Hi. Please add the attached patches, and please link: glibc-2.3.6-dl_execstack_PaX-1.patch to glibc-2.4-dl_execstack_PaX-1.patch
and glibc-2.3.6-pt_pax-1.patch to glibc-2.4-pt_pax-1.patch The attached: linux-headers-2.6.17.6-07202006-unistd_x86_PIC-1.patch could be linked to: linux-2.6.17.1-unistd_x86_PIC.patch They're the same thing. robert
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
Date: 2006-07-05
Initial Package Version: 4.1.1
Upstream Status: Not submitted - Not currently portable outside i386, it'll be rejected.
Origin: None
Description: This patch is a replacement for the LFS gcc-specs patch.
This patch adds --with-dynamic-linker= and --with-nostdinc to gcc/configure.
--with-dynamic-linker= can point to glibc, uclibc, or whatever. If $with_dynamic_linker
is set then it will be used to discover if the libc it links to has gcc41+ support for
stack smashing protector (usable by Glibc, uClibc, BSD, or whatever).
If you modify this patch to add more platforms than i386 Linux, please send me the
differences so I can add them to this patch. If one magical day all platforms are
supported then this patch could be added to mainline GCC.
diff -Naur gcc-4.1.1.orig/gcc/Makefile.in gcc-4.1.1/gcc/Makefile.in
--- gcc-4.1.1.orig/gcc/Makefile.in 2006-05-17 18:38:58.000000000 +0000
+++ gcc-4.1.1/gcc/Makefile.in 2006-07-06 04:01:30.000000000 +0000
@@ -793,7 +793,7 @@
# This is the variable actually used when we compile. If you change this,
# you probably want to update BUILD_CFLAGS in configure.ac
-ALL_CFLAGS = $(X_CFLAGS) $(T_CFLAGS) \
+ALL_CFLAGS = $(X_CFLAGS) $(T_CFLAGS) @NOSTDINC@ \
$(CFLAGS) $(INTERNAL_CFLAGS) $(COVERAGE_FLAGS) $(WARN_CFLAGS) $(XCFLAGS) @DEFS@
# Likewise. Put INCLUDES at the beginning: this way, if some autoconf macro
@@ -1611,7 +1611,8 @@
(SHLIB_LINK='$(SHLIB_LINK)' \
SHLIB_MULTILIB='$(SHLIB_MULTILIB)'; \
$(CC) $(ALL_CFLAGS) $(ALL_CPPFLAGS) \
- $(DRIVER_DEFINES) \
+ $(DRIVER_DEFINES) `if test -n "@DYNAMICLINKER@" ; then \
+ echo -D__DYNAMIC_LINKER__=\"@[EMAIL PROTECTED]" ; fi` \
-c $(srcdir)/gcc.c $(OUTPUT_OPTION))
gccspec.o: gccspec.c $(CONFIG_H) $(SYSTEM_H) coretypes.h $(TM_H) $(GCC_H)
diff -Naur gcc-4.1.1.orig/gcc/config/i386/linux.h gcc-4.1.1/gcc/config/i386/linux.h
--- gcc-4.1.1.orig/gcc/config/i386/linux.h 2005-08-10 17:53:01.000000000 +0000
+++ gcc-4.1.1/gcc/config/i386/linux.h 2006-07-06 04:01:30.000000000 +0000
@@ -105,7 +105,11 @@
/* If ELF is the default format, we should not use /lib/elf. */
#define LINK_EMULATION "elf_i386"
+#ifdef __DYNAMIC_LINKER__
+#define DYNAMIC_LINKER __DYNAMIC_LINKER__
+#else
#define DYNAMIC_LINKER "/lib/ld-linux.so.2"
+#endif
#undef SUBTARGET_EXTRA_SPECS
#define SUBTARGET_EXTRA_SPECS \
diff -Naur gcc-4.1.1.orig/gcc/config/linux.h gcc-4.1.1/gcc/config/linux.h
--- gcc-4.1.1.orig/gcc/config/linux.h 2005-08-06 13:26:35.000000000 +0000
+++ gcc-4.1.1/gcc/config/linux.h 2006-07-06 04:01:30.000000000 +0000
@@ -104,3 +104,8 @@
#define TARGET_C99_FUNCTIONS 1
#define TARGET_POSIX_IO
+
+#ifdef NOSTDINC
+#undef STANDARD_INCLUDE_DIR
+#define STANDARD_INCLUDE_DIR 0
+#endif
diff -Naur gcc-4.1.1.orig/gcc/configure gcc-4.1.1/gcc/configure
--- gcc-4.1.1.orig/gcc/configure 2006-02-14 16:50:45.000000000 +0000
+++ gcc-4.1.1/gcc/configure 2006-07-06 04:03:28.000000000 +0000
@@ -935,6 +935,11 @@
with the compiler
--with-system-zlib use installed libz
--with-slibdir=DIR shared libraries in DIR LIBDIR
+ --with-dynamic-linker=PATH
+ specifies path to dynamic linker.
+ example: "/lib/ld-linux.so.2"
+ --with-nostdinc build gcc to ignore standard include directories.
+ You will have to use --with-local-prefix with this option.
Some influential environment variables:
CC C compiler command
@@ -4678,6 +4683,29 @@
#define SIZEOF_INT $ac_cv_sizeof_int
_ACEOF
+# Check whether --with-dynamic-linker= was given.
+
+if test "${with_dynamic_linker+set}" = set; then
+ withval="$with_dynamic_linker"
+ case "${withval}" in
+yes) { { echo "$as_me:$LINENO: error: bad value "${withval}". Use --with-dynamic-linker=/path/to/lib/ld.so" >&5
+echo "$as_me: error: bad value "${withval}". Use --with-dynamic-linker=/path/to/lib/ld.so" >&2;}
+ { (exit 1); exit 1; }; } ;;
+no) ;;
+*) DYNAMICLINKER=$withval ;;
+esac
+fi;
+
+# Check whether --with-nostdinc was given.
+
+if test "${with_nostdinc+set}" = set; then
+ withval="$with_nostdinc"
+ case "${withval}" in
+yes) NOSTDINC="-DNOSTDINC" ;;
+no) ;;
+*) NOSTDINC="-DNOSTDINC" ;;
+esac
+fi;
echo "$as_me:$LINENO: checking for long" >&5
echo $ECHO_N "checking for long... $ECHO_C" >&6
@@ -16174,6 +16202,24 @@
echo $ECHO_N "(cached) $ECHO_C" >&6
else
gcc_cv_libc_provides_ssp=no
+ if test -n "$DYNAMICLINKER" && test -n "$gcc_cv_objdump" ; then
+ # Check whether the libc we are going to link to has __stack_chk_* in it.
+ # We need objdump for this, grep, sed, dirname, and tr.
+
+ # First figure out the filename of our libc.so.
+ echo 'main(){}' > conftest.c
+ $CC conftest.c -o conftest -Wl,--dynamic-linker -Wl,${with_dynamic_linker}
+ our_libc_filename=`$gcc_cv_objdump -p conftest|grep NEEDED| \
+ sed -e "[EMAIL PROTECTED]@$(dirname ${DYNAMICLINKER})/@"|tr -d [:space:]`
+ rm -f conftest.c conftest
+
+ # Then look for __stack_chk_*
+ if test "`readelf -s $our_libc_filename | grep __stack_chk_`"; then
+ gcc_cv_libc_provides_ssp=yes
+ fi
+ # Don't stop. $glibc_header_dir might be needed later in this script.
+ fi
+
if test x$host != x$target || test "x$TARGET_SYSTEM_ROOT" != x; then
if test "x$with_sysroot" = x; then
glibc_header_dir="${exec_prefix}/${target_noncanonical}/sys-include"
@@ -17240,6 +17286,8 @@
s,@TARGET_SYSTEM_ROOT_DEFINE@,$TARGET_SYSTEM_ROOT_DEFINE,;t t
s,@CROSS_SYSTEM_HEADER_DIR@,$CROSS_SYSTEM_HEADER_DIR,;t t
s,@onestep@,$onestep,;t t
+s,@DYNAMICLINKER@,$DYNAMICLINKER,;t t
+s,@NOSTDINC@,$NOSTDINC,;t t
s,@SET_MAKE@,$SET_MAKE,;t t
s,@AWK@,$AWK,;t t
s,@LN_S@,$LN_S,;t t
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes) Date: 2006-07-19 Initial Package Version: 2.3.5 Upstream Status: Unknown Origin: http://sources.gentoo.org/viewcvs.py/gentoo/src/patchsets/glibc/2.3.5/\ 4010_all_2.3.5-hardened-iconvconfig-unnest.patch Description: Move nested function to a static one so we avoid generating a trampoline. --- glibc-2.3.5/iconv/iconvconfig.c +++ glibc-2.3.5/iconv/iconvconfig.c @@ -1013,6 +1013,38 @@ module name offset (following last entry with step count 0) */ + +/* Function to insert the names. */ +/* Made non-nested to avoid trampoline. + * Requires hash_table and hash_size to be made global, + * but since the caller (write_output) is called once + * in the only thread there should be no problem */ +static struct hash_entry *hash_table; +static size_t hash_size; +static void +name_insert (const void *nodep, VISIT value, int level) + { + struct name *name; + unsigned int idx; + unsigned int hval2; + + if (value != leaf && value != postorder) + return; + + name = *(struct name **) nodep; + idx = name->hashval % hash_size; + hval2 = 1 + name->hashval % (hash_size - 2); + + while (hash_table[idx].string_offset != 0) + if ((idx += hval2) >= hash_size) + idx -= hash_size; + + hash_table[idx].string_offset = strtaboffset (name->strent); + + assert (name->module_idx != -1); + hash_table[idx].module_idx = name->module_idx; + } + static int write_output (void) { @@ -1020,8 +1052,6 @@ char *string_table; size_t string_table_size; struct gconvcache_header header; - struct hash_entry *hash_table; - size_t hash_size; struct module_entry *module_table; char *extra_table; char *cur_extra_table; @@ -1034,30 +1064,6 @@ char tmpfname[(output_file == NULL ? sizeof finalname : output_file_len + 1) + strlen (".XXXXXX")]; - /* Function to insert the names. */ - auto void - name_insert (const void *nodep, VISIT value, int level) - { - struct name *name; - unsigned int idx; - unsigned int hval2; - - if (value != leaf && value != postorder) - return; - - name = *(struct name **) nodep; - idx = name->hashval % hash_size; - hval2 = 1 + name->hashval % (hash_size - 2); - - while (hash_table[idx].string_offset != 0) - if ((idx += hval2) >= hash_size) - idx -= hash_size; - - hash_table[idx].string_offset = strtaboffset (name->strent); - - assert (name->module_idx != -1); - hash_table[idx].module_idx = name->module_idx; - } /* Open the output file. */ if (output_file == NULL)
Submitted By: Robert Connolly <robert at linuxfromscratch dot org> (ashes)
Date: 2006-06-24
Initial Package Version: 2.6.17.1
Upstream Status: Not submitted
Origin: Gentoo - unistd.h-i386-pic.patch
Description: This patch adds position independent assembly for syscalls.
This fixes problems with llseek(), util-linux, vsftpd, proftpd, and more.
diff -Naur linux-2.6.17.1.orig/include/asm-i386/unistd.h linux-2.6.17.1/include/asm-i386/unistd.h
--- linux-2.6.17.1.orig/include/asm-i386/unistd.h 2006-06-20 09:31:55.000000000 +0000
+++ linux-2.6.17.1/include/asm-i386/unistd.h 2006-06-24 18:23:34.000000000 +0000
@@ -349,6 +349,21 @@
__syscall_return(type,__res); \
}
+#ifdef __PIC__
+#define _syscall1(type,name,type1,arg1) \
+type name(type1 arg1) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"r" ((long)(arg1))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall1(type,name,type1,arg1) \
type name(type1 arg1) \
{ \
@@ -358,7 +373,23 @@
: "0" (__NR_##name),"ri" ((long)(arg1)) : "memory"); \
__syscall_return(type,__res); \
}
+#endif
+#ifdef __PIC__
+#define _syscall2(type,name,type1,arg1,type2,arg2) \
+type name(type1 arg1,type2 arg2) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"r" ((long)(arg1)),"c" ((long)(arg2))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall2(type,name,type1,arg1,type2,arg2) \
type name(type1 arg1,type2 arg2) \
{ \
@@ -369,7 +400,24 @@
: "memory"); \
__syscall_return(type,__res); \
}
+#endif
+#ifdef __PIC__
+#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) \
+type name(type1 arg1,type2 arg2,type3 arg3) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"r" ((long)(arg1)),"c" ((long)(arg2)), \
+ "d" ((long)(arg3))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall3(type,name,type1,arg1,type2,arg2,type3,arg3) \
type name(type1 arg1,type2 arg2,type3 arg3) \
{ \
@@ -380,7 +428,24 @@
"d" ((long)(arg3)) : "memory"); \
__syscall_return(type,__res); \
}
+#endif
+#ifdef __PIC__
+#define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4) \
+type name (type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"r" ((long)(arg1)),"c" ((long)(arg2)), \
+ "d" ((long)(arg3)),"S" ((long)(arg4))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall4(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4) \
type name (type1 arg1, type2 arg2, type3 arg3, type4 arg4) \
{ \
@@ -391,7 +456,25 @@
"d" ((long)(arg3)),"S" ((long)(arg4)) : "memory"); \
__syscall_return(type,__res); \
}
+#endif
+#ifdef __PIC__
+#define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, \
+ type5,arg5) \
+type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ : "=a" (__res) \
+ : "0" (__NR_##name),"m" ((long)(arg1)),"c" ((long)(arg2)), \
+ "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall5(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, \
type5,arg5) \
type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5) \
@@ -405,7 +488,30 @@
: "memory"); \
__syscall_return(type,__res); \
}
+#endif
+#ifdef __PIC__
+#define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, \
+ type5,arg5,type6,arg6) \
+type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,type6 arg6) \
+{ \
+long __res; \
+__asm__ volatile (\
+ "pushl %%ebp\n\t" \
+ "movl %%eax,%%ebp\n\t" \
+ "movl %1,%%eax\n\t" \
+ "pushl %%ebx\n\t" \
+ "movl %2,%%ebx\n\t" \
+ "int $0x80\n\t" \
+ "popl %%ebx\n\t" \
+ "popl %%ebp\n\t" \
+ : "=a" (__res) \
+ : "i" (__NR_##name),"m" ((long)(arg1)),"c" ((long)(arg2)), \
+ "d" ((long)(arg3)),"S" ((long)(arg4)),"D" ((long)(arg5)), \
+ "0" ((long)(arg6))); \
+__syscall_return(type,__res); \
+}
+#else
#define _syscall6(type,name,type1,arg1,type2,arg2,type3,arg3,type4,arg4, \
type5,arg5,type6,arg6) \
type name (type1 arg1,type2 arg2,type3 arg3,type4 arg4,type5 arg5,type6 arg6) \
@@ -421,6 +527,7 @@
: "memory"); \
__syscall_return(type,__res); \
}
+#endif
#ifdef __KERNEL__
#define __ARCH_WANT_IPC_PARSE_VERSION
Submitted By: Robert Connolly <[EMAIL PROTECTED]> (ashes) Date: 2006-07-01 Initial Package Version: 2.17 Upstream Status: Unknown Origin: http://pax.grsecurity.net/binutils-2.17-pt-pax-flags-200606282220.patch Plus i386 testsuite modifications. Description: This adds PT_PAX_FLAGS to Binutils. See: http://pax.grsecurity.net/ diff -Naur binutils-2.17.orig/bfd/elf-bfd.h binutils-2.17/bfd/elf-bfd.h --- binutils-2.17.orig/bfd/elf-bfd.h 2006-03-16 12:20:15.000000000 +0000 +++ binutils-2.17/bfd/elf-bfd.h 2006-07-01 17:41:32.000000000 +0000 @@ -1337,6 +1337,9 @@ /* Should the PT_GNU_RELRO segment be emitted? */ bfd_boolean relro; + /* Segment flags for the PT_PAX_FLAGS segment. */ + unsigned int pax_flags; + /* Symbol version definitions in external objects. */ Elf_Internal_Verdef *verdef; diff -Naur binutils-2.17.orig/bfd/elf.c binutils-2.17/bfd/elf.c --- binutils-2.17.orig/bfd/elf.c 2006-03-16 12:20:15.000000000 +0000 +++ binutils-2.17/bfd/elf.c 2006-07-01 17:41:32.000000000 +0000 @@ -1085,6 +1085,7 @@ case PT_GNU_EH_FRAME: pt = "EH_FRAME"; break; case PT_GNU_STACK: pt = "STACK"; break; case PT_GNU_RELRO: pt = "RELRO"; break; + case PT_PAX_FLAGS: pt = "PAX_FLAGS"; break; default: pt = NULL; break; } return pt; @@ -2606,6 +2607,9 @@ case PT_GNU_RELRO: return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "relro"); + case PT_PAX_FLAGS: + return _bfd_elf_make_section_from_phdr (abfd, hdr, index, "pax_flags"); + default: /* Check for any processor-specific program segment types. */ bed = get_elf_backend_data (abfd); @@ -3933,6 +3937,20 @@ pm = &m->next; } + { + amt = sizeof (struct elf_segment_map); + m = bfd_zalloc (abfd, amt); + if (m == NULL) + goto error_return; + m->next = NULL; + m->p_type = PT_PAX_FLAGS; + m->p_flags = elf_tdata (abfd)->pax_flags; + m->p_flags_valid = 1; + + *pm = m; + pm = &m->next; + } + free (sections); sections = NULL; @@ -4665,6 +4683,11 @@ ++segs; } + { + /* We need a PT_PAX_FLAGS segment. */ + ++segs; + } + for (s = abfd->sections; s != NULL; s = s->next) { if ((s->flags & SEC_LOAD) != 0 @@ -5182,7 +5205,8 @@ 6. PT_TLS segment includes only SHF_TLS sections. 7. SHF_TLS sections are only in PT_TLS or PT_LOAD segments. 8. PT_DYNAMIC should not contain empty sections at the beginning - (with the possible exception of .dynamic). */ + (with the possible exception of .dynamic). + 9. PT_PAX_FLAGS segments do not include any sections. */ #define INCLUDE_SECTION_IN_SEGMENT(section, segment, bed) \ ((((segment->p_paddr \ ? IS_CONTAINED_BY_LMA (section, segment, segment->p_paddr) \ @@ -5191,6 +5215,7 @@ || IS_COREFILE_NOTE (segment, section)) \ && section->output_section != NULL \ && segment->p_type != PT_GNU_STACK \ + && segment->p_type != PT_PAX_FLAGS \ && (segment->p_type != PT_TLS \ || (section->flags & SEC_THREAD_LOCAL)) \ && (segment->p_type == PT_LOAD \ diff -Naur binutils-2.17.orig/bfd/elflink.c binutils-2.17/bfd/elflink.c --- binutils-2.17.orig/bfd/elflink.c 2006-05-22 15:06:36.000000000 +0000 +++ binutils-2.17/bfd/elflink.c 2006-07-01 17:41:32.000000000 +0000 @@ -4977,17 +4977,31 @@ if (!is_elf_hash_table (info->hash)) return TRUE; + elf_tdata (output_bfd)->pax_flags = PF_NORANDEXEC; + + if (info->execheap) + elf_tdata (output_bfd)->pax_flags |= PF_NOMPROTECT; + else if (info->noexecheap) + elf_tdata (output_bfd)->pax_flags |= PF_MPROTECT; + elf_tdata (output_bfd)->relro = info->relro; if (info->execstack) - elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; + { + elf_tdata (output_bfd)->stack_flags = PF_R | PF_W | PF_X; + elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; + } else if (info->noexecstack) - elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; + { + elf_tdata (output_bfd)->stack_flags = PF_R | PF_W; + elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; + } else { bfd *inputobj; asection *notesec = NULL; int exec = 0; + elf_tdata (output_bfd)->pax_flags |= PF_NOEMUTRAMP; for (inputobj = info->input_bfds; inputobj; inputobj = inputobj->link_next) @@ -5000,7 +5014,11 @@ if (s) { if (s->flags & SEC_CODE) - exec = PF_X; + { + elf_tdata (output_bfd)->pax_flags &= ~PF_NOEMUTRAMP; + elf_tdata (output_bfd)->pax_flags |= PF_EMUTRAMP; + exec = PF_X; + } notesec = s; } else diff -Naur binutils-2.17.orig/binutils/readelf.c binutils-2.17/binutils/readelf.c --- binutils-2.17.orig/binutils/readelf.c 2006-03-10 17:20:28.000000000 +0000 +++ binutils-2.17/binutils/readelf.c 2006-07-01 17:41:32.000000000 +0000 @@ -2372,6 +2372,7 @@ return "GNU_EH_FRAME"; case PT_GNU_STACK: return "GNU_STACK"; case PT_GNU_RELRO: return "GNU_RELRO"; + case PT_PAX_FLAGS: return "PAX_FLAGS"; default: if ((p_type >= PT_LOPROC) && (p_type <= PT_HIPROC)) diff -Naur binutils-2.17.orig/include/bfdlink.h binutils-2.17/include/bfdlink.h --- binutils-2.17.orig/include/bfdlink.h 2006-04-06 18:52:45.000000000 +0000 +++ binutils-2.17/include/bfdlink.h 2006-07-01 17:41:32.000000000 +0000 @@ -315,6 +315,14 @@ flags. */ unsigned int noexecstack: 1; + /* TRUE if PT_PAX_FLAGS segment should be created with PF_NOMPROTECT + flags. */ + unsigned int execheap: 1; + + /* TRUE if PT_PAX_FLAGS segment should be created with PF_MPROTECT + flags. */ + unsigned int noexecheap: 1; + /* TRUE if PT_GNU_RELRO segment should be created. */ unsigned int relro: 1; diff -Naur binutils-2.17.orig/include/elf/common.h binutils-2.17/include/elf/common.h --- binutils-2.17.orig/include/elf/common.h 2006-02-17 14:36:26.000000000 +0000 +++ binutils-2.17/include/elf/common.h 2006-07-01 17:41:32.000000000 +0000 @@ -304,12 +304,29 @@ #define PT_SUNW_EH_FRAME PT_GNU_EH_FRAME /* Solaris uses the same value */ #define PT_GNU_STACK (PT_LOOS + 0x474e551) /* Stack flags */ #define PT_GNU_RELRO (PT_LOOS + 0x474e552) /* Read-only after relocation */ +#define PT_PAX_FLAGS (PT_LOOS + 0x5041580) /* PaX flags */ /* Program segment permissions, in program header p_flags field. */ #define PF_X (1 << 0) /* Segment is executable */ #define PF_W (1 << 1) /* Segment is writable */ #define PF_R (1 << 2) /* Segment is readable */ + +/* Flags to control PaX behaviour. */ + +#define PF_PAGEEXEC (1U << 4) /* Enable PAGEEXEC */ +#define PF_NOPAGEEXEC (1U << 5) /* Disable PAGEEXEC */ +#define PF_SEGMEXEC (1U << 6) /* Enable SEGMEXEC */ +#define PF_NOSEGMEXEC (1U << 7) /* Disable SEGMEXEC */ +#define PF_MPROTECT (1U << 8) /* Enable MPROTECT */ +#define PF_NOMPROTECT (1U << 9) /* Disable MPROTECT */ +#define PF_RANDEXEC (1U << 10) /* Enable RANDEXEC */ +#define PF_NORANDEXEC (1U << 11) /* Disable RANDEXEC */ +#define PF_EMUTRAMP (1U << 12) /* Enable EMUTRAMP */ +#define PF_NOEMUTRAMP (1U << 13) /* Disable EMUTRAMP */ +#define PF_RANDMMAP (1U << 14) /* Enable RANDMMAP */ +#define PF_NORANDMMAP (1U << 15) /* Disable RANDMMAP */ + /* #define PF_MASKOS 0x0F000000 *//* OS-specific reserved bits */ #define PF_MASKOS 0x0FF00000 /* New value, Oct 4, 1999 Draft */ #define PF_MASKPROC 0xF0000000 /* Processor-specific reserved bits */ diff -Naur binutils-2.17.orig/ld/emultempl/elf32.em binutils-2.17/ld/emultempl/elf32.em --- binutils-2.17.orig/ld/emultempl/elf32.em 2006-06-12 13:05:04.000000000 +0000 +++ binutils-2.17/ld/emultempl/elf32.em 2006-07-01 17:41:32.000000000 +0000 @@ -1851,6 +1851,16 @@ link_info.noexecstack = TRUE; link_info.execstack = FALSE; } + else if (strcmp (optarg, "execheap") == 0) + { + link_info.execheap = TRUE; + link_info.noexecheap = FALSE; + } + else if (strcmp (optarg, "noexecheap") == 0) + { + link_info.noexecheap = TRUE; + link_info.execheap = FALSE; + } else if (strcmp (optarg, "relro") == 0) link_info.relro = TRUE; else if (strcmp (optarg, "norelro") == 0) @@ -1891,6 +1901,7 @@ fprintf (file, _(" -z combreloc\t\tMerge dynamic relocs into one section and sort\n")); fprintf (file, _(" -z defs\t\tReport unresolved symbols in object files.\n")); fprintf (file, _(" -z execstack\t\tMark executable as requiring executable stack\n")); + fprintf (file, _(" -z execheap\t\tMark executable as requiring executable heap\n")); fprintf (file, _(" -z initfirst\t\tMark DSO to be initialized first at runtime\n")); fprintf (file, _(" -z interpose\t\tMark object to interpose all DSOs but executable\n")); fprintf (file, _(" -z loadfltr\t\tMark object requiring immediate process\n")); @@ -1902,6 +1913,7 @@ fprintf (file, _(" -z nodlopen\t\tMark DSO not available to dlopen\n")); fprintf (file, _(" -z nodump\t\tMark DSO not available to dldump\n")); fprintf (file, _(" -z noexecstack\tMark executable as not requiring executable stack\n")); + fprintf (file, _(" -z noexecheap\tMark executable as not requiring executable heap\n")); fprintf (file, _(" -z norelro\t\tDon't create RELRO program header\n")); fprintf (file, _(" -z now\t\tMark object non-lazy runtime binding\n")); fprintf (file, _(" -z origin\t\tMark object requiring immediate \$ORIGIN processing\n\t\t\t at runtime\n")); diff -Naur binutils-2.17.orig/ld/ldgram.y binutils-2.17/ld/ldgram.y --- binutils-2.17.orig/ld/ldgram.y 2005-10-13 17:29:57.000000000 +0000 +++ binutils-2.17/ld/ldgram.y 2006-07-01 17:41:32.000000000 +0000 @@ -1089,6 +1089,8 @@ $$ = exp_intop (0x6474e550); else if (strcmp (s, "PT_GNU_STACK") == 0) $$ = exp_intop (0x6474e551); + else if (strcmp (s, "PT_PAX_FLAGS") == 0) + $$ = exp_intop (0x65041580); else { einfo (_("\ diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsbin.rd binutils-2.17/ld/testsuite/ld-i386/tlsbin.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsbin.rd 2006-02-02 22:53:46.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsbin.rd 2006-07-01 17:41:36.000000000 +0000 @@ -33,7 +33,7 @@ Elf file type is EXEC \(Executable file\) Entry point 0x8049178 -There are 6 program headers, starting at offset [0-9]+ +There are 7 program headers, starting at offset [0-9]+ Program Headers: Type +Offset +VirtAddr +PhysAddr +FileSiz +MemSiz +Flg Align @@ -44,6 +44,7 @@ LOAD.* DYNAMIC.* TLS +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x0+60 0x0+a0 R +0x1000 + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... @@ -53,6 +54,7 @@ 03 +.tdata .dynamic .got .got.plt * 04 +.dynamic * 05 +.tdata .tbss * + 06 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 9 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsbindesc.rd binutils-2.17/ld/testsuite/ld-i386/tlsbindesc.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsbindesc.rd 2006-02-02 22:53:46.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsbindesc.rd 2006-07-01 17:41:36.000000000 +0000 @@ -31,7 +31,7 @@ Elf file type is EXEC \(Executable file\) Entry point 0x8049158 -There are 6 program headers, starting at offset [0-9]+ +There are 7 program headers, starting at offset [0-9]+ Program Headers: Type +Offset +VirtAddr +PhysAddr +FileSiz +MemSiz +Flg Align @@ -42,6 +42,7 @@ LOAD.* DYNAMIC.* TLS +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x0+60 0x0+a0 R +0x1000 + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... @@ -51,6 +52,7 @@ 03 +.tdata .dynamic .got .got.plt * 04 +.dynamic * 05 +.tdata .tbss * + 06 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 9 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsdesc.rd binutils-2.17/ld/testsuite/ld-i386/tlsdesc.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsdesc.rd 2006-02-02 22:53:46.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsdesc.rd 2006-07-01 17:41:36.000000000 +0000 @@ -39,6 +39,7 @@ LOAD.* DYNAMIC.* TLS +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x0+60 0x0+80 R +0x1 + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... @@ -46,6 +47,7 @@ 01 +.tdata .dynamic .got .got.plt * 02 +.dynamic * 03 +.tdata .tbss * + 04 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 20 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsdesc.sd binutils-2.17/ld/testsuite/ld-i386/tlsdesc.sd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsdesc.sd 2006-01-18 21:07:49.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsdesc.sd 2006-07-01 17:41:36.000000000 +0000 @@ -14,7 +14,7 @@ [0-9a-f]+ 6c000000 b4ffffff 4c000000 68000000 .* [0-9a-f]+ 50000000 70000000 00000000 bcffffff .* Contents of section \.got\.plt: - [0-9a-f]+ ec150000 00000000 00000000 00000000 .* + [0-9a-f]+ 0c160000 00000000 00000000 00000000 .* [0-9a-f]+ 20000000 00000000 60000000 00000000 .* [0-9a-f]+ 00000000 00000000 00000000 00000000 .* [0-9a-f]+ 40000000 +.* diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsgdesc.rd binutils-2.17/ld/testsuite/ld-i386/tlsgdesc.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsgdesc.rd 2006-01-18 21:07:49.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsgdesc.rd 2006-07-01 17:41:36.000000000 +0000 @@ -36,12 +36,14 @@ LOAD.* LOAD.* DYNAMIC.* + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... 00 +.hash .dynsym .dynstr .rel.dyn .rel.plt .plt .text * 01 +.dynamic .got .got.plt * 02 +.dynamic * + 03 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 8 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlsnopic.rd binutils-2.17/ld/testsuite/ld-i386/tlsnopic.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlsnopic.rd 2006-02-02 22:53:46.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlsnopic.rd 2006-07-01 17:41:36.000000000 +0000 @@ -29,7 +29,7 @@ Elf file type is DYN \(Shared object file\) Entry point 0x1000 -There are 4 program headers, starting at offset [0-9]+ +There are 5 program headers, starting at offset [0-9]+ Program Headers: Type +Offset +VirtAddr +PhysAddr +FileSiz +MemSiz +Flg Align @@ -37,6 +37,7 @@ LOAD.* DYNAMIC.* TLS +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x0+ 0x0+24 R +0x1 + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... @@ -44,6 +45,7 @@ 01 +.dynamic .got .got.plt * 02 +.dynamic * 03 +.tbss * + 04 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 20 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-i386/tlspic.rd binutils-2.17/ld/testsuite/ld-i386/tlspic.rd --- binutils-2.17.orig/ld/testsuite/ld-i386/tlspic.rd 2006-02-02 22:53:46.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-i386/tlspic.rd 2006-07-01 17:41:36.000000000 +0000 @@ -40,6 +40,7 @@ LOAD.* DYNAMIC.* TLS +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x0+60 0x0+80 R +0x1 + PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: Segment Sections... @@ -47,6 +48,7 @@ 01 +.tdata .dynamic .got .got.plt * 02 +.dynamic * 03 +.tdata .tbss * + 04 * Relocation section '.rel.dyn' at offset 0x[0-9a-f]+ contains 26 entries: Offset +Info +Type +Sym.Value +Sym. Name diff -Naur binutils-2.17.orig/ld/testsuite/ld-scripts/empty-aligned.d binutils-2.17/ld/testsuite/ld-scripts/empty-aligned.d --- binutils-2.17.orig/ld/testsuite/ld-scripts/empty-aligned.d 2005-08-18 07:51:07.000000000 +0000 +++ binutils-2.17/ld/testsuite/ld-scripts/empty-aligned.d 2006-07-01 17:41:36.000000000 +0000 @@ -7,7 +7,9 @@ Program Headers: +Type +Offset +VirtAddr +PhysAddr +FileSiz +MemSiz +Flg +Align +LOAD +0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ 0x[0-9a-f]+ [RWE ]+ +0x[0-9a-f]+ + +PAX_FLAGS +0x000000 0x00000000 0x00000000 0x00000 0x00000 +0x4 Section to Segment mapping: +Segment Sections\.\.\. +00 +.text + +01 +
pgpWtgCZcNfwD.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/patches FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
