commit pax-utils

Hello community, here is the log from the commit of package pax-utils checked in at Fri Feb 2 15:06:43 CET 2007. -------- --- pax-utils/pax-utils.changes 2006-11-14 15:40:13.000000000 +0100 +++ /mounts/work_src_done/STABLE/pax-utils/pax-utils.changes 2007-01-26 11:40:00.000000000 +0100 @@ -1,0 +2,9 @@ +Fri Jan 26 11:39:02 CET 2007 - lnussel@suse.de + +- new version 0.1.15 + * Support added for displaying em_machine via %a format flag in scanelf + * Make scanelf_file_bind() not output anything if quiet mode and the ELF is + static or not setuid. + * pspax: new options -u and -g + +------------------------------------------------------------------- Old: ---- pax-utils-0.1.13.diff pax-utils-0.1.13.tar.bz2 New: ---- pax-utils-0.1.15.diff pax-utils-0.1.15.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ pax-utils.spec ++++++ --- /var/tmp/diff_new_pack.y29734/_old 2007-02-02 15:03:16.000000000 +0100 +++ /var/tmp/diff_new_pack.y29734/_new 2007-02-02 15:03:16.000000000 +0100 @@ -1,7 +1,7 @@ # -# spec file for package pax-utils (Version 0.1.13) +# spec file for package pax-utils (Version 0.1.15) # -# Copyright (c) 2006 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # @@ -15,12 +15,12 @@ BuildRequires: libcap-devel URL: http://www.gentoo.org/proj/en/hardened/pax-utils.xml Summary: tools to check ELF files for security relevant properties -Version: 0.1.13 +Version: 0.1.15 Release: 1 License: GNU General Public License (GPL) Group: Productivity/Security Source: http://dev.gentoo.org/~solar/pax/pax-utils-%{version}.tar.bz2 -Patch: pax-utils-0.1.13.diff +Patch: pax-utils-0.1.15.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -56,6 +56,12 @@ %{_mandir}/man1/* %changelog -n pax-utils +* Fri Jan 26 2007 - lnussel@suse.de +- new version 0.1.15 + * Support added for displaying em_machine via %%a format flag in scanelf + * Make scanelf_file_bind() not output anything if quiet mode and the ELF is + static or not setuid. + * pspax: new options -u and -g * Tue Nov 14 2006 - lnussel@suse.de - new version 0.1.13 * supports scanning archives and searching for specific sections ++++++ pax-utils-0.1.13.diff -> pax-utils-0.1.15.diff ++++++ --- pax-utils/pax-utils-0.1.13.diff 2006-11-14 16:00:47.000000000 +0100 +++ /mounts/work_src_done/STABLE/pax-utils/pax-utils-0.1.15.diff 2007-01-26 11:46:05.000000000 +0100 @@ -1,14 +1,13 @@ -Index: pax-utils-0.1.13/scanelf.c +Index: pax-utils-0.1.15/paxinc.c =================================================================== ---- pax-utils-0.1.13.orig/scanelf.c -+++ pax-utils-0.1.13/scanelf.c -@@ -1418,8 +1418,7 @@ static int load_ld_cache_config(int i, c - } - globfree64 (&gl); - continue; -- } else -- abort(); -+ } - } - if (*path != '/') - continue; +--- pax-utils-0.1.15.orig/paxinc.c ++++ pax-utils-0.1.15/paxinc.c +@@ -92,7 +92,7 @@ close_and_ret: + if ((s=strchr(ret.name+len, '/')) != NULL) + *s = '\0'; + else +- ret.name[len+sizeof(ret.name)-1] = '\0'; ++ ret.name[len+sizeof(ret.buf.formated.name)-1] = '\0'; + ret.date = atoi(ret.buf.formated.date); + ret.uid = atoi(ret.buf.formated.uid); + ret.gid = atoi(ret.buf.formated.gid); ++++++ pax-utils-0.1.13.tar.bz2 -> pax-utils-0.1.15.tar.bz2 ++++++ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/dumpelf.c new/pax-utils-0.1.15/dumpelf.c --- old/pax-utils-0.1.13/dumpelf.c 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/dumpelf.c 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2005-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/dumpelf.c,v 1.17 2006/02/03 00:13:52 solar Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/dumpelf.c,v 1.20 2006/12/11 03:31:54 vapier Exp $ * * Copyright 2005-2006 Ned Ludd - * Copyright 2005-2006 Mike Frysinger - @@ -9,7 +9,7 @@ #include "paxinc.h" -static const char *rcsid = "$Id: dumpelf.c,v 1.17 2006/02/03 00:13:52 solar Exp $"; +static const char *rcsid = "$Id: dumpelf.c,v 1.20 2006/12/11 03:31:54 vapier Exp $"; #define argv0 "dumpelf" /* prototypes */ @@ -140,7 +140,7 @@ /* EI_BRAND, ehdr->e_ident[EI_BRAND] */ \ ); \ printf("\t.e_type = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_type), get_elfetype(elf)); \ - printf("\t.e_machine = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_machine), get_elfemtype(EGET(ehdr->e_machine))); \ + printf("\t.e_machine = %-10i , /* (%s) */\n", (int)EGET(ehdr->e_machine), get_elfemtype(elf)); \ printf("\t.e_version = %-10i ,\n", (int)EGET(ehdr->e_version)); \ printf("\t.e_entry = 0x%-8lX ,\n", (unsigned long)EGET(ehdr->e_entry)); \ printf("\t.e_phoff = %-10li , /* (bytes into file) */\n", (unsigned long)EGET(ehdr->e_phoff)); \ @@ -291,7 +291,7 @@ printf("Options:\n"); for (i = 0; long_opts[i].name; ++i) if (long_opts[i].has_arg == no_argument) - printf(" -%c, --%-13s* %s\n", long_opts[i].val, + printf(" -%c, --%-13s* %s\n", long_opts[i].val, long_opts[i].name, opts_help[i]); else printf(" -%c, --%-6s <arg> * %s\n", long_opts[i].val, @@ -329,8 +329,10 @@ if (optind == argc) err("Nothing to dump !?"); + { long file_cnt = 0; + printf("#include \n"); while (optind < argc) dumpelf(argv[optind++], file_cnt++); } @@ -342,7 +344,6 @@ { if (argc < 2) usage(EXIT_FAILURE); - printf("#include \n"); parseargs(argc, argv); return EXIT_SUCCESS; } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/elf.h new/pax-utils-0.1.15/elf.h --- old/pax-utils-0.1.13/elf.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/elf.h 2006-12-13 00:57:20.000000000 +0100 @@ -242,7 +242,24 @@ #define EM_OPENRISC 92 /* OpenRISC 32-bit embedded processor */ #define EM_ARC_A5 93 /* ARC Cores Tangent-A5 */ #define EM_XTENSA 94 /* Tensilica Xtensa Architecture */ -#define EM_NUM 95 +#define EM_VIDEOCORE 95 /* Alphamosaic VideoCore processor */ +#define EM_TMM_GPP 96 /* Thompson Multimedia General Purpose Proc */ +#define EM_NS32K 97 /* National Semiconductor 32000 series */ +#define EM_TPC 98 /* Tenor Network TPC processor */ +#define EM_SNP1K 99 /* Trebia SNP 1000 processor */ +#define EM_ST200 100 /* STMicroelectronics ST200 microcontroller */ +#define EM_IP2K 101 /* Ubicom IP2xxx microcontroller family */ +#define EM_MAX 102 /* MAX Processor */ +#define EM_CR 103 /* NatSemi CompactRISC microprocessor */ +#define EM_F2MC16 104 /* Fujitsu F2MC16 */ +#define EM_MSP430 105 /* TI embedded microcontroller msp430 */ +#define EM_BLACKFIN 106 /* Analog Devices Blackfin (DSP) processor */ +#define EM_SE_C33 107 /* S1C33 Family of Seiko Epson processors */ +#define EM_SEP 108 /* Sharp embedded microprocessor */ +#define EM_ARCA 109 /* Arca RISC Microprocessor */ +#define EM_UNICORE 110 /* Microprocessor series from PKU-Unity Ltd. */ + /* and MPRC of Peking University */ +#define EM_NUM 111 /* If it is necessary to assign new unofficial EM_* values, please pick large random numbers (0x8523, 0xa7f2, etc.) to minimize the diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/macho.h new/pax-utils-0.1.15/macho.h --- old/pax-utils-0.1.13/macho.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/macho.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,63 +0,0 @@ -/* - * Copyright (c) 2005 Apple Computer, Inc. - * - * This file describes the format of mach object files. - */ - -#ifndef _MACHO_LOADER_H_ -#define _MACHO_LOADER_H_ - -typedef uint32_t cpu_type_t; -typedef uint32_t cpu_subtype_t; - -/* - * Specifies the general attributes of a file. - * Appears at the beginning of object files. - */ -struct mach_header { - uint32_t magic; - cpu_type_t cputype; - cpu_subtype_t cpusubtype; - uint32_t filetype; - uint32_t ncmds; - uint32_t sizeofcmds; - uint32_t flags; -} __attribute__((packed)); - -/* Constants for magic member */ -#define MH_MAGIC 0xfeedface -#define MH_CIGAM 0xbebafeca -#define MH_MAGIC_32 MH_MAGIC -#define MH_CIGAM_32 MH_CIGAM - - -/* - * Defines the general attributes of a file targeted for a 64-bit architecture - */ -struct mach_header_64 { - uint32_t magic; - cpu_type_t cputype; - cpu_subtype_t cpusubtype; - uint32_t filetype; - uint32_t ncmds; - uint32_t sizeofcmds; - uint32_t flags; - uint32_t reserved; -}; - -/* Constants for magic member */ -#define MH_MAGIC_64 0xfeedfacf -#define MH_CIGAM_64 0xcffaedfe - - - -/* Constants for filetype member */ -#define MH_OBJECT 0x1 /* intermediate object files */ -#define MH_EXECUTE 0x2 /* standard executable programs */ -#define MH_CORE 0x4 /* address space of a crashed program */ -#define MH_PRELOAD 0x5 /* special-purpose programs (i.e. firmware) */ -#define MH_DYLIB 0x6 /* dynamic shared libraries */ -#define MH_DYLINKER 0x7 /* dynamic linker shared library */ -#define MH_BUNDLE 0x8 /* runtime loadable code */ - -#endif /* _MACHO_LOADER_H_ */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/Makefile new/pax-utils-0.1.15/Makefile --- old/pax-utils-0.1.13/Makefile 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/Makefile 2006-12-13 00:57:20.000000000 +0100 @@ -1,6 +1,6 @@ -# Copyright 2003 Ned Ludd +# Copyright 2003-2006 Ned Ludd # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-projects/pax-utils/Makefile,v 1.55 2006/05/14 05:52:46 vapier Exp $ +# $Header: /var/cvsroot/gentoo-projects/pax-utils/Makefile,v 1.57 2006/07/25 17:21:02 solar Exp $ #################################################################### check_gcc=$(shell if $(CC) $(1) -S -o /dev/null -xc /dev/null > /dev/null 2>&1; \ @@ -16,7 +16,7 @@ $(call check-gcc, -Wextra) CFLAGS ?= -O2 -pipe -CPPFLAGS += -D_GNU_SOURCE +override CPPFLAGS += -D_GNU_SOURCE LDFLAGS += LIBS := DESTDIR = @@ -35,7 +35,7 @@ endif ifdef PV -CPPFLAGS += -DVERSION=\"$(PV)\" +override CPPFLAGS += -DVERSION=\"$(PV)\" endif #################################################################### diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/man/pspax.1 new/pax-utils-0.1.15/man/pspax.1 --- old/pax-utils-0.1.13/man/pspax.1 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/man/pspax.1 2006-12-13 00:57:20.000000000 +0100 @@ -10,8 +10,8 @@ user@shell$ pspax .BR .SH "DESCRIPTION" -pspax is a user-space utility that scans the proc directory and list ELF types, as well as thier respctive PaX flags and filenames and attributes. Depending on pspax was compiled it additionaly will display the process running set of caabilities. -.LP +pspax is a user-space utility that scans the proc directory and list ELF types, as well as their respctive PaX flags and filenames and attributes. Depending on how pspax was compiled it additionaly will display the process running set of cabilities. +.LP .SH "OPTIONS" .TP \fB\-a, \-\-all\fR @@ -23,6 +23,12 @@ \fB\-p, \-\-pid\fR * Process ID/pid # .TP +\fB\-u, \-\-uid\fR +* Process user/uid # +.TP +\fB\-g, \-\-gid\fR +* Process group/gid # +.TP \fB\-n, \-\-nx\fR * Only display w^x processes .TP diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/man/scanelf.1 new/pax-utils-0.1.15/man/scanelf.1 --- old/pax-utils-0.1.13/man/scanelf.1 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/man/scanelf.1 2006-12-13 00:57:20.000000000 +0100 @@ -1,4 +1,4 @@ -.TH "scanelf" "1" "Feb 2006" "Ned Ludd, Mike Frysinger" "User Commands" +.TH "scanelf" "1" "Dec 2006" "Ned Ludd, Mike Frysinger" "User Commands" .SH "NAME" .LP scanelf \- @@ -110,6 +110,7 @@ \fB%i\fR INTERP \fB%s\fR symbol \fB%k\fR section + \fB%a\fR arch \fB%N\fR library \fB%T\fR TEXTRELs \fB%o\fR Elf Type diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/paxelf.c new/pax-utils-0.1.15/paxelf.c --- old/pax-utils-0.1.13/paxelf.c 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/paxelf.c 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2003-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.c,v 1.48 2006/02/18 15:51:11 solar Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.c,v 1.52 2006/12/11 03:31:54 vapier Exp $ * * Copyright 2005-2006 Ned Ludd - * Copyright 2005-2006 Mike Frysinger - @@ -100,7 +100,7 @@ type = EGET(EHDR32(elf->ehdr)->e_type); else type = EGET(EHDR64(elf->ehdr)->e_type); - return type; + return type; } const char *get_elfetype(elfobj *elf) @@ -110,10 +110,16 @@ void print_etypes(FILE *stream) { - int i; + int i, wrap = 0; for (i = 0; elf_etypes[i].str; ++i) { - fprintf(stream, " (%d) = %s\n", elf_etypes[i].value, elf_etypes[i].str); + fprintf(stream, " (%4x) = %-10s", elf_etypes[i].value, elf_etypes[i].str); + if (++wrap >= 4) { + fprintf(stream, "\n"); + wrap = 0; + } } + if (wrap) + fprintf(stream, "\n"); } int etype_lookup(const char *str) @@ -205,15 +211,43 @@ QUERY(EM_OPENRISC), QUERY(EM_ARC_A5), QUERY(EM_XTENSA), + QUERY(EM_VIDEOCORE), + QUERY(EM_TMM_GPP), + QUERY(EM_NS32K), + QUERY(EM_TPC), + QUERY(EM_SNP1K), + QUERY(EM_ST200), + QUERY(EM_IP2K), + QUERY(EM_MAX), + QUERY(EM_CR), + QUERY(EM_F2MC16), + QUERY(EM_MSP430), + QUERY(EM_BLACKFIN), + QUERY(EM_SE_C33), + QUERY(EM_SEP), + QUERY(EM_ARCA), + QUERY(EM_UNICORE), QUERY(EM_NUM), QUERY(EM_ALPHA), { 0, 0 } }; -const char *get_elfemtype(int type) + +int get_emtype(elfobj *elf) { - return find_pairtype(elf_emtypes, type); + int type; + if (elf->elf_class == ELFCLASS32) + type = EGET(EHDR32(elf->ehdr)->e_machine); + else + type = EGET(EHDR64(elf->ehdr)->e_machine); + return type; } +const char *get_elfemtype(elfobj *elf) +{ + return find_pairtype(elf_emtypes, get_emtype(elf)); +} + + /* translate elf PT_ defines */ static pairtype elf_ptypes[] = { QUERY(PT_NULL), diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/paxelf.h new/pax-utils-0.1.15/paxelf.h --- old/pax-utils-0.1.13/paxelf.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/paxelf.h 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2005-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.45 2006/02/18 15:51:11 solar Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxelf.h,v 1.47 2006/12/12 23:14:53 solar Exp $ * * Copyright 2005-2006 Ned Ludd - * Copyright 2005-2006 Mike Frysinger - @@ -51,7 +51,7 @@ extern void unreadelf(elfobj *elf); extern const char *get_elfeitype(int ei_type, int type); extern const char *get_elfetype(elfobj *elf); -extern const char *get_elfemtype(int type); +extern const char *get_elfemtype(elfobj *elf); extern const char *get_elfptype(int type); extern const char *get_elfdtype(int type); extern const char *get_elfshttype(int type); @@ -59,6 +59,7 @@ extern void *elf_findsecbyname(elfobj *elf, const char *name); extern int elf_max_pt_load(elfobj *elf); extern int get_etype(elfobj *elf); +extern int get_emtype(elfobj *elf); extern void print_etypes(FILE *); extern unsigned long pax_pf2hf_flags(unsigned long); extern int etype_lookup(const char *); diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/paxinc.h new/pax-utils-0.1.15/paxinc.h --- old/pax-utils-0.1.13/paxinc.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/paxinc.h 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2005-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxinc.h,v 1.6 2006/01/14 01:39:55 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxinc.h,v 1.8 2006/12/12 23:55:57 solar Exp $ * * Copyright 2005-2006 Ned Ludd - * Copyright 2005-2006 Mike Frysinger - @@ -23,9 +23,10 @@ #include "paxelf.h" /* MACH-O sucks */ -#include "macho.h" -#include "paxmacho.h" - +/* + * #include "macho.h" + * #include "paxmacho.h" +*/ extern char do_reverse_endian; #ifdef IN_paxinc @@ -96,8 +97,10 @@ /* we need the space before the last comma or we trigger a bug in gcc-2 :( */ #define warn(fmt, args...) \ - fprintf(stderr, "%s%s%s: " fmt "\n", RED, argv0, NORM , ## args) + fprintf(stderr, "%s%s%s: " fmt "\n", RED, argv0, NORM , ## args) #define warnf(fmt, args...) warn("%s%s%s(): " fmt, YELLOW, __FUNCTION__, NORM , ## args) +#define warnp(fmt, args...) warn(fmt ": %s" , ## args , strerror(errno)) +#define warnfp(fmt, args...) warnf(fmt ": %s" , ## args , strerror(errno)) #define _err(wfunc, fmt, args...) \ do { \ wfunc(fmt, ## args); \ @@ -105,5 +108,6 @@ } while (0) #define err(fmt, args...) _err(warn, fmt, ## args) #define errf(fmt, args...) _err(warnf, fmt, ## args) +#define errp(fmt, args...) _err(warnp, fmt , ## args) #endif /* _PAX_INC_H */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/paxmacho.c new/pax-utils-0.1.15/paxmacho.c --- old/pax-utils-0.1.13/paxmacho.c 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/paxmacho.c 1970-01-01 01:00:00.000000000 +0100 @@ -1,122 +0,0 @@ -/* - * Copyright 2003-2006 Gentoo Foundation - * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxmacho.c,v 1.2 2006/01/05 03:12:07 vapier Exp $ - * - * Copyright 2005-2006 Ned Ludd - - * Copyright 2005-2006 Mike Frysinger - - */ - -#include "paxinc.h" - -#define argv0 "paxmacho" - -/* - * Setup a bunch of helper functions to translate - * binary defines into readable strings. - */ -#define QUERY(n) { #n, n } -typedef struct { - const char *str; - int value; -} pairtype; -static inline const char *find_pairtype(pairtype *pt, int type) -{ - int i; - for (i = 0; pt[i].str; ++i) - if (type == pt[i].value) - return pt[i].str; - return "UNKNOWN TYPE"; -} - -/* translate misc mach-o MH_ defines */ -static pairtype macho_mh_type[] = { - QUERY(MH_OBJECT), - QUERY(MH_EXECUTE), - QUERY(MH_BUNDLE), - QUERY(MH_DYLIB), - QUERY(MH_PRELOAD), - QUERY(MH_CORE), - QUERY(MH_DYLINKER), - { 0, 0 } -}; -const char *get_machomhtype(int mh_type) -{ - return find_pairtype(macho_mh_type, mh_type); -} - - -/* Read a macho into memory */ -#define IS_MACHO_MAGIC(m) \ - (m == MH_MAGIC || m == MH_CIGAM || \ - m == MH_MAGIC_64 || m == MH_CIGAM_64) -#define DO_WE_LIKE_MACHO(buff) 1 -machoobj *readmacho(const char *filename) -{ - struct stat st; - int fd; - machoobj *macho; - struct mach_header *mhdr; - - if (stat(filename, &st) == -1) - return NULL; - - if ((fd = open(filename, O_RDONLY)) == -1) - return NULL; - - /* make sure we have enough bytes to scan e_ident */ - if (st.st_size <= sizeof(struct mach_header)) - goto close_fd_and_return; - - macho = (machoobj*)malloc(sizeof(*macho)); - if (macho == NULL) - goto close_fd_and_return; - memset(macho, 0x00, sizeof(*macho)); - - macho->fd = fd; - macho->len = st.st_size; - macho->data = (char*)mmap(0, macho->len, PROT_READ, MAP_PRIVATE, fd, 0); - if (macho->data == (char*)MAP_FAILED) { - warn("mmap on '%s' of %li bytes failed :(", filename, (unsigned long)macho->len); - goto free_macho_and_return; - } - - mhdr = (struct mach_header*)macho->data; - do_reverse_endian = (mhdr->magic == MH_CIGAM || mhdr->magic == MH_CIGAM_64); - macho->macho_class = (EGET(mhdr->magic) == MH_MAGIC ? MH_MAGIC : MH_MAGIC_64); - - if (!IS_MACHO_MAGIC(mhdr->magic)) /* make sure we have an macho */ - goto unmap_data_and_return; - if (1 || !DO_WE_LIKE_MACHO(mhdr)) { /* check class and stuff */ - warn("we no likey %s: {%i:%s}", - filename, - (int)EGET(mhdr->filetype), get_machomhtype(EGET(mhdr->filetype))); - goto unmap_data_and_return; - } - - macho->filename = filename; - macho->base_filename = strrchr(filename, '/'); - if (macho->base_filename == NULL) - macho->base_filename = macho->filename; - else - macho->base_filename = macho->base_filename + 1; - macho->mhdr = (void*)macho->data; - - return macho; - -unmap_data_and_return: - munmap(macho->data, macho->len); -free_macho_and_return: - free(macho); -close_fd_and_return: - close(fd); - return NULL; -} - -/* undo the readmacho() stuff */ -void unreadmacho(machoobj *macho) -{ - munmap(macho->data, macho->len); - close(macho->fd); - free(macho); -} diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/paxmacho.h new/pax-utils-0.1.15/paxmacho.h --- old/pax-utils-0.1.13/paxmacho.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/paxmacho.h 1970-01-01 01:00:00.000000000 +0100 @@ -1,29 +0,0 @@ -/* - * Copyright 2005-2006 Gentoo Foundation - * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/paxmacho.h,v 1.2 2006/01/05 03:12:07 vapier Exp $ - * - * Copyright 2005-2006 Ned Ludd - - * Copyright 2005-2006 Mike Frysinger - - * - * Make sure all of the common mach-o stuff is setup as we expect - */ - -#ifndef _PAX_MACHO_H -#define _PAX_MACHO_H - -typedef struct { - void *mhdr; - char *data; - uint32_t macho_class; - off_t len; - int fd; - const char *filename; - const char *base_filename; -} machoobj; - -machoobj *readmacho(const char *filename); -void unreadmacho(machoobj *macho); -const char *get_machomhtype(int mh_type); - -#endif /* _PAX_MACHO_H */ diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/porting.h new/pax-utils-0.1.15/porting.h --- old/pax-utils-0.1.13/porting.h 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/porting.h 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2005-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/porting.h,v 1.21 2006/05/14 23:49:56 vapier Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/porting.h,v 1.23 2006/11/28 04:01:04 vapier Exp $ * * Copyright 2005-2006 Ned Ludd - * Copyright 2005-2006 Mike Frysinger - @@ -46,7 +46,7 @@ # include #endif -#if defined(__GLIBC__) || defined(__UCLIBC__) +#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__) # define __PAX_UTILS_DEFAULT_LD_CACHE_CONFIG "/etc/ld.so.conf" #elif defined(__FreeBSD__) || defined(__DragonFly__) # include @@ -56,7 +56,8 @@ #endif /* bounds checking code will fart on free(NULL) even though that - * is valid usage. So let's wrap it if need be. */ + * is valid usage. So let's wrap it if need be. + */ #ifdef __BOUNDS_CHECKING_ON # define free(ptr) do { if (ptr) free(ptr); } while (0) # define __PAX_UTILS_CLEANUP @@ -129,7 +130,7 @@ #endif /* - * in case we are not defined by proper/up-to-date system headers, + * in case we are not defined by proper/up-to-date system headers, * we check for a whole lot of things and copy them from elf.h. */ @@ -142,9 +143,9 @@ # define PT_GNU_RELRO 0x6474e552 #endif -/* +/* * propably will never be official added to the toolchain. - * But none the less we should try to get 0x65041580 reserved + * But none the less we should try to get 0x65041580 reserved */ #ifndef PT_PAX_FLAGS # define PT_PAX_FLAGS 0x65041580 diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/pspax.c new/pax-utils-0.1.15/pspax.c --- old/pax-utils-0.1.13/pspax.c 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/pspax.c 2006-12-13 00:57:20.000000000 +0100 @@ -8,12 +8,12 @@ /* * normal compile. * cc -o pspax pspax.c - * or with libcap. + * or with libcap. * cc -o pspax pspax.c -DWANT_SYSCAP -lcap - * */ #include "paxinc.h" +#include #ifdef WANT_SYSCAP # undef _POSIX_SOURCE @@ -24,7 +24,7 @@ #endif #define PROC_DIR "/proc" -static const char *rcsid = "$Id: pspax.c,v 1.30 2006/04/25 04:18:45 solar Exp $"; +static const char *rcsid = "$Id: pspax.c,v 1.37 2006/12/12 23:34:34 solar Exp $"; #define argv0 "pspax" @@ -37,6 +37,10 @@ static char noexec = 1; static char writeexec = 1; +static pid_t show_pid = 0; +static uid_t show_uid = -1; +static gid_t show_gid = -1; + static char *get_proc_name(pid_t pid) { FILE *fp; @@ -64,7 +68,7 @@ FILE *fp; snprintf(str, sizeof(str), PROC_DIR "/%u/maps", pid); - + if ((fp = fopen(str, "r")) == NULL) return -1; @@ -101,7 +105,7 @@ FILE *fp; snprintf(str, sizeof(str), PROC_DIR "/%u/maps", pid); - + if ((fp = fopen(str, "r")) == NULL) return -1; @@ -131,15 +135,15 @@ } #ifdef __BOUNDS_CHECKING_ON -#define NOTE_TO_SELF warn( \ +# define NOTE_TO_SELF warn( \ "This is bullshit but getpwuid() is leaking memory and I wasted a few hrs 1 day tracking it down in pspax\n" \ "Later on I forgot I tracked it down before and saw pspax leaking memory so I tracked it down all over again (silly me)\n" \ "Hopefully the getpwuid()/nis/nss/pam or whatever wont suck later on in the future.") #else - #define NOTE_TO_SELF +# define NOTE_TO_SELF #endif -static struct passwd *get_proc_uid(pid_t pid) +static struct passwd *get_proc_passwd(pid_t pid) { struct stat st; struct passwd *pwd; @@ -262,13 +266,14 @@ } -static void pspax(pid_t ppid, const char *find_name) +static void pspax(const char *find_name) { register DIR *dir; register struct dirent *de; pid_t pid; + pid_t ppid = show_pid; int have_attr, wx; - struct passwd *uid; + struct passwd *pwd; struct stat st; const char *pax, *type, *name, *caps, *attr; WRAP_SYSCAP(ssize_t length; cap_t cap_d;); @@ -316,19 +321,27 @@ goto next_pid; } - uid = get_proc_uid(pid); + pwd = get_proc_passwd(pid); pax = get_proc_status(pid, "PAX"); type = get_proc_type(pid); name = get_proc_name(pid); attr = (have_attr ? get_pid_attr(pid) : NULL); + if (show_uid != (-1) && pwd) + if (pwd->pw_uid != show_uid) + continue; + + if (show_gid != (-1) && pwd) + if (pwd->pw_gid != show_gid) + continue; + /* this is a non-POSIX function */ WRAP_SYSCAP(capgetp(pid, cap_d)); WRAP_SYSCAP(caps = cap_to_text(cap_d, &length)); if (show_all || type) { printf("%-8s %-6d %-6s %-4s %-10s %-16s %-4s %s %s\n", - uid ? uid->pw_name : "--------", + pwd ? pwd->pw_name : "--------", pid, pax ? pax : "---", (wx == 1) ? "w|x" : (wx == -1) ? "---" : "w^x", @@ -352,12 +365,14 @@ /* usage / invocation handling functions */ -#define PARSE_FLAGS "aep:nwvBhV" +#define PARSE_FLAGS "aep:u:g:nwvBhV" #define a_argument required_argument static struct option const long_opts[] = { {"all", no_argument, NULL, 'a'}, {"header", no_argument, NULL, 'e'}, {"pid", a_argument, NULL, 'p'}, + {"user", a_argument, NULL, 'u'}, + {"group", a_argument, NULL, 'g'}, {"nx", no_argument, NULL, 'n'}, {"wx", no_argument, NULL, 'w'}, {"verbose", no_argument, NULL, 'v'}, @@ -370,6 +385,8 @@ "Show all processes", "Print GNU_STACK/PT_LOAD markings", "Process ID/pid #", + "Process user/uid #", + "Process group/gid #", "Only display w^x processes", "Only display w|x processes", "Be verbose about executable mappings", @@ -387,21 +404,23 @@ "Usage: %s [options]\n\n", argv0); fputs("Options:\n", stdout); for (i = 0; long_opts[i].name; ++i) - printf(" -%c, --%-12s* %s\n", long_opts[i].val, + printf(" -%c, --%-12s* %s\n", long_opts[i].val, long_opts[i].name, opts_help[i]); #ifdef MANLYPAGE for (i = 0; long_opts[i].name; ++i) - printf(".TP\n\\fB\\-%c, \\-\\-%s\\fR\n%s\n", long_opts[i].val, + printf(".TP\n\\fB\\-%c, \\-\\-%s\\fR\n%s\n", long_opts[i].val, long_opts[i].name, opts_help[i]); #endif exit(status); } /* parse command line arguments and preform needed actions */ -static pid_t parseargs(int argc, char *argv[]) +static void parseargs(int argc, char *argv[]) { int flag; - pid_t pid = 0; + struct passwd *pwd = NULL; + struct group *gwd = NULL; + opterr = 0; while ((flag=getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) { switch (flag) { @@ -417,17 +436,33 @@ case 'B': show_banner = 0; break; case 'a': show_all = 1; break; case 'e': show_phdr = 1; break; - case 'p': pid = atoi(optarg); break; + case 'p': show_pid = atoi(optarg); break; case 'n': noexec = 1; writeexec = 0; break; case 'w': noexec = 0; writeexec = 1; break; case 'v': verbose++; break; - - case ':': - warn("Option missing parameter"); - usage(EXIT_FAILURE); + case 'u': + show_uid = atoi(optarg); + if (show_uid == 0 && (strcmp(optarg, "0") != 0)) { + pwd = getpwnam(optarg); + if (pwd) + show_uid = pwd->pw_uid; + else + err("unknown uid"); + } + break; + case 'g': + show_gid = atoi(optarg); + if (show_gid == 0 && (strcmp(optarg, "0") != 0)) { + gwd = getgrnam(optarg); + if (gwd) + show_gid = gwd->gr_gid; + else + err("unknown gid"); + } break; + case ':': case '?': - warn("Unknown option"); + warn("Unknown option or missing parameter"); usage(EXIT_FAILURE); break; default: @@ -435,20 +470,21 @@ break; } } - return pid; } int main(int argc, char *argv[]) { - pid_t pid = parseargs(argc, argv); char *name = NULL; - if ((optind < argc) && (pid == 0)) + parseargs(argc, argv); + + if ((optind < argc) && (show_pid == 0)) name = argv[optind]; - pspax(pid, name); + pspax(name); + NOTE_TO_SELF; return EXIT_SUCCESS; } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/README new/pax-utils-0.1.15/README --- old/pax-utils-0.1.13/README 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/README 2006-12-13 00:57:20.000000000 +0100 @@ -1,3 +1,7 @@ +HOMEPAGE: http://hardened.gentoo.org/pax-utils.xml +CVS: cvs://anoncvs.gentoo.org +VIEWVCS: http://sources.gentoo.org/viewcvs.py/gentoo-projects/pax-utils/ + pax-utils is a small set of various PaX aware and related utilities for ELF binaries. It was written for ELF Q/A on Gentoo systems but can be used on any distro. @@ -100,3 +104,30 @@ deploying PaX systems so it includes support for PT_PAX_FLAGS and the deprecated but still in use EI_PAX flags. For more information about PaX see the homepage at http://pax.grsecurity.net/ + +== LINKS == + +(Gentoo) +http://www.gentoo.org/proj/en/hardened/pax-utils.xml +http://sources.gentoo.org/viewcvs.py/gentoo-projects/pax-utils/ +Maintainer: solar@gentoo.org,vapier@gentoo.org + +(OpenSUSE) +http://lists.opensuse.org/opensuse-commit/2006-11/msg00820.html +Maintainer: ludwig.nussel@suse.de + +(Ubuntu) +http://packages.ubuntu.com/edgy/devel/pax-utils +Maintainer: john.r.moser@gmail.com + +(Debian) +http://packages.debian.org/unstable/misc/pax-utils +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=388200 +Maintainer: rdenis@simphalempin.com + +(FreeBSD) +http://portsmon.freebsd.org/portoverview.py?category=sysutils&portname=pax-utils +http://www.freshports.org/sysutils/pax-utils/ +http://archive.netbsd.se/?ml=freebsd-cvs-all&a=2006-08&m=2311441 +Maintainer: pav@FreeBSD.org + diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/scanelf.c new/pax-utils-0.1.15/scanelf.c --- old/pax-utils-0.1.13/scanelf.c 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/scanelf.c 2006-12-13 00:57:20.000000000 +0100 @@ -1,7 +1,7 @@ /* * Copyright 2003-2006 Gentoo Foundation * Distributed under the terms of the GNU General Public License v2 - * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.153 2006/05/17 21:45:20 solar Exp $ + * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.166 2006/12/11 03:31:54 vapier Exp $ * * Copyright 2003-2006 Ned Ludd - * Copyright 2004-2006 Mike Frysinger - @@ -9,34 +9,24 @@ #include "paxinc.h" -static const char *rcsid = "$Id: scanelf.c,v 1.153 2006/05/17 21:45:20 solar Exp $"; +static const char *rcsid = "$Id: scanelf.c,v 1.166 2006/12/11 03:31:54 vapier Exp $"; #define argv0 "scanelf" #define IS_MODIFIER(c) (c == '%' || c == '#' || c == '+') -#define do_state(option, flag) \ - if (islower(option)) { \ - flags &= ~PF_##flag; \ - flags |= PF_NO##flag; \ - } else { \ - flags &= ~PF_NO##flag; \ - flags |= PF_##flag; \ - } - - /* prototypes */ static int file_matches_list(const char *filename, char **matchlist); static int scanelf_elfobj(elfobj *elf); static int scanelf_elf(const char *filename, int fd, size_t len); static int scanelf_archive(const char *filename, int fd, size_t len); -static void scanelf_file(const char *filename); -static void scanelf_dir(const char *path); +static int scanelf_file(const char *filename, const struct stat *st_cache); +static int scanelf_dir(const char *path); static void scanelf_ldpath(void); static void scanelf_envpath(void); static void usage(int status); static char **get_split_env(const char *envvar); static void parseenv(void); -static void parseargs(int argc, char *argv[]); +static int parseargs(int argc, char *argv[]); static char *xstrdup(const char *s); static void *xmalloc(size_t size); static void *xrealloc(void *ptr, size_t size); @@ -85,74 +75,6 @@ size_t ldcache_size = 0; unsigned long setpax = 0UL; -/* utility funcs */ -static char *xstrdup(const char *s) -{ - char *ret = strdup(s); - if (!ret) err("Could not strdup(): %s", strerror(errno)); - return ret; -} -static void *xmalloc(size_t size) -{ - void *ret = malloc(size); - if (!ret) err("Could not malloc() %li bytes", (unsigned long)size); - return ret; -} -static void *xrealloc(void *ptr, size_t size) -{ - void *ret = realloc(ptr, size); - if (!ret) err("Could not realloc() %li bytes", (unsigned long)size); - return ret; -} -static void xstrncat(char **dst, const char *src, size_t *curr_len, size_t n) -{ - size_t new_len; - - new_len = strlen(*dst) + strlen(src); - if (*curr_len <= new_len) { - *curr_len = new_len + (*curr_len / 2); - *dst = realloc(*dst, *curr_len); - if (!*dst) - err("could not realloc() %li bytes", (unsigned long)*curr_len); - } - - if (n) - strncat(*dst, src, n); - else - strcat(*dst, src); -} -static inline void xchrcat(char **dst, const char append, size_t *curr_len) -{ - static char my_app[2]; - my_app[0] = append; - my_app[1] = '\0'; - xstrcat(dst, my_app, curr_len); -} - -/* Match filename against entries in matchlist, return TRUE - * if the file is listed */ -static int file_matches_list(const char *filename, char **matchlist) -{ - char **file; - char *match; - char buf[__PAX_UTILS_PATH_MAX]; - - if (matchlist == NULL) - return 0; - - for (file = matchlist; *file != NULL; file++) { - if (search_path) { - snprintf(buf, sizeof(buf), "%s%s", search_path, *file); - match = buf; - } else { - match = *file; - } - if (fnmatch(match, filename, 0) == 0) - return 1; - } - return 0; -} - /* sub-funcs for scanelf_file() */ @@ -336,6 +258,8 @@ } \ skip_this_shdr##B: \ if (!multi_stack) { \ + if (file_matches_list(elf->filename, qa_execstack)) \ + return NULL; \ *found_phdr = 1; \ shown = 1; \ memcpy(ret, "!WX", 3); \ @@ -512,7 +436,7 @@ case '$': if (fstat(elf->fd, &st) != -1) if ((st.st_mode & S_ISUID) || (st.st_mode & S_ISGID)) - warnf("Security problem with %s='%s' in %s with mode set of %o", + warnf("Security problem with %s='%s' in %s with mode set of %o", dt_type, item, elf->filename, st.st_mode & 07777); break; default: @@ -750,7 +674,31 @@ } return buf; } +#elif defined(__NetBSD__) +static char *lookup_cache_lib(elfobj *elf, char *fname) +{ + static char buf[__PAX_UTILS_PATH_MAX] = ""; + static struct stat st; + + char **ldpath; + for (ldpath = ldpaths; *ldpath != NULL; ldpath++) { + if ((unsigned) snprintf(buf, sizeof(buf), "%s/%s", *ldpath, fname) >= sizeof(buf)) + continue; /* if the pathname is too long, or something went wrong, ignore */ + + if (stat(buf, &st) != 0) + continue; /* if the lib doesn't exist in *ldpath, look further */ + + /* NetBSD doesn't actually do sanity checks, it just loads the file + * and if that doesn't work, continues looking in other directories. + * This cannot easily be safely emulated, unfortunately. For now, + * just assume that if it exists, it's a valid library. */ + return buf; + } + + /* not found in any path */ + return NULL; +} #else #warning Cache support not implemented for your target static char *lookup_cache_lib(elfobj *elf, char *fname) @@ -876,7 +824,8 @@ if (be_wewy_wewy_quiet) return NULL; - if (be_quiet && !fstat(elf->fd, &s) && !(s.st_mode & S_ISUID || s.st_mode & S_ISGID)) { + /* don't output anything if quiet mode and the ELF is static or not setuid */ + if (be_quiet && (!dynamic || (!fstat(elf->fd, &s) && !(s.st_mode & (S_ISUID|S_ISGID))))) { return NULL; } else { *found_bind = 1; @@ -970,8 +919,9 @@ *found_sym = 1; \ } else { \ /* allow the user to specify a comma delimited list of symbols to search for */ \ - char *this_sym, *next_sym; \ + char *this_sym, *this_sym_ver, *next_sym; \ this_sym = ret; \ + this_sym_ver = versioned_symname; \ do { \ next_sym = strchr(this_sym, ','); \ if (next_sym == NULL) \ @@ -981,15 +931,17 @@ if (sym->st_shndx == SHN_UNDEF) \ goto skip_this_sym##B; \ ++this_sym; \ + ++this_sym_ver; \ /* do we want an undefined symbol ? */ \ } else if (*this_sym == '-') { \ if (sym->st_shndx != SHN_UNDEF) \ goto skip_this_sym##B; \ ++this_sym; \ + ++this_sym_ver; \ } \ /* ok, lets compare the name now */ \ if ((strncmp(this_sym, symname, (next_sym-this_sym)) == 0 && symname[next_sym-this_sym] == '\0') || \ - (strncmp(symname, versioned_symname, strlen(versioned_symname)) == 0)) { \ + (strncmp(this_sym_ver, symname, strlen(this_sym_ver)) == 0)) { \ if (be_semi_verbose) { \ char buf[126]; \ snprintf(buf, sizeof(buf), "%lX %s %s", \ @@ -1056,8 +1008,8 @@ static int scanelf_elfobj(elfobj *elf) { unsigned long i; - char found_pax, found_phdr, found_relro, found_load, found_textrel, - found_rpath, found_needed, found_interp, found_bind, found_soname, + char found_pax, found_phdr, found_relro, found_load, found_textrel, + found_rpath, found_needed, found_interp, found_bind, found_soname, found_sym, found_lib, found_file, found_textrels, found_section; static char *out_buffer = NULL; static size_t out_len; @@ -1105,6 +1057,7 @@ case 'N': prints("LIB "); break; case 'T': prints("TEXTRELS "); break; case 'k': prints("SECTION "); break; + case 'a': prints("ARCH "); break; default: warnf("'%c' has no title ?", out_format[i]); } } @@ -1171,6 +1124,7 @@ case 'S': out = scanelf_file_soname(elf, &found_soname); break; case 's': out = scanelf_file_sym(elf, &found_sym); break; case 'k': out = scanelf_file_sections(elf, &found_section); break; + case 'a': out = get_elfemtype(elf); break; default: warnf("'%c' has no scan code?", out_format[i]); } if (out) { @@ -1269,62 +1223,60 @@ return 0; } /* scan a file which may be an elf or an archive or some other magical beast */ -static void scanelf_file(const char *filename) +static int scanelf_file(const char *filename, const struct stat *st_cache) { - struct stat st; + const struct stat *st = st_cache; + struct stat symlink_st; int fd; - /* make sure 'filename' exists */ - if (lstat(filename, &st) == -1) { - if (be_verbose > 2) printf("%s: does not exist\n", filename); - return; - } - /* always handle regular files and handle symlinked files if no -y */ - if (S_ISLNK(st.st_mode)) { - if (!scan_symlink) return; - stat(filename, &st); + if (S_ISLNK(st->st_mode)) { + if (!scan_symlink) return 1; + stat(filename, &symlink_st); + st = &symlink_st; } - if (!S_ISREG(st.st_mode)) { + + if (!S_ISREG(st->st_mode)) { if (be_verbose > 2) printf("%s: skipping non-file\n", filename); - return; + return 1; } if ((fd=open(filename, (fix_elf ? O_RDWR : O_RDONLY))) == -1) - return; + return 1; - if (scanelf_elf(filename, fd, st.st_size) == 1 && scan_archives) + if (scanelf_elf(filename, fd, st->st_size) == 1 && scan_archives) /* if it isn't an ELF, maybe it's an .a archive */ - scanelf_archive(filename, fd, st.st_size); + scanelf_archive(filename, fd, st->st_size); close(fd); + return 0; } /* scan a directory for ET_EXEC files and print when we find one */ -static void scanelf_dir(const char *path) +static int scanelf_dir(const char *path) { register DIR *dir; register struct dirent *dentry; struct stat st_top, st; char buf[__PAX_UTILS_PATH_MAX]; size_t pathlen = 0, len = 0; + int ret = 0; /* make sure path exists */ if (lstat(path, &st_top) == -1) { if (be_verbose > 2) printf("%s: does not exist\n", path); - return; + return 1; } /* ok, if it isn't a directory, assume we can open it */ if (!S_ISDIR(st_top.st_mode)) { - scanelf_file(path); - return; + return scanelf_file(path, &st_top); } /* now scan the dir looking for fun stuff */ if ((dir = opendir(path)) == NULL) { warnf("could not opendir %s: %s", path, strerror(errno)); - return; + return 1; } if (be_verbose > 1) printf("%s: scanning dir\n", path); @@ -1341,14 +1293,15 @@ snprintf(buf, sizeof(buf), "%s%s%s", path, (path[pathlen-1] == '/') ? "" : "/", dentry->d_name); if (lstat(buf, &st) != -1) { if (S_ISREG(st.st_mode)) - scanelf_file(buf); + ret = scanelf_file(buf, &st); else if (dir_recurse && S_ISDIR(st.st_mode)) { if (dir_crossmount || (st_top.st_dev == st.st_dev)) - scanelf_dir(buf); + ret = scanelf_dir(buf); } } } closedir(dir); + return ret; } static int scanelf_from_file(const char *filename) @@ -1356,6 +1309,7 @@ FILE *fp = NULL; char *p; char path[__PAX_UTILS_PATH_MAX]; + int ret = 0; if (strcmp(filename, "-") == 0) fp = stdin; @@ -1366,14 +1320,14 @@ if ((p = strchr(path, '\n')) != NULL) *p = 0; search_path = path; - scanelf_dir(path); + ret = scanelf_dir(path); } if (fp != stdin) fclose(fp); - return 0; + return ret; } -#if defined(__GLIBC__) || defined(__UCLIBC__) +#if defined(__GLIBC__) || defined(__UCLIBC__) || defined(__NetBSD__) static int load_ld_cache_config(int i, const char *fname) { @@ -1392,6 +1346,7 @@ *p = 0; if ((p = strchr(path, '\n')) != NULL) *p = 0; +#ifdef __linux__ // recursive includes of the same file will make this segfault. if ((memcmp(path, "include", 7) == 0) && isblank(path[7])) { glob64_t gl; @@ -1418,9 +1373,9 @@ } globfree64 (&gl); continue; - } else - abort(); + } } +#endif if (*path != '/') continue; @@ -1472,7 +1427,7 @@ break; } ldpaths[i] = NULL; - + free(b); fclose(fp); return i; @@ -1616,7 +1571,7 @@ printf("Options: -[%s]\n", PARSE_FLAGS); for (i = 0; long_opts[i].name; ++i) if (long_opts[i].has_arg == no_argument) - printf(" -%c, --%-14s* %s\n", long_opts[i].val, + printf(" -%c, --%-14s* %s\n", long_opts[i].val, long_opts[i].name, opts_help[i]); else printf(" -%c, --%-7s <arg> * %s\n", long_opts[i].val, @@ -1624,13 +1579,13 @@ if (status != EXIT_SUCCESS) exit(status); - + puts("\nThe format modifiers for the -F option are:"); puts(" F Filename \tx PaX Flags \te STACK/RELRO"); puts(" t TEXTREL \tr RPATH \tn NEEDED"); puts(" i INTERP \tb BIND \ts symbol"); puts(" N library \to Type \tT TEXTRELs"); - puts(" S SONAME \tk section"); + puts(" S SONAME \tk section \ta arch"); puts(" p filename (with search path removed)"); puts(" f filename (short name/basename)"); puts("Prefix each modifier with '%' (verbose) or '#' (silent)"); @@ -1642,10 +1597,19 @@ } /* parse command line arguments and preform needed actions */ -static void parseargs(int argc, char *argv[]) +#define do_pax_state(option, flag) \ + if (islower(option)) { \ + flags &= ~PF_##flag; \ + flags |= PF_NO##flag; \ + } else { \ + flags &= ~PF_NO##flag; \ + flags |= PF_##flag; \ + } +static int parseargs(int argc, char *argv[]) { int i; const char *from_file = NULL; + int ret = 0; opterr = 0; while ((i=getopt_long(argc, argv, PARSE_FLAGS, long_opts, NULL)) != -1) { @@ -1703,27 +1667,27 @@ switch(optarg[x]) { case 'p': case 'P': - do_state(optarg[x], PAGEEXEC); + do_pax_state(optarg[x], PAGEEXEC); break; case 's': case 'S': - do_state(optarg[x], SEGMEXEC); + do_pax_state(optarg[x], SEGMEXEC); break; case 'm': case 'M': - do_state(optarg[x], MPROTECT); + do_pax_state(optarg[x], MPROTECT); break; case 'e': case 'E': - do_state(optarg[x], EMUTRAMP); + do_pax_state(optarg[x], EMUTRAMP); break; case 'r': case 'R': - do_state(optarg[x], RANDMMAP); + do_pax_state(optarg[x], RANDMMAP); break; case 'x': case 'X': - do_state(optarg[x], RANDEXEC); + do_pax_state(optarg[x], RANDEXEC); break; default: break; @@ -1789,6 +1753,7 @@ case 's': break; case 'N': break; case 'o': break; + case 'a': break; case 'x': show_pax = 1; break; case 'e': show_phdr = 1; break; case 't': show_textrel = 1; break; @@ -1799,7 +1764,7 @@ case 'S': show_soname = 1; break; case 'T': show_textrels = 1; break; default: - err("Invalid format specifier '%c' (byte %i)", + err("Invalid format specifier '%c' (byte %i)", out_format[i], i+1); } } @@ -1840,7 +1805,7 @@ err("Nothing to scan !?"); while (optind < argc) { search_path = argv[optind++]; - scanelf_dir(search_path); + ret = scanelf_dir(search_path); } /* clean up */ @@ -1850,6 +1815,7 @@ if (ldcache != 0) munmap(ldcache, ldcache_size); + return ret; } static char **get_split_env(const char *envvar) @@ -1891,6 +1857,7 @@ qa_execstack = get_split_env("QA_EXECSTACK"); qa_wx_load = get_split_env("QA_WX_LOAD"); } + #ifdef __PAX_UTILS_CLEANUP static void cleanup() { @@ -1902,13 +1869,13 @@ #endif - int main(int argc, char *argv[]) { + int ret; if (argc < 2) usage(EXIT_FAILURE); parseenv(); - parseargs(argc, argv); + ret = parseargs(argc, argv); fclose(stdout); #ifdef __PAX_UTILS_CLEANUP cleanup(); @@ -1916,5 +1883,75 @@ "\t- 1 due to the out_buffer not being freed in scanelf_file()\n" "\t- 1 per QA_TEXTRELS/QA_EXECSTACK/QA_WX_LOAD"); #endif - return EXIT_SUCCESS; + return ret; +} + + + +/* utility funcs */ +static char *xstrdup(const char *s) +{ + char *ret = strdup(s); + if (!ret) err("Could not strdup(): %s", strerror(errno)); + return ret; +} +static void *xmalloc(size_t size) +{ + void *ret = malloc(size); + if (!ret) err("Could not malloc() %li bytes", (unsigned long)size); + return ret; +} +static void *xrealloc(void *ptr, size_t size) +{ + void *ret = realloc(ptr, size); + if (!ret) err("Could not realloc() %li bytes", (unsigned long)size); + return ret; +} +static void xstrncat(char **dst, const char *src, size_t *curr_len, size_t n) +{ + size_t new_len; + + new_len = strlen(*dst) + strlen(src); + if (*curr_len <= new_len) { + *curr_len = new_len + (*curr_len / 2); + *dst = realloc(*dst, *curr_len); + if (!*dst) + err("could not realloc() %li bytes", (unsigned long)*curr_len); + } + + if (n) + strncat(*dst, src, n); + else + strcat(*dst, src); +} +static inline void xchrcat(char **dst, const char append, size_t *curr_len) +{ + static char my_app[2]; + my_app[0] = append; + my_app[1] = '\0'; + xstrcat(dst, my_app, curr_len); +} + +/* Match filename against entries in matchlist, return TRUE + * if the file is listed */ +static int file_matches_list(const char *filename, char **matchlist) +{ + char **file; + char *match; + char buf[__PAX_UTILS_PATH_MAX]; + + if (matchlist == NULL) + return 0; + + for (file = matchlist; *file != NULL; file++) { + if (search_path) { + snprintf(buf, sizeof(buf), "%s%s", search_path, *file); + match = buf; + } else { + match = *file; + } + if (fnmatch(match, filename, 0) == 0) + return 1; + } + return 0; } diff -urN --exclude=CVS --exclude=.cvsignore --exclude=.svn --exclude=.svnignore old/pax-utils-0.1.13/TODO new/pax-utils-0.1.15/TODO --- old/pax-utils-0.1.13/TODO 2006-05-17 23:48:10.000000000 +0200 +++ new/pax-utils-0.1.15/TODO 2006-12-13 00:57:20.000000000 +0100 @@ -7,3 +7,6 @@ rel = REL ## B (elf->data + EGET(shdr[s].sh_offset)); \ rela = RELA ## B (elf->data + EGET(shdr[s].sh_offset)); \ sym = SYM ## B (elf->data + EGET(symtab->sh_offset)); \ + +pspax -u 0 +errno = 0; uid = strtol(optarg, NULL, 10); if (uid == 0 && errno != 0) error("invalid value"); ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org