cvs commit: patches/binutils binutils-2.14.90.0.8-pt_pax-1.patch

tushar at linuxfromscratch.org tushar at linuxfromscratch.org
Sun Feb 15 15:30:21 PST 2004


tushar      04/02/15 16:30:20

  Added:       binutils binutils-2.14.90.0.8-pt_pax-1.patch
  Log:
  Added: binutils/binutils-2.14.90.0.8-pt_pax-1.patch
  
  Revision  Changes    Path
  1.1                  patches/binutils/binutils-2.14.90.0.8-pt_pax-1.patch
  
  Index: binutils-2.14.90.0.8-pt_pax-1.patch
  ===================================================================
  Submitted By: Robert Connolly <cendres at videotron dot ca> (ashes)
  Date: 2004-02-08
  Initial Package Version: binutils-2.14.90.0.8
  Origin: http://pax.grsecurity.net/binutils-2.14.90.0.8-pt-pax-flags-200402042140.patch
  Description: This is needed for Pax. http://pax.grsecurity.net/
  https://twocents.mooo.com/hints/downloads/files/winter.txt
  
  diff -Nurp binutils-2.14.90.0.8-old/bfd/elf-bfd.h binutils-2.14.90.0.8-pax/bfd/elf-bfd.h
  --- binutils-2.14.90.0.8-old/bfd/elf-bfd.h	2004-01-14 22:07:43.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/bfd/elf-bfd.h	2004-01-21 06:32:39.000000000 +0100
  @@ -1202,6 +1202,9 @@ struct elf_obj_tdata
     /* Segment flags for the PT_GNU_STACK segment.  */
     unsigned int stack_flags;  
   
  +  /* Segment flags for the PT_PAX_FLAGS segment.  */
  +  unsigned int pax_flags;
  +
     /* Symbol version definitions in external objects.  */
     Elf_Internal_Verdef *verdef;
   
  diff -Nurp binutils-2.14.90.0.8-old/bfd/elf.c binutils-2.14.90.0.8-pax/bfd/elf.c
  --- binutils-2.14.90.0.8-old/bfd/elf.c	2004-01-14 22:07:43.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/bfd/elf.c	2004-01-21 17:20:22.000000000 +0100
  @@ -967,6 +967,7 @@ _bfd_elf_print_private_bfd_data (bfd *ab
   	    case PT_TLS: pt = "TLS"; break;
   	    case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break;
   	    case PT_GNU_STACK: pt = "STACK"; break;
  +	    case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break;
   	    default: sprintf (buf, "0x%lx", p->p_type); pt = buf; break;
   	    }
   	  fprintf (f, "%8s off    0x", pt);
  @@ -2291,6 +2292,9 @@ bfd_section_from_phdr (bfd *abfd, Elf_In
       case PT_GNU_STACK:
         return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "stack");
   
  +    case PT_PAX_FLAGS:
  +      return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags");
  +
       default:
         /* Check for any processor-specific program segment types.
            If no handler for them, default to making "segment" sections.  */
  @@ -3501,6 +3505,20 @@ map_sections_to_segments (bfd *abfd)
         pm = &m->next;
       }
   
  +    {
  +      amt = sizeof (struct elf_segment_map);
  +      m = bfd_zalloc (abfd, amt);
  +      if (m == NULL)
  +	goto error_return;
  +      m->next = NULL;
  +      m->p_type = PT_PAX_FLAGS;
  +      m->p_flags = elf_tdata (abfd)->pax_flags;
  +      m->p_flags_valid = 1;
  +
  +      *pm = m;
  +      pm = &m->next;
  +    }
  +
     free (sections);
     sections = NULL;
   
  @@ -4089,6 +4107,11 @@ get_program_header_size (bfd *abfd)
         ++segs;
       }
   
  +    {
  +      /* We need a PT_PAX_FLAGS segment.  */
  +      ++segs;
  +    }
  +
     for (s = abfd->sections; s != NULL; s = s->next)
       {
         if ((s->flags & SEC_LOAD) != 0
  @@ -4636,6 +4659,7 @@ copy_private_bfd_data (bfd *ibfd, bfd *o
       || IS_COREFILE_NOTE (segment, section))				\
      && section->output_section != NULL					\
      && segment->p_type != PT_GNU_STACK					\
  +   && segment->p_type != PT_PAX_FLAGS					\
      && (segment->p_type != PT_TLS					\
          || (section->flags & SEC_THREAD_LOCAL))				\
      && (segment->p_type == PT_LOAD					\
  diff -Nurp binutils-2.14.90.0.8-old/bfd/elflink.h binutils-2.14.90.0.8-pax/bfd/elflink.h
  --- binutils-2.14.90.0.8-old/bfd/elflink.h	2004-01-14 22:07:43.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/bfd/elflink.h	2004-01-26 18:58:31.000000000 +0100
  @@ -1909,16 +1909,30 @@ NAME(bfd_elf,size_dynamic_sections) (bfd
     if (!is_elf_hash_table (info->hash))
       return TRUE;
   
  +  elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC;
  +
  +  if (info->execheap)
  +    elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT;
  +  else if (info->noexecheap)
  +    elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT;
  +
     if (info->execstack)
  -    elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
  +    {
  +      elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X;
  +      elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
  +    }
     else if (info->noexecstack)
  -    elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
  +    {
  +      elf_tdata (output_bfd)->stack_flags = PF_R | PF_W;
  +      elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
  +    }
     else
       {
         bfd *inputobj;
         asection *notesec = NULL;
         int exec = 0;
   
  +      elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP;
         for (inputobj = info->input_bfds;
   	   inputobj;
   	   inputobj = inputobj->link_next)
  @@ -1931,7 +1945,11 @@ NAME(bfd_elf,size_dynamic_sections) (bfd
   	  if (s)
   	    {
   	      if (s->flags & SEC_CODE)
  -		exec = PF_X;
  +		{
  +		  elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP;
  +		  elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP;
  +		  exec = PF_X;
  +		}
   	      notesec = s;
   	    }
   	  else
  diff -Nurp binutils-2.14.90.0.8-old/binutils/readelf.c binutils-2.14.90.0.8-pax/binutils/readelf.c
  --- binutils-2.14.90.0.8-old/binutils/readelf.c	2004-01-14 22:07:44.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/binutils/readelf.c	2004-01-21 06:32:39.000000000 +0100
  @@ -2144,6 +2144,7 @@ get_segment_type (unsigned long p_type)
       case PT_GNU_EH_FRAME:
   			return "GNU_EH_FRAME";
       case PT_GNU_STACK:	return "STACK";
  +    case PT_PAX_FLAGS:	return "PAX_FLAGS";
   
       default:
         if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC))
  diff -Nurp binutils-2.14.90.0.8-old/include/bfdlink.h binutils-2.14.90.0.8-pax/include/bfdlink.h
  --- binutils-2.14.90.0.8-old/include/bfdlink.h	2004-01-14 22:07:51.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/include/bfdlink.h	2004-01-21 17:18:16.000000000 +0100
  @@ -302,6 +302,14 @@ struct bfd_link_info
        flags.  */
     unsigned int noexecstack: 1;
   
  +  /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT
  +     flags.  */
  +  unsigned int execheap: 1;
  +
  +  /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT
  +     flags.  */
  +  unsigned int noexecheap: 1;
  +
     /* What to do with unresolved symbols in an object file.
        When producing static binaries the default is GENERATE_ERROR.
        When producing dynamic binaries the default is IGNORE.  The
  diff -Nurp binutils-2.14.90.0.8-old/include/elf/common.h binutils-2.14.90.0.8-pax/include/elf/common.h
  --- binutils-2.14.90.0.8-old/include/elf/common.h	2004-01-14 22:07:51.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/include/elf/common.h	2004-01-26 18:06:02.000000000 +0100
  @@ -289,12 +289,27 @@
   
   #define PT_GNU_EH_FRAME	(PT_LOOS + 0x474e550)
   #define PT_GNU_STACK	(PT_LOOS + 0x474e551)
  +#define PT_PAX_FLAGS	(PT_LOOS + 0x5041580)
   
   /* Program segment permissions, in program header p_flags field.  */
   
   #define PF_X		(1 << 0)	/* Segment is executable */
   #define PF_W		(1 << 1)	/* Segment is writable */
   #define PF_R		(1 << 2)	/* Segment is readable */
  +
  +#define PF_PAGEEXEC	(1 << 4)	/* Enable  PAGEEXEC */
  +#define PF_NOPAGEEXEC	(1 << 5)	/* Disable PAGEEXEC */
  +#define PF_SEGMEXEC	(1 << 6)	/* Enable  SEGMEXEC */
  +#define PF_NOSEGMEXEC	(1 << 7)	/* Disable SEGMEXEC */
  +#define PF_MPROTECT	(1 << 8)	/* Enable  MPROTECT */
  +#define PF_NOMPROTECT	(1 << 9)	/* Disable MPROTECT */
  +#define PF_RANDEXEC	(1 << 10)	/* Enable  RANDEXEC */
  +#define PF_NORANDEXEC	(1 << 11)	/* Disable RANDEXEC */
  +#define PF_EMUTRAMP	(1 << 12)	/* Enable  EMUTRAMP */
  +#define PF_NOEMUTRAMP	(1 << 13)	/* Disable EMUTRAMP */
  +#define PF_RANDMMAP	(1 << 14)	/* Enable  RANDMMAP */
  +#define PF_NORANDMMAP	(1 << 15)	/* Disable RANDMMAP */
  +
   /* #define PF_MASKOS	0x0F000000    *//* OS-specific reserved bits */
   #define PF_MASKOS	0x0FF00000	/* New value, Oct 4, 1999 Draft */
   #define PF_MASKPROC	0xF0000000	/* Processor-specific reserved bits */
  diff -Nurp binutils-2.14.90.0.8-old/ld/emultempl/elf32.em binutils-2.14.90.0.8-pax/ld/emultempl/elf32.em
  --- binutils-2.14.90.0.8-old/ld/emultempl/elf32.em	2004-01-14 22:07:53.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/ld/emultempl/elf32.em	2004-01-21 06:32:39.000000000 +0100
  @@ -1645,6 +1645,16 @@ cat >>e${EMULATION_NAME}.c <<EOF
   	  link_info.noexecstack = TRUE;
   	  link_info.execstack = FALSE;
   	}
  +      else if (strcmp (optarg, "execheap") == 0)
  +	{
  +	  link_info.execheap = TRUE;
  +	  link_info.noexecheap = FALSE;
  +	}
  +      else if (strcmp (optarg, "noexecheap") == 0)
  +	{
  +	  link_info.noexecheap = TRUE;
  +	  link_info.execheap = FALSE;
  +	}
         /* What about the other Solaris -z options? FIXME.  */
         break;
   EOF
  @@ -1681,6 +1691,7 @@ cat >>e${EMULATION_NAME}.c <<EOF
     fprintf (file, _("  -z combreloc\t\tMerge dynamic relocs into one section and sort\n"));
     fprintf (file, _("  -z defs\t\tReport unresolved symbols in object files.\n"));
     fprintf (file, _("  -z execstack\t\tMark executable as requiring executable stack\n"));
  +  fprintf (file, _("  -z execheap\t\tMark executable as requiring executable heap\n"));
     fprintf (file, _("  -z initfirst\t\tMark DSO to be initialized first at runtime\n"));
     fprintf (file, _("  -z interpose\t\tMark object to interpose all DSOs but executable\n"));
     fprintf (file, _("  -z loadfltr\t\tMark object requiring immediate process\n"));
  @@ -1692,6 +1703,7 @@ cat >>e${EMULATION_NAME}.c <<EOF
     fprintf (file, _("  -z nodlopen\t\tMark DSO not available to dlopen\n"));
     fprintf (file, _("  -z nodump\t\tMark DSO not available to dldump\n"));
     fprintf (file, _("  -z noexecstack\tMark executable as not requiring executable stack\n"));
  +  fprintf (file, _("  -z noexecheap\t\tMark executable as not requiring executable heap\n"));
     fprintf (file, _("  -z now\t\tMark object non-lazy runtime binding\n"));
     fprintf (file, _("  -z origin\t\tMark object requiring immediate \$ORIGIN processing\n\t\t\t  at runtime\n"));
     fprintf (file, _("  -z KEYWORD\t\tIgnored for Solaris compatibility\n"));
  diff -Nurp binutils-2.14.90.0.8-old/ld/ldgram.y binutils-2.14.90.0.8-pax/ld/ldgram.y
  --- binutils-2.14.90.0.8-old/ld/ldgram.y	2004-01-14 22:07:52.000000000 +0100
  +++ binutils-2.14.90.0.8-pax/ld/ldgram.y	2004-01-21 06:32:39.000000000 +0100
  @@ -1014,6 +1014,8 @@ phdr_type:
   			    $$ = exp_intop (0x6474e550);
   			  else if (strcmp (s, "PT_GNU_STACK") == 0)
   			    $$ = exp_intop (0x6474e551);
  +			  else if (strcmp (s, "PT_PAX_FLAGS") == 0)
  +			    $$ = exp_intop (0x65041580);
   			  else
   			    {
   			      einfo (_("\
  
  
  



More information about the patches mailing list