Re: CVS commit: src/sys

Sun, 02 Aug 2015 01:11:37 -0700 

Le 31/07/2015 20:24, Martin Husemann a écrit :
> On Fri, Jul 31, 2015 at 01:09:37PM +0200, Maxime Villard wrote:
>> I don't know how to do that, but you need to fix it this way:
>>  - remove the "security.pax.mprotect.global" instruction in paxinit()
> 
> Why is that?

Because changing security.pax.mprotect.global no longer enables PaX on
processes that are already running.

> (And why do those sysctls have no description?)
> 

They do, don't they? (the code is here)

>>  - the test being a C file - therefore, an ELF binary -, you need to
>>    PaX the binary this way:
>>        paxctl +M t_mprotect
> 
> Something like the (non-working) patch below?

Yes; except the wrong order, as Taylor said.

> 
> Martin
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvsroot/src/tests/lib/libc/sys/Makefile,v
> retrieving revision 1.39
> diff -u -r1.39 Makefile
> --- Makefile  22 Jun 2015 00:05:23 -0000      1.39
> +++ Makefile  31 Jul 2015 18:22:48 -0000
> @@ -38,7 +38,6 @@
>  TESTS_C+=            t_mknod
>  TESTS_C+=            t_mlock
>  TESTS_C+=            t_mmap
> -TESTS_C+=            t_mprotect
>  TESTS_C+=            t_msgctl
>  TESTS_C+=            t_msgget
>  TESTS_C+=            t_msgrcv
> @@ -67,8 +66,16 @@
>  TESTS_C+=            t_unlink
>  TESTS_C+=            t_write
>  
> +PROGS+=                      t_mprotect
>  SRCS.t_mprotect=     t_mprotect.c ${SRCS_EXEC_PROT}
>  
> +t_mprotect:  t_mprotect_nopax
> +     ${TOOL_PAXCTL} +M t_mprotect
> +     cp t_mprotect t_mprotect_nopax
> +
> +t_mprotect_nopax:    ${SRCS.t_mprotect}
> +     ${LINK.c} -o ${.TARGET} ${SRCS.t_mprotect} ${LDLIBS}
> +
>  LDADD.t_getpid+=        -lpthread
>  
>  .if (${MKRUMP} != "no") && !defined(BSD_MK_COMPAT_FILE)
> Index: bsd.own.mk
> ===================================================================
> RCS file: /cvsroot/src/share/mk/bsd.own.mk,v
> retrieving revision 1.862
> diff -u -r1.862 bsd.own.mk
> --- bsd.own.mk        23 Jul 2015 08:03:26 -0000      1.862
> +++ bsd.own.mk        31 Jul 2015 18:23:14 -0000
> @@ -367,6 +367,7 @@
>  TOOL_NBPERF=         ${TOOLDIR}/bin/${_TOOL_PREFIX}perf
>  TOOL_NCDCS=          ${TOOLDIR}/bin/${_TOOL_PREFIX}ibmnws-ncdcs
>  TOOL_PAX=            ${TOOLDIR}/bin/${_TOOL_PREFIX}pax
> +TOOL_PAXCTL=         ${TOOLDIR}/bin/${_TOOL_PREFIX}paxctl
>  TOOL_PIC=            ${TOOLDIR}/bin/${_TOOL_PREFIX}pic
>  TOOL_PIGZ=           ${TOOLDIR}/bin/${_TOOL_PREFIX}pigz
>  TOOL_PKG_CREATE=     ${TOOLDIR}/bin/${_TOOL_PREFIX}pkg_create
> 
>

Reply via email to