diff options
author | Anthony G. Basile <blueness@gentoo.org> | 2011-09-27 19:35:05 -0400 |
---|---|---|
committer | Anthony G. Basile <blueness@gentoo.org> | 2011-10-08 14:53:27 -0400 |
commit | bf4b2cc848059249198e54091c8e6ebafdd9ec55 (patch) | |
tree | 9266ad0b6fa1238d247e1f51641b221e05f36b4c | |
parent | poc/paxctl-xattr.c: removed unnecesary listing of all xattrs (diff) | |
download | elfix-bf4b2cc848059249198e54091c8e6ebafdd9ec55.tar.gz elfix-bf4b2cc848059249198e54091c8e6ebafdd9ec55.tar.bz2 elfix-bf4b2cc848059249198e54091c8e6ebafdd9ec55.zip |
poc/paxctl-xattr.c: first working version
-rw-r--r-- | poc/paxctl-xattr.c | 270 |
1 files changed, 140 insertions, 130 deletions
diff --git a/poc/paxctl-xattr.c b/poc/paxctl-xattr.c index 5040f80..2232631 100644 --- a/poc/paxctl-xattr.c +++ b/poc/paxctl-xattr.c @@ -155,41 +155,50 @@ parse_cmd_args(int c, char *v[], int *pax_flags, int *view_flags) } -#define BUF_SIZE 7 -void -print_flags(int fd) +uint16_t +read_flags(int fd) { - char xt_buf[BUF_SIZE]; - uint16_t xt_flags; + //UINT16_MAX is an invalid value + uint16_t xt_flags = UINT16_MAX; - static ssize_t vsize = 1024; - static char *value = NULL; - ssize_t i, vret = -1; + if(fgetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t)) == -1) + { + //xattrs is supported, PAX_NAMESPACE is present, but it is the wrong size + if(errno == ERANGE) + { + printf("XT_PAX: malformed flags found\n"); + //FIXME remove the user.pax field + xt_flags = 0; + } - memset(xt_buf, 0, BUF_SIZE); - value = malloc(vsize); + //xattrs is supported, PAX_NAMESPACE is not present + if(errno == ENOATTR) + { + printf("XT_PAX: not found\n"); + xt_flags = 0; + } - //If at first we don't succeed, grow buffer size - while(((vret = fgetxattr(fd, PAX_NAMESPACE, value, vsize)) == -1) && (errno == ERANGE)) - { - vsize <<= 1; - value = realloc(value, vsize); + //xattrs is not supported + if(errno == ENOTSUP) + printf("XT_PAX: extended attribute not supported\n"); } - if(errno == ENOATTR) - { - printf("XT_PAX: not found or permission denied\n"); - return; - } + return xt_flags; +} - if(errno == ENOTSUP) - { - printf("XT_PAX: extended attribute not supported\n"); - return; - } - xt_flags = (uint16_t)value[0]; - xt_flags = xt_flags << 8 + value[1]; +#define BUF_SIZE 7 +void +print_flags(int fd) +{ + uint16_t xt_flags; + char xt_buf[BUF_SIZE]; + + memset(xt_buf, 0, BUF_SIZE); + + //If an invalid value is returned, then skip this + if((xt_flags = read_flags(fd)) == UINT16_MAX) + return ; xt_buf[0] = xt_flags & PF_PAGEEXEC ? 'P' : xt_flags & PF_NOPAGEEXEC ? 'p' : '-' ; @@ -218,118 +227,119 @@ set_flags(int fd, int *pax_flags) { uint16_t xt_flags; - //int fsetxattr(int fd, const char *name, const void *value, size_t size, int flags); + //If an invalid value is returned, then skip this + if((xt_flags = read_flags(fd)) == UINT16_MAX) + return ; - /* - if( / DOME xattrs is supported / ) + //PAGEEXEC + if(*pax_flags & PF_PAGEEXEC) { - //PAGEEXEC - if(*pax_flags & PF_PAGEEXEC) - { - phdr.p_flags |= PF_PAGEEXEC; - phdr.p_flags &= ~PF_NOPAGEEXEC; - } - if(*pax_flags & PF_NOPAGEEXEC) - { - phdr.p_flags &= ~PF_PAGEEXEC; - phdr.p_flags |= PF_NOPAGEEXEC; - } - if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC)) - { - phdr.p_flags &= ~PF_PAGEEXEC; - phdr.p_flags &= ~PF_NOPAGEEXEC; - } + xt_flags |= PF_PAGEEXEC; + xt_flags &= ~PF_NOPAGEEXEC; + } + if(*pax_flags & PF_NOPAGEEXEC) + { + xt_flags &= ~PF_PAGEEXEC; + xt_flags |= PF_NOPAGEEXEC; + } + if((*pax_flags & PF_PAGEEXEC) && (*pax_flags & PF_NOPAGEEXEC)) + { + xt_flags &= ~PF_PAGEEXEC; + xt_flags &= ~PF_NOPAGEEXEC; + } - //SEGMEXEC - if(*pax_flags & PF_SEGMEXEC) - { - phdr.p_flags |= PF_SEGMEXEC; - phdr.p_flags &= ~PF_NOSEGMEXEC; - } - if(*pax_flags & PF_NOSEGMEXEC) - { - phdr.p_flags &= ~PF_SEGMEXEC; - phdr.p_flags |= PF_NOSEGMEXEC; - } - if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC)) - { - phdr.p_flags &= ~PF_SEGMEXEC; - phdr.p_flags &= ~PF_NOSEGMEXEC; - } + //SEGMEXEC + if(*pax_flags & PF_SEGMEXEC) + { + xt_flags |= PF_SEGMEXEC; + xt_flags &= ~PF_NOSEGMEXEC; + } + if(*pax_flags & PF_NOSEGMEXEC) + { + xt_flags &= ~PF_SEGMEXEC; + xt_flags |= PF_NOSEGMEXEC; + } + if((*pax_flags & PF_SEGMEXEC) && (*pax_flags & PF_NOSEGMEXEC)) + { + xt_flags &= ~PF_SEGMEXEC; + xt_flags &= ~PF_NOSEGMEXEC; + } - //MPROTECT - if(*pax_flags & PF_MPROTECT) - { - phdr.p_flags |= PF_MPROTECT; - phdr.p_flags &= ~PF_NOMPROTECT; - } - if(*pax_flags & PF_NOMPROTECT) - { - phdr.p_flags &= ~PF_MPROTECT; - phdr.p_flags |= PF_NOMPROTECT; - } - if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT)) - { - phdr.p_flags &= ~PF_MPROTECT; - phdr.p_flags &= ~PF_NOMPROTECT; - } + //MPROTECT + if(*pax_flags & PF_MPROTECT) + { + xt_flags |= PF_MPROTECT; + xt_flags &= ~PF_NOMPROTECT; + } + if(*pax_flags & PF_NOMPROTECT) + { + xt_flags &= ~PF_MPROTECT; + xt_flags |= PF_NOMPROTECT; + } + if((*pax_flags & PF_MPROTECT) && (*pax_flags & PF_NOMPROTECT)) + { + xt_flags &= ~PF_MPROTECT; + xt_flags &= ~PF_NOMPROTECT; + } - //EMUTRAMP - if(*pax_flags & PF_EMUTRAMP) - { - phdr.p_flags |= PF_EMUTRAMP; - phdr.p_flags &= ~PF_NOEMUTRAMP; - } - if(*pax_flags & PF_NOEMUTRAMP) - { - phdr.p_flags &= ~PF_EMUTRAMP; - phdr.p_flags |= PF_NOEMUTRAMP; - } - if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP)) - { - phdr.p_flags &= ~PF_EMUTRAMP; - phdr.p_flags &= ~PF_NOEMUTRAMP; - } + //EMUTRAMP + if(*pax_flags & PF_EMUTRAMP) + { + xt_flags |= PF_EMUTRAMP; + xt_flags &= ~PF_NOEMUTRAMP; + } + if(*pax_flags & PF_NOEMUTRAMP) + { + xt_flags &= ~PF_EMUTRAMP; + xt_flags |= PF_NOEMUTRAMP; + } + if((*pax_flags & PF_EMUTRAMP) && (*pax_flags & PF_NOEMUTRAMP)) + { + xt_flags &= ~PF_EMUTRAMP; + xt_flags &= ~PF_NOEMUTRAMP; + } - //RANDMMAP - if(*pax_flags & PF_RANDMMAP) - { - phdr.p_flags |= PF_RANDMMAP; - phdr.p_flags &= ~PF_NORANDMMAP; - } - if(*pax_flags & PF_NORANDMMAP) - { - phdr.p_flags &= ~PF_RANDMMAP; - phdr.p_flags |= PF_NORANDMMAP; - } - if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP)) - { - phdr.p_flags &= ~PF_RANDMMAP; - phdr.p_flags &= ~PF_NORANDMMAP; - } + //RANDMMAP + if(*pax_flags & PF_RANDMMAP) + { + xt_flags |= PF_RANDMMAP; + xt_flags &= ~PF_NORANDMMAP; + } + if(*pax_flags & PF_NORANDMMAP) + { + xt_flags &= ~PF_RANDMMAP; + xt_flags |= PF_NORANDMMAP; + } + if((*pax_flags & PF_RANDMMAP) && (*pax_flags & PF_NORANDMMAP)) + { + xt_flags &= ~PF_RANDMMAP; + xt_flags &= ~PF_NORANDMMAP; + } - //RANDEXEC - if(*pax_flags & PF_RANDEXEC) - { - phdr.p_flags |= PF_RANDEXEC; - phdr.p_flags &= ~PF_NORANDEXEC; - } - if(*pax_flags & PF_NORANDEXEC) - { - phdr.p_flags &= ~PF_RANDEXEC; - phdr.p_flags |= PF_NORANDEXEC; - } - if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC)) - { - phdr.p_flags &= ~PF_RANDEXEC; - phdr.p_flags &= ~PF_NORANDEXEC; - } + //RANDEXEC + if(*pax_flags & PF_RANDEXEC) + { + xt_flags |= PF_RANDEXEC; + xt_flags &= ~PF_NORANDEXEC; + } + if(*pax_flags & PF_NORANDEXEC) + { + xt_flags &= ~PF_RANDEXEC; + xt_flags |= PF_NORANDEXEC; + } + if((*pax_flags & PF_RANDEXEC) && (*pax_flags & PF_NORANDEXEC)) + { + xt_flags &= ~PF_RANDEXEC; + xt_flags &= ~PF_NORANDEXEC; + } - / update xattr / + if(fsetxattr(fd, PAX_NAMESPACE, &xt_flags, sizeof(uint16_t), 0) == -1) + { + if(errno == ENOSPC || errno == EDQUOT) + printf("XT_PAX: cannot store xt_flags\n"); + if(errno == ENOTSUP) + printf("XT_PAX: extended attribute not supported\n"); } - else - printf("XT_PAX: not found\n"); - */ } |