 |
+ { |
51 |
+ printf("XT_PAX: not found\n"); |
52 |
+ xt_flags = 0; |
53 |
+ } |
54 |
|
55 |
- //If at first we don't succeed, grow buffer size |
56 |
- while(((vret = fgetxattr(fd, PAX_NAMESPACE, value, vsize)) == -1) && (errno == ERANGE)) |
57 |
- { |
58 |
- vsize <<= 1; |
59 |
- value = realloc(value, vsize); |
60 |
+ //xattrs is not supported |
61 |
+ if(errno == ENOTSUP) |
62 |
+ printf("XT_PAX: extended attribute not supported\n"); |
63 |
} |
64 |
|
65 |
- if(errno == ENOATTR) |
66 |
- { |
67 |
- printf("XT_PAX: not found or permission denied\n"); |
68 |
- return; |
69 |
- } |
70 |
+ return xt_flags; |
71 |
+} |
72 |
|
73 |
- if(errno == ENOTSUP) |
74 |
- { |
75 |
- printf("XT_PAX: extended attribute not supported\n"); |
76 |
- return; |
77 |
- } |
78 |
|
79 |
- xt_flags = (uint16_t)value[0]; |
80 |
- xt_flags = xt_flags << 8 + value[1]; |
81 |
+#define BUF_SIZE 7 |
82 |
+void |
83 |
+print_flags(int fd) |
84 |
+{ |
85 |
+ uint16_t xt_flags; |
86 |
+ char xt_buf[BUF_SIZE]; |
87 |
+ |
88 |
+ memset(xt_buf, 0, BUF_SIZE); |
89 |
+ |
90 |
+ //If an invalid value is returned, then skip this |
91 |
+ if((xt_flags = read_flags(fd)) == UINT16_MAX) |
92 |
+ return ; |
93 |
|
94 |
xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' : |
95 |
xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ; |
96 |
@@ -218,118 +227,119 @@ set_flags(int fd, int *pax_flags) |
97 |
{ |
98 |
uint16_t xt_flags; |
99 |
|
100 |
- //int fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); |
101 |
+ //If an invalid value is returned, then skip this |
102 |
+ if((xt_flags = read_flags(fd)) == UINT16_MAX) |
103 |
+ return ; |
104 |
|
105 |
- /* |
106 |
- if( / DOME xattrs is supported / ) |
107 |
+ //PAGEEXEC |
108 |
+ if(*pax_flags & PF_PAGEEXEC) |
109 |
{ |
110 |
- //PAGEEXEC |
111 |
- if(*pax_flags & PF_PAGEEXEC) |
112 |
- { |
113 |
- phdr.p_flags |= PF_PAGEEXEC; |
114 |
- phdr.p_flags &= ~PF_NOPAGEEXEC; |
115 |
- } |
116 |
- if(*pax_flags & PF_NOPAGEEXEC) |
117 |
- { |
118 |
- phdr.p_flags &= ~PF_PAGEEXEC; |
119 |
- phdr.p_flags |= PF_NOPAGEEXEC; |
120 |
- } |
121 |
- if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC)) |
122 |
- { |
123 |
- phdr.p_flags &= ~PF_PAGEEXEC; |
124 |
- phdr.p_flags &= ~PF_NOPAGEEXEC; |
125 |
- } |
126 |
+ xt_flags |= PF_PAGEEXEC; |
127 |
+ xt_flags &= ~PF_NOPAGEEXEC; |
128 |
+ } |
129 |
+ if(*pax_flags & PF_NOPAGEEXEC) |
130 |
+ { |
131 |
+ xt_flags &= ~PF_PAGEEXEC; |
132 |
+ xt_flags |= PF_NOPAGEEXEC; |
133 |
+ } |
134 |
+ if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC)) |
135 |
+ { |
136 |
+ xt_flags &= ~PF_PAGEEXEC; |
137 |
+ xt_flags &= ~PF_NOPAGEEXEC; |
138 |
+ } |
139 |
|
140 |
- //SEGMEXEC |
141 |
- if(*pax_flags & PF_SEGMEXEC) |
142 |
- { |
143 |
- phdr.p_flags |= PF_SEGMEXEC; |
144 |
- phdr.p_flags &= ~PF_NOSEGMEXEC; |
145 |
- } |
146 |
- if(*pax_flags & PF_NOSEGMEXEC) |
147 |
- { |
148 |
- phdr.p_flags &= ~PF_SEGMEXEC; |
149 |
- phdr.p_flags |= PF_NOSEGMEXEC; |
150 |
- } |
151 |
- if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC)) |
152 |
- { |
153 |
- phdr.p_flags &= ~PF_SEGMEXEC; |
154 |
- phdr.p_flags &= ~PF_NOSEGMEXEC; |
155 |
- } |
156 |
+ //SEGMEXEC |
157 |
+ if(*pax_flags & PF_SEGMEXEC) |
158 |
+ { |
159 |
+ xt_flags |= PF_SEGMEXEC; |
160 |
+ xt_flags &= ~PF_NOSEGMEXEC; |
161 |
+ } |
162 |
+ if(*pax_flags & PF_NOSEGMEXEC) |
163 |
+ { |
164 |
+ xt_flags &= ~PF_SEGMEXEC; |
165 |
+ xt_flags |= PF_NOSEGMEXEC; |
166 |
+ } |
167 |
+ if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC)) |
168 |
+ { |
169 |
+ xt_flags &= ~PF_SEGMEXEC; |
170 |
+ xt_flags &= ~PF_NOSEGMEXEC; |
171 |
+ } |
172 |
|
173 |
- //MPROTECT |
174 |
- if(*pax_flags & PF_MPROTECT) |
175 |
- { |
176 |
- phdr.p_flags |= PF_MPROTECT; |
177 |
- phdr.p_flags &= ~PF_NOMPROTECT; |
178 |
- } |
179 |
- if(*pax_flags & PF_NOMPROTECT) |
180 |
- { |
181 |
- phdr.p_flags &= ~PF_MPROTECT; |
182 |
- phdr.p_flags |= PF_NOMPROTECT; |
183 |
- } |
184 |
- if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT)) |
185 |
- { |
186 |
- phdr.p_flags &= ~PF_MPROTECT; |
187 |
- phdr.p_flags &= ~PF_NOMPROTECT; |
188 |
- } |
189 |
+ //MPROTECT |
190 |
+ if(*pax_flags & PF_MPROTECT) |
191 |
+ { |
192 |
+ xt_flags |= PF_MPROTECT; |
193 |
+ xt_flags &= ~PF_NOMPROTECT; |
194 |
+ } |
195 |
+ if(*pax_flags & PF_NOMPROTECT) |
196 |
+ { |
197 |
+ xt_flags &= ~PF_MPROTECT; |
198 |
+ xt_flags |= PF_NOMPROTECT; |
199 |
+ } |
200 |
+ if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT)) |
201 |
+ { |
202 |
+ xt_flags &= ~PF_MPROTECT; |
203 |
+ xt_flags &= ~PF_NOMPROTECT; |
204 |
+ } |
205 |
|
206 |
- //EMUTRAMP |
207 |
- if(*pax_flags & PF_EMUTRAMP) |
208 |
- { |
209 |
- phdr.p_flags |= PF_EMUTRAMP; |
210 |
- phdr.p_flags &= ~PF_NOEMUTRAMP; |
211 |
- } |
212 |
- if(*pax_flags & PF_NOEMUTRAMP) |
213 |
- { |
214 |
- phdr.p_flags &= ~PF_EMUTRAMP; |
215 |
- phdr.p_flags |= PF_NOEMUTRAMP; |
216 |
- } |
217 |
- if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP)) |
218 |
- { |
219 |
- phdr.p_flags &= ~PF_EMUTRAMP; |
220 |
- phdr.p_flags &= ~PF_NOEMUTRAMP; |
221 |
- } |
222 |
+ //EMUTRAMP |
223 |
+ if(*pax_flags & PF_EMUTRAMP) |
224 |
+ { |
225 |
+ xt_flags |= PF_EMUTRAMP; |
226 |
+ xt_flags &= ~PF_NOEMUTRAMP; |
227 |
+ } |
228 |
+ if(*pax_flags & PF_NOEMUTRAMP) |
229 |
+ { |
230 |
+ xt_flags &= ~PF_EMUTRAMP; |
231 |
+ xt_flags |= PF_NOEMUTRAMP; |
232 |
+ } |
233 |
+ if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP)) |
234 |
+ { |
235 |
+ xt_flags &= ~PF_EMUTRAMP; |
236 |
+ xt_flags &= ~PF_NOEMUTRAMP; |
237 |
+ } |
238 |
|
239 |
- //RANDMMAP |
240 |
- if(*pax_flags & PF_RANDMMAP) |
241 |
- { |
242 |
- phdr.p_flags |= PF_RANDMMAP; |
243 |
- phdr.p_flags &= ~PF_NORANDMMAP; |
244 |
- } |
245 |
- if(*pax_flags & PF_NORANDMMAP) |
246 |
- { |
247 |
- phdr.p_flags &= ~PF_RANDMMAP; |
248 |
- phdr.p_flags |= PF_NORANDMMAP; |
249 |
- } |
250 |
- if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP)) |
251 |
- { |
252 |
- phdr.p_flags &= ~PF_RANDMMAP; |
253 |
- phdr.p_flags &= ~PF_NORANDMMAP; |
254 |
- } |
255 |
+ //RANDMMAP |
256 |
+ if(*pax_flags & PF_RANDMMAP) |
257 |
+ { |
258 |
+ xt_flags |= PF_RANDMMAP; |
259 |
+ xt_flags &= ~PF_NORANDMMAP; |
260 |
+ } |
261 |
+ if(*pax_flags & PF_NORANDMMAP) |
262 |
+ { |
263 |
+ xt_flags &= ~PF_RANDMMAP; |
264 |
+ xt_flags |= PF_NORANDMMAP; |
265 |
+ } |
266 |
+ if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP)) |
267 |
+ { |
268 |
+ xt_flags &= ~PF_RANDMMAP; |
269 |
+ xt_flags &= ~PF_NORANDMMAP; |
270 |
+ } |
271 |
|
272 |
- //RANDEXEC |
273 |
- if(*pax_flags & PF_RANDEXEC) |
274 |
- { |
275 |
- phdr.p_flags |= PF_RANDEXEC; |
276 |
- phdr.p_flags &= ~PF_NORANDEXEC; |
277 |
- } |
278 |
- if(*pax_flags & PF_NORANDEXEC) |
279 |
- { |
280 |
- phdr.p_flags &= ~PF_RANDEXEC; |
281 |
- phdr.p_flags |= PF_NORANDEXEC; |
282 |
- } |
283 |
- if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC)) |
284 |
- { |
285 |
- phdr.p_flags &= ~PF_RANDEXEC; |
286 |
- phdr.p_flags &= ~PF_NORANDEXEC; |
287 |
- } |
288 |
+ //RANDEXEC |
289 |
+ if(*pax_flags & PF_RANDEXEC) |
290 |
+ { |
291 |
+ xt_flags |= PF_RANDEXEC; |
292 |
+ xt_flags &= ~PF_NORANDEXEC; |
293 |
+ } |
294 |
+ if(*pax_flags & PF_NORANDEXEC) |
295 |
+ { |
296 |
+ xt_flags &= ~PF_RANDEXEC; |
297 |
+ xt_flags |= PF_NORANDEXEC; |
298 |
+ } |
299 |
+ if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC)) |
300 |
+ { |
301 |
+ xt_flags &= ~PF_RANDEXEC; |
302 |
+ xt_flags &= ~PF_NORANDEXEC; |
303 |
+ } |
304 |
|
305 |
- / update xattr / |
306 |
+ if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1) |
307 |
+ { |
308 |
+ if(errno == ENOSPC || errno == EDQUOT) |
309 |
+ printf("XT_PAX: cannot store xt_flags\n"); |
310 |
+ if(errno == ENOTSUP) |
311 |
+ printf("XT_PAX: extended attribute not supported\n"); |
312 |
} |
313 |
- else |
314 |
- printf("XT_PAX: not found\n"); |
315 |
- */ |
316 |
} |