CVS commit: [netbsd-10] src

Martin Husemann Tue, 27 Jun 2023 11:20:56 -0700

Module Name:    src
Committed By:   martin
Date:           Tue Jun 27 18:20:18 UTC 2023


Modified Files:
        src/usr.bin/crunch/crunchgen [netbsd-10]: crunchgen.c
        src/usr.sbin/paxctl [netbsd-10]: paxctl.8 paxctl.c

Log Message:
Pull up following revision(s) (requested by rin in ticket #215):

        usr.sbin/paxctl/paxctl.8: revision 1.17
        usr.sbin/paxctl/paxctl.8: revision 1.18
        usr.bin/crunch/crunchgen/crunchgen.c: revision 1.95
        usr.sbin/paxctl/paxctl.c: revision 1.13

paxctl(8): Introduce -0 option to clear all PaX flag bits in ELF note.
Part of PR toolchain/52675

crunchgen(1): Clear PaX flags instead of removing its ELF note section.
The latter results in zero-filled hole in ELF note segment for EARM,
where PaX section is not located the bottom of that segment (see
src/lib/csu/sysident.S). Fortunately, this hole does not cause real
harms for our in-kernel ELF note parser, except for noisy warnings on
DIAGNOSTIC kernels.

Bump CRUNCH_VERSION.

PR toolchain/52675

Use Fl for options.


To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.94.8.1 src/usr.bin/crunch/crunchgen/crunchgen.c
cvs rdiff -u -r1.16 -r1.16.24.1 src/usr.sbin/paxctl/paxctl.8
cvs rdiff -u -r1.12 -r1.12.56.1 src/usr.sbin/paxctl/paxctl.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/usr.bin/crunch/crunchgen/crunchgen.c
diff -u src/usr.bin/crunch/crunchgen/crunchgen.c:1.94 src/usr.bin/crunch/crunchgen/crunchgen.c:1.94.8.1
--- src/usr.bin/crunch/crunchgen/crunchgen.c:1.94	Sun Dec 29 18:26:16 2019
+++ src/usr.bin/crunch/crunchgen/crunchgen.c	Tue Jun 27 18:20:18 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: crunchgen.c,v 1.94 2019/12/29 18:26:16 christos Exp $	*/
+/*	$NetBSD: crunchgen.c,v 1.94.8.1 2023/06/27 18:20:18 martin Exp $	*/
 /*
  * Copyright (c) 1994 University of Maryland
  * All Rights Reserved.
@@ -38,7 +38,7 @@
 
 #include <sys/cdefs.h>
 #if !defined(lint)
-__RCSID("$NetBSD: crunchgen.c,v 1.94 2019/12/29 18:26:16 christos Exp $");
+__RCSID("$NetBSD: crunchgen.c,v 1.94.8.1 2023/06/27 18:20:18 martin Exp $");
 #endif
 
 #include <stdlib.h>
@@ -55,7 +55,7 @@ __RCSID("$NetBSD: crunchgen.c,v 1.94 201
 #include <sys/param.h>
 #include <sys/utsname.h>
 
-#define CRUNCH_VERSION	"20191223"
+#define CRUNCH_VERSION	"20230623"
 
 #define MAXLINELEN	16384
 #define MAXFIELDS 	 2048
@@ -991,7 +991,7 @@ top_makefile_rules(FILE *outmk)
 
     fprintf(outmk, "PROG=%s\n\n", execfname);
 
-    fprintf(outmk, "OBJCOPY_REMOVE_FLAGS=-R .eh_frame_hdr -R .note -R .note.netbsd.pax -R .ident -R .comment -R .copyright\n\n");
+    fprintf(outmk, "OBJCOPY_REMOVE_FLAGS=-R .eh_frame_hdr -R .note -R .ident -R .comment -R .copyright\n\n");
 
     fprintf(outmk, "OBJCOPY_REMOVE_FLAGS+=-R .eh_frame\n");
     fprintf(outmk, ".if ${MACHINE} != \"sparc64\"\n");
@@ -1003,9 +1003,10 @@ top_makefile_rules(FILE *outmk)
     fprintf(outmk, "${PROG}.strip:\n");
     fprintf(outmk, "\t${MAKE} -f ${PROG}.mk ${PROG}\n");
     fprintf(outmk, "\t@[ -f ${PROG}.unstripped -a ! ${PROG} -nt ${PROG}.unstripped ] || { \\\n");
-    fprintf(outmk, "\t\t${_MKSHMSG:Uecho} \"  strip \" ${PROG}; \\\n");
+    fprintf(outmk, "\t\t${_MKSHMSG:Uecho} \"  strip and clear PaX flags \" ${PROG}; \\\n");
     fprintf(outmk, "\t\tcp ${PROG} ${PROG}.unstripped && \\\n");
     fprintf(outmk, "\t\t${OBJCOPY} -S ${OBJCOPY_REMOVE_FLAGS} ${PROG} && \\\n");
+    fprintf(outmk, "\t\t${PAXCTL} -0 ${PROG} && \\\n");
     fprintf(outmk, "\t\ttouch ${PROG}.unstripped; \\\n");
     fprintf(outmk, "\t}\n");
     fprintf(outmk, "objs: $(SUBMAKE_TARGETS)\n");

Index: src/usr.sbin/paxctl/paxctl.8
diff -u src/usr.sbin/paxctl/paxctl.8:1.16 src/usr.sbin/paxctl/paxctl.8:1.16.24.1
--- src/usr.sbin/paxctl/paxctl.8:1.16	Tue Nov  8 08:21:52 2016
+++ src/usr.sbin/paxctl/paxctl.8	Tue Jun 27 18:20:18 2023
@@ -1,4 +1,4 @@
-.\"	$NetBSD: paxctl.8,v 1.16 2016/11/08 08:21:52 wiz Exp $
+.\"	$NetBSD: paxctl.8,v 1.16.24.1 2023/06/27 18:20:18 martin Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <e...@netbsd.org>
 .\" Copyright 2008 Christos Zoulas <chris...@netbsd.org>
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 7, 2016
+.Dd June 23, 2023
 .Dt PAXCTL 8
 .Os
 .Sh NAME
@@ -31,7 +31,7 @@
 .Nd list and modify PaX flags associated with an ELF program
 .Sh SYNOPSIS
 .Nm
-.Ar flags
+.Op Fl 0 | Cm flags
 .Ar program ...
 .Sh DESCRIPTION
 The
@@ -44,7 +44,10 @@ can be found in the
 .Xr security 7
 manpage.
 .Pp
-Each flag can be prefixed either with a
+If
+.Fl 0
+option is specified, all PaX flags (including reserved bits) are cleared.
+Otherwise, each flag can be prefixed either with a
 .Dq +
 or a
 .Dq -

Index: src/usr.sbin/paxctl/paxctl.c
diff -u src/usr.sbin/paxctl/paxctl.c:1.12 src/usr.sbin/paxctl/paxctl.c:1.12.56.1
--- src/usr.sbin/paxctl/paxctl.c:1.12	Tue Oct 27 16:27:47 2009
+++ src/usr.sbin/paxctl/paxctl.c	Tue Jun 27 18:20:18 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: paxctl.c,v 1.12 2009/10/27 16:27:47 christos Exp $ */
+/* $NetBSD: paxctl.c,v 1.12.56.1 2023/06/27 18:20:18 martin Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <e...@netbsd.org>
@@ -34,7 +34,7 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #ifdef __RCSID
-__RCSID("$NetBSD: paxctl.c,v 1.12 2009/10/27 16:27:47 christos Exp $");
+__RCSID("$NetBSD: paxctl.c,v 1.12.56.1 2023/06/27 18:20:18 martin Exp $");
 #endif
 #endif /* not lint */
 
@@ -98,7 +98,8 @@ static const struct paxflag {
 static void
 usage(void)
 {
-	(void)fprintf(stderr, "Usage: %s [ <-|+><A|a|G|g|M|m> ] <file> ...\n",
+	(void)fprintf(stderr,
+	    "Usage: %s [ -0 | <-|+><A|a|G|g|M|m> ] <file> ...\n",
 #if HAVE_NBTOOL_CONFIG_H
 	    "paxctl"
 #else
@@ -165,7 +166,7 @@ pax_printflags(const char *name, int man
 
 static int
 process_one(const char *name, uint32_t add_flags, uint32_t del_flags,
-    int list, int many)
+    int clear, int list, int many)
 {
 	union {
 	    Elf32_Ehdr h32;
@@ -279,8 +280,12 @@ process_one(const char *name, uint32_t a
 			break;
 		}
 
-		pax_tag.flags |= SWAP(add_flags);
-		pax_tag.flags &= SWAP(~del_flags);
+		if (clear) {
+			pax_tag.flags = 0;
+		} else {
+			pax_tag.flags |= SWAP(add_flags);
+			pax_tag.flags &= SWAP(~del_flags);
+		}
 
 		if (!pax_flags_sane(SWAP(pax_tag.flags))) {
 			warnx("New flags 0x%x don't make sense",
@@ -315,7 +320,7 @@ int
 main(int argc, char **argv)
 {
 	char *opt;
-	int i, list = 0, bad = 0, many, minus;
+	int i, clear = 0, list = 0, bad = 0, many, minus;
 	uint32_t add_flags = 0, del_flags = 0;
 
 	setprogname(argv[0]);
@@ -326,6 +331,11 @@ main(int argc, char **argv)
 	for (i = 1; i < argc; i++) {
 		opt = argv[i];
 
+		if (strcmp(opt, "-0") == 0) {
+			clear = 1;
+			continue;
+		}
+
 		if (*opt == '-' || *opt == '+') {
 			uint32_t t;
 			minus = 0;
@@ -361,15 +371,21 @@ main(int argc, char **argv)
 	if (i == argc)
 		usage();
 
-	if (add_flags || del_flags) {
-		if (list)
-			usage();
-	} else
+	switch ((add_flags != 0 || del_flags != 0) + clear) {
+	case 0:
 		list = 1;
+		break;
+	case 1:
+		break;
+	default:
+		usage();
+	}
 
 	many = i != argc - 1;
-	for (; i < argc; i++)
-		bad |= process_one(argv[i], add_flags, del_flags, list, many);
+	for (; i < argc; i++) {
+		bad |= process_one(argv[i], add_flags, del_flags,
+		    clear, list, many);
+	}
 
 	return bad ? EXIT_FAILURE : 0;
 }

CVS commit: [netbsd-10] src

Reply via email to