avoid W|X mappings in libffi

Sat, 21 May 2016 15:51:01 -0700 

This disables PROT_EXEC mappings in libffi (and thus python).
I'm running with it in a bulk build with the "mandatory W^X"
printfs that are going into snapshots and haven't triggered
them yet, building python itself (done 2.7 and 3.4 so far)
or in the ~200 py-* and py3-* things that have built already
(I would have had a whole stack by now otherwise).

There are a lot of test failures when this diff is used.
Can anyone figure out if they're anything to worry about?



Index: Makefile
===================================================================
RCS file: /cvs/ports/devel/libffi/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- Makefile    23 Mar 2016 22:50:29 -0000      1.34
+++ Makefile    21 May 2016 22:28:51 -0000
@@ -3,7 +3,7 @@
 COMMENT=               Foreign Function Interface
 
 DISTNAME=              libffi-3.2.1
-REVISION=              1
+REVISION=              2
 SHARED_LIBS +=  ffi                  1.2      # .6.4
 CATEGORIES=            devel
 
Index: patches/patch-src_closures_c
===================================================================
RCS file: patches/patch-src_closures_c
diff -N patches/patch-src_closures_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_closures_c        21 May 2016 22:28:51 -0000
@@ -0,0 +1,56 @@
+$OpenBSD$
+--- src/closures.c.orig        Sat Nov  8 05:47:24 2014
++++ src/closures.c     Sat May 21 15:57:22 2016
+@@ -172,41 +172,6 @@ selinux_enabled_check (void)
+ 
+ #endif /* !FFI_MMAP_EXEC_SELINUX */
+ 
+-/* On PaX enable kernels that have MPROTECT enable we can't use PROT_EXEC. */
+-#ifdef FFI_MMAP_EXEC_EMUTRAMP_PAX
+-#include <stdlib.h>
+-
+-static int emutramp_enabled = -1;
+-
+-static int
+-emutramp_enabled_check (void)
+-{
+-  char *buf = NULL;
+-  size_t len = 0;
+-  FILE *f;
+-  int ret;
+-  f = fopen ("/proc/self/status", "r");
+-  if (f == NULL)
+-    return 0;
+-  ret = 0;
+-
+-  while (getline (&buf, &len, f) != -1)
+-    if (!strncmp (buf, "PaX:", 4))
+-      {
+-        char emutramp;
+-        if (sscanf (buf, "%*s %*c%c", &emutramp) == 1)
+-          ret = (emutramp == 'E');
+-        break;
+-      }
+-  free (buf);
+-  fclose (f);
+-  return ret;
+-}
+-
+-#define is_emutramp_enabled() (emutramp_enabled >= 0 ? emutramp_enabled \
+-                               : (emutramp_enabled = emutramp_enabled_check 
()))
+-#endif /* FFI_MMAP_EXEC_EMUTRAMP_PAX */
+-
+ #elif defined (__CYGWIN__) || defined(__INTERIX)
+ 
+ #include <sys/mman.h>
+@@ -216,9 +181,7 @@ emutramp_enabled_check (void)
+ 
+ #endif /* !defined(X86_WIN32) && !defined(X86_WIN64) */
+ 
+-#ifndef FFI_MMAP_EXEC_EMUTRAMP_PAX
+-#define is_emutramp_enabled() 0
+-#endif /* FFI_MMAP_EXEC_EMUTRAMP_PAX */
++#define is_emutramp_enabled() 1
+ 
+ /* Declare all functions defined in dlmalloc.c as static.  */
+ static void *dlmalloc(size_t);

Reply via email to