summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--sys-apps/gradm/ChangeLog9
-rw-r--r--sys-apps/gradm/files/digest-gradm-1.2.12
-rw-r--r--sys-apps/gradm/files/digest-gradm-1.42
-rw-r--r--sys-apps/gradm/files/digest-gradm-1.52
-rw-r--r--sys-apps/gradm/files/digest-gradm-1.61
-rw-r--r--sys-apps/gradm/files/gradm-1.6-chpax.c335
-rw-r--r--sys-apps/gradm/gradm-1.2.1.ebuild40
-rw-r--r--sys-apps/gradm/gradm-1.4.ebuild43
-rw-r--r--sys-apps/gradm/gradm-1.6.ebuild (renamed from sys-apps/gradm/gradm-1.5.ebuild)26
9 files changed, 354 insertions, 106 deletions
diff --git a/sys-apps/gradm/ChangeLog b/sys-apps/gradm/ChangeLog
index 9e0d5dd761e0..375960471d2e 100644
--- a/sys-apps/gradm/ChangeLog
+++ b/sys-apps/gradm/ChangeLog
@@ -1,9 +1,12 @@
# ChangeLog for sys-apps/gradm
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.10 2002/12/17 19:46:53 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.11 2003/01/14 06:16:34 vapier Exp $
+
+*gradm-1.6 (13 Jan 2003)
+
+ 13 Jan 2003; Mike Frysinger <vapier@gentoo.org> :
+ Version bump
- 06 Dec 2002; Rodney Rees <manson@gentoo.org> : changed sparc ~sparc keywords
-
*gradm-1.5a (28 Oct 2002)
28 Oct 2002; Mike Frysinger <vapier@gentoo.org> :
diff --git a/sys-apps/gradm/files/digest-gradm-1.2.1 b/sys-apps/gradm/files/digest-gradm-1.2.1
deleted file mode 100644
index 708b71ab7204..000000000000
--- a/sys-apps/gradm/files/digest-gradm-1.2.1
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 c01a10eecf430eb4a58180900b37903a gradm-1.2.1.tar.gz 41602
-MD5 618ddb3d563f4e3cbfb13c9c770dd99c chpax.c 4776
diff --git a/sys-apps/gradm/files/digest-gradm-1.4 b/sys-apps/gradm/files/digest-gradm-1.4
deleted file mode 100644
index 9677c4a04b8f..000000000000
--- a/sys-apps/gradm/files/digest-gradm-1.4
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 56e892fc50ca1fe0348712e849bb2e82 gradm-1.4.tar.gz 19382
-MD5 618ddb3d563f4e3cbfb13c9c770dd99c chpax.c 4776
diff --git a/sys-apps/gradm/files/digest-gradm-1.5 b/sys-apps/gradm/files/digest-gradm-1.5
deleted file mode 100644
index abb10ec69054..000000000000
--- a/sys-apps/gradm/files/digest-gradm-1.5
+++ /dev/null
@@ -1,2 +0,0 @@
-MD5 9c4a4a81a7e8974a902fdf6a2ecbdb1e gradm-1.5.tar.gz 27323
-MD5 618ddb3d563f4e3cbfb13c9c770dd99c chpax.c 4776
diff --git a/sys-apps/gradm/files/digest-gradm-1.6 b/sys-apps/gradm/files/digest-gradm-1.6
new file mode 100644
index 000000000000..d5911cc297de
--- /dev/null
+++ b/sys-apps/gradm/files/digest-gradm-1.6
@@ -0,0 +1 @@
+MD5 7f1eacca4c0be8a1e5c088a38c249d32 gradm-1.6.tar.gz 29934
diff --git a/sys-apps/gradm/files/gradm-1.6-chpax.c b/sys-apps/gradm/files/gradm-1.6-chpax.c
new file mode 100644
index 000000000000..9dd3dd880e36
--- /dev/null
+++ b/sys-apps/gradm/files/gradm-1.6-chpax.c
@@ -0,0 +1,335 @@
+/*
+ * This program manages various PaX related flags for ELF and a.out binaries.
+ * The flags only have effect when running the patched Linux kernel.
+ *
+ * Written by Solar Designer and placed in the public domain.
+ *
+ * Adapted to PaX by the PaX Team
+ *
+ * Nov 10 2002 : Added multi{options,files} cmdline, zeroflag, nicer output
+ * (+ double output if flags are changed and -v is specified), more error
+ * handling.
+ *
+ * Dec 11 2002 : Explicit error messages and return value, even more
+ * error handling . (-jv)
+ *
+ */
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <linux/elf.h>
+#include <linux/a.out.h>
+
+#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-exec pages */
+#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */
+#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */
+#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */
+#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */
+#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-exec pages */
+
+#define XCLOSE(fd) \
+do \
+{ \
+ if (close(fd)) \
+ perror("close"); \
+} \
+while (0)
+
+static struct elf32_hdr header_elf;
+static struct exec header_aout;
+static void *header;
+static int header_size;
+static int fd;
+
+static unsigned long (*get_flags)();
+static void (*put_flags)(unsigned long);
+
+
+static void print_flags(unsigned long flags)
+{
+ printf(" * Paging based PAGE_EXEC : %s \n"
+ " * Trampolines : %s \n"
+ " * mprotect() : %s \n"
+ " * mmap() base : %s \n"
+ " * ET_EXEC base : %s \n"
+ " * Segmentation based PAGE_EXEC : %s \n",
+ flags & HF_PAX_PAGEEXEC
+ ? "disabled" : flags & HF_PAX_SEGMEXEC ? "enabled" : "enabled (overridden)",
+ flags & HF_PAX_EMUTRAMP
+ ? "emulated" : "not emulated",
+ flags & HF_PAX_MPROTECT
+ ? "not restricted" : "restricted",
+ flags & HF_PAX_RANDMMAP
+ ? "not randomized" : "randomized",
+ flags & HF_PAX_RANDEXEC
+ ? "randomized" : "not randomized",
+ flags & HF_PAX_SEGMEXEC
+ ? "disabled" : "enabled");
+}
+
+static unsigned long get_flags_elf()
+{
+ return (header_elf.e_flags);
+}
+
+static void put_flags_elf(unsigned long flags)
+{
+ header_elf.e_flags = flags;
+}
+
+static unsigned long get_flags_aout()
+{
+ return (N_FLAGS(header_aout));
+}
+
+static void put_flags_aout(unsigned long flags)
+{
+ N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP);
+}
+
+static int read_header(char *name, int mode)
+{
+ char *ptr;
+ int size;
+ int block;
+
+ if ((fd = open(name, mode)) < 0)
+ return 1;
+
+ ptr = (char *) &header_elf;
+ size = sizeof (header_elf);
+
+ do
+ {
+ block = read(fd, ptr, size);
+ if (block <= 0)
+ return (block ? 1 : 2);
+ ptr += block; size -= block;
+ }
+ while (size > 0);
+
+ memcpy(&header_aout, &header_elf, sizeof(header_aout));
+
+ if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG))
+ {
+ if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN)
+ return 2;
+ if (header_elf.e_machine != EM_386)
+ return 3;
+ header = &header_elf;
+ header_size = sizeof(header_elf);
+ get_flags = get_flags_elf;
+ put_flags = put_flags_elf;
+ }
+
+ else if (N_MAGIC(header_aout) == NMAGIC ||
+ N_MAGIC(header_aout) == ZMAGIC ||
+ N_MAGIC(header_aout) == QMAGIC)
+ {
+ if (N_MACHTYPE(header_aout) != M_386)
+ return 3;
+ header = &header_aout;
+ header_size = 4;
+ get_flags = get_flags_aout;
+ put_flags = put_flags_aout;
+ }
+
+ else
+ return (2);
+
+ return (0);
+}
+
+int write_header()
+{
+ char *ptr;
+ int size;
+ int block;
+
+ if (lseek(fd, 0, SEEK_SET))
+ return 1;
+
+ ptr = (char *) header;
+ size = header_size;
+
+ do
+ {
+ block = write(fd, ptr, size);
+ if (block <= 0)
+ break;
+ ptr += block;
+ size -= block;
+ }
+ while (size > 0);
+
+ return size;
+}
+
+
+#define USAGE \
+"Usage: %s OPTIONS FILE1 FILE2 FILEN ...\n" \
+"Manage PaX flags for binaries\n\n" \
+" -P\tenforce paging based non-executable pages\n" \
+" -p\tdo not enforce paging based non-executable pages\n" \
+" -E\temulate trampolines\n" \
+" -e\tdo not emulate trampolines\n" \
+" -M\trestrict mprotect()\n" \
+" -m\tdo not restrict mprotect()\n" \
+" -R\trandomize mmap() base [ELF only]\n" \
+" -r\tdo not randomize mmap() base [ELF only]\n" \
+" -X\trandomize ET_EXEC base [ELF only]\n" \
+" -x\tdo not randomize ET_EXEC base [ELF only]\n" \
+" -S\tenforce segmentation based non-executable pages\n" \
+" -s\tdo not enforce segmentation based non-executable pages\n" \
+" -v\tview current flag mask \n" \
+" -z\tzero flag mask (next flags still apply)\n\n" \
+"The flags only have effect when running the patched Linux kernel.\n"
+
+
+void usage(char *name)
+{
+ printf(USAGE, (name ? name : "chpax"));
+ exit(1);
+}
+
+unsigned long scan_flags(unsigned long flags, char **argv, int *view)
+{
+ int index;
+
+ for (index = 1; argv[1][index]; index++)
+ switch (argv[1][index])
+ {
+
+ case 'p':
+ flags |= HF_PAX_PAGEEXEC;
+ continue ;
+
+ case 'P':
+ flags = (flags & ~HF_PAX_PAGEEXEC) | HF_PAX_SEGMEXEC;
+ continue ;
+
+ case 'E':
+ flags |= HF_PAX_EMUTRAMP;
+ continue ;
+
+ case 'e':
+ flags = (flags & ~HF_PAX_EMUTRAMP);
+ continue ;
+
+ case 'm':
+ flags |= HF_PAX_MPROTECT;
+ continue ;
+
+ case 'M':
+ flags = (flags & ~HF_PAX_MPROTECT);
+ continue ;
+
+ case 'r':
+ flags |= HF_PAX_RANDMMAP;
+ continue ;
+
+ case 'R':
+ flags = (flags & ~HF_PAX_RANDMMAP);
+ continue ;
+
+ case 'X':
+ flags |= HF_PAX_RANDEXEC;
+ continue ;
+
+ case 'x':
+ flags = (flags & ~HF_PAX_RANDEXEC);
+ continue ;
+
+ case 's':
+ flags |= HF_PAX_SEGMEXEC;
+ continue ;
+
+ case 'S':
+ flags = (flags & ~HF_PAX_SEGMEXEC) | HF_PAX_PAGEEXEC;
+ continue ;
+
+ case 'v':
+ *view = 1;
+ continue ;
+
+ case 'z':
+ flags = 0;
+ continue ;
+
+ default:
+ fprintf(stderr, "Unknown option %c \n", argv[1][index]);
+ usage(argv[0]);
+ }
+
+ return (flags);
+}
+
+
+int main(int argc, char **argv)
+{
+ unsigned long flags;
+ unsigned long aflags;
+ unsigned int index;
+ int mode;
+ char *current;
+ int error = 0;
+ int view = 0;
+
+ if (argc < 3 || argv[1][0] != '-')
+ usage(argv[0]);
+
+ for (index = 2, current = argv[index]; current; current = argv[++index])
+ {
+
+ mode = (argc == 3 && !strcmp(argv[1], "-v") ? O_RDONLY : O_RDWR);
+
+ error = read_header(current, mode);
+ switch (error)
+ {
+ case 1:
+ perror(current);
+ continue ;
+ case 2:
+ fprintf(stderr, "%s: Unknown file type (passed) \n", current);
+ XCLOSE(fd);
+ continue ;
+ case 3:
+ fprintf(stderr, "%s: Wrong architecture (passed) \n", current);
+ XCLOSE(fd);
+ continue ;
+ }
+
+ aflags = get_flags();
+ flags = scan_flags(aflags, argv, &view);
+
+ if (view)
+ {
+ printf("\n----[ Current flags for %s ]---- \n\n", current);
+ print_flags(aflags);
+ puts("");
+ }
+
+ put_flags(flags);
+
+ if (flags != aflags && write_header())
+ {
+ perror(current);
+ error = 4;
+ }
+
+ if (error)
+ fprintf(stderr, "%s : Flags were not updated . \n", current);
+ else if (view && aflags != flags)
+ {
+ printf("\n----[ Updated flags for %s ]---- \n\n", current);
+ print_flags(flags);
+ puts("");
+ }
+
+ XCLOSE(fd);
+ }
+
+ return (error);
+}
diff --git a/sys-apps/gradm/gradm-1.2.1.ebuild b/sys-apps/gradm/gradm-1.2.1.ebuild
deleted file mode 100644
index fa1babbb588a..000000000000
--- a/sys-apps/gradm/gradm-1.2.1.ebuild
+++ /dev/null
@@ -1,40 +0,0 @@
-# Copyright 1999-2002 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.2.1.ebuild,v 1.9 2002/12/09 04:37:25 manson Exp $
-
-DESCRIPTION="Administratinve interface to grsecurity"
-SRC_URI="http://www.grsecurity.net/gradm-1.2.1.tar.gz
- http://pageexec.virtualave.net/chpax.c"
-HOMEPAGE="http://www.grsecurity.net"
-KEYWORDS="x86 ppc sparc "
-SLOT="0"
-#DEPEND=""
-LICENSE="GPL-2"
-
-src_unpack() {
- unpack ${P}.tar.gz
- cd ${S}
- cp ${DISTDIR}/chpax.c .
-}
-
-src_compile() {
- ./configure || die
- emake || die
- emake chpax || die
-}
-
-src_install() {
- dodir /sbin /etc/grsec /etc/init.d /etc/conf.d /usr/share/man/man8
-
- cp gradm ${D}/sbin
- gzip -9 gradm.8
- cp gradm.8.gz ${D}/usr/share/man/man8
- cp chpax ${D}/sbin
- chmod 0700 ${D}/sbin/*
- cp ${FILESDIR}/grsecurity.rc ${D}/etc/init.d/grsecurity
- chmod 755 ${D}/etc/init.d/*
- cp ${FILESDIR}/grsecurity ${D}/etc/conf.d/grsecurity
- chmod 644 ${D}/etc/conf.d/*
-
- dodoc ChangeLog* INSTALL COPYING
-}
diff --git a/sys-apps/gradm/gradm-1.4.ebuild b/sys-apps/gradm/gradm-1.4.ebuild
deleted file mode 100644
index 405e10adcfb2..000000000000
--- a/sys-apps/gradm/gradm-1.4.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 1999-2002 Gentoo Technologies, Inc.
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.4.ebuild,v 1.4 2002/10/28 05:53:00 vapier Exp $
-
-DESCRIPTION="Administrative interface to grsecurity"
-SRC_URI="http://www.grsecurity.net/gradm-1.4.tar.gz
- http://pageexec.virtualave.net/chpax.c"
-HOMEPAGE="http://www.grsecurity.net"
-LICENSE="GPL-2"
-KEYWORDS="x86"
-SLOT="0"
-
-DEPEND="sys-devel/bison
- sys-devel/flex"
-RDEPEND=""
-
-S="${WORKDIR}/${PN}"
-
-src_unpack() {
- unpack ${P}.tar.gz
- cd ${S}
- cp ${DISTDIR}/chpax.c .
- mv Makefile Makefile.orig
- sed <Makefile.orig >Makefile \
- -e 's|YACC=/usr/bin/yacc|YACC=/usr/bin/bison|' \
- -e 's|$(YACC) -d|$(YACC) -y -d|'
-}
-
-src_compile() {
- emake || die "compile problem"
- emake chpax || die "compile problem"
-}
-
-src_install() {
- doman gradm.8
- exeinto /etc/init.d
- newexe ${FILESDIR}/grsecurity.rc grsecurity
- insinto /etc/conf.d
- doins ${FILESDIR}/grsecurity
- into /
- dosbin gradm chpax
- chmod 700 ${D}/sbin/gradm ${D}/sbin/chpax
-}
diff --git a/sys-apps/gradm/gradm-1.5.ebuild b/sys-apps/gradm/gradm-1.6.ebuild
index 6845b359510a..e7a9c69ec779 100644
--- a/sys-apps/gradm/gradm-1.5.ebuild
+++ b/sys-apps/gradm/gradm-1.6.ebuild
@@ -1,13 +1,13 @@
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.5.ebuild,v 1.2 2002/10/04 06:25:13 vapier Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.6.ebuild,v 1.1 2003/01/14 06:16:34 vapier Exp $
DESCRIPTION="ACL administrative interface to grsecurity"
-SRC_URI="http://www.grsecurity.net/${P}.tar.gz
- http://pageexec.virtualave.net/chpax.c"
+SRC_URI="http://www.grsecurity.net/${P}.tar.gz"
HOMEPAGE="http://www.grsecurity.net/"
+
LICENSE="GPL-2"
-KEYWORDS="x86"
+KEYWORDS="~x86"
SLOT="0"
DEPEND="sys-devel/bison
@@ -17,21 +17,18 @@ RDEPEND=""
S="${WORKDIR}/${PN}"
src_unpack() {
- unpack ${P}.tar.gz
+ unpack ${A}
cd ${S}
- cp ${DISTDIR}/chpax.c .
+ cp ${FILESDIR}/${P}-chpax.c chpax.c
- mv Makefile Makefile.orig
- sed <Makefile.orig >Makefile \
- -e 's|YACC=/usr/bin/yacc|YACC=/usr/bin/bison|' \
- -e 's|$(YACC) -d|$(YACC) -y -d|' \
- -e "s|-O2|${CFLAGS}|"
+ mv Makefile{,.orig}
+ sed -e "s|-O2|${CFLAGS}|" Makefile.orig > Makefile
}
src_compile() {
- emake || die "compile problem"
- emake chpax || die "compile problem"
+ emake CC="${CC}" || die "compile problem"
+ emake CC="${CC}" chpax || die "compile problem"
}
src_install() {
@@ -43,5 +40,6 @@ src_install() {
doins ${FILESDIR}/grsecurity
into /
dosbin gradm chpax
- chmod 700 ${D}/sbin/gradm ${D}/sbin/chpax
+ fperms 700 /sbin/gradm
+ fperms 700 /sbin/chpax
}