poc/mangle-paxflags.c: added quiet mode and fixed whitespaces

author: Anthony G. Basile <basile@opensource.dyc.edu> 2011-05-06 22:21:00 -0400
committer: Anthony G. Basile <basile@opensource.dyc.edu> 2011-05-06 22:21:00 -0400
commit: e6797b5c11034d79c4e59f659736bfe288104c66 (patch)
tree: 345666fa496d6ae7607a75d83d97ded418ab22f2
parent: poc/mangle-paxflags.c: added verbose mode (diff)
download: elfix-e6797b5c11034d79c4e59f659736bfe288104c66.tar.gz
elfix-e6797b5c11034d79c4e59f659736bfe288104c66.tar.bz2
elfix-e6797b5c11034d79c4e59f659736bfe288104c66.zip
4 files changed, 132 insertions, 106 deletions
diff --git a/configure.ac b/configure.ac
index 15ffc03..e082850 100644
--- a/configure.ac
+++ b/configure.ac
@@ -47,6 +47,7 @@ AC_CHECK_HEADERS([errno.h])
 AC_CHECK_HEADERS([error.h])
 AC_CHECK_HEADERS([fcntl.h])
 AC_CHECK_HEADERS([gelf.h])
+AC_CHECK_HEADERS([libgen.h])
 AC_CHECK_HEADERS([stdio.h])
 AC_CHECK_HEADERS([stdlib.h])
 AC_CHECK_HEADERS([string.h])
diff --git a/poc/mangle-paxflags.c b/poc/mangle-paxflags.c
index 530411c..402fb67 100644
--- a/poc/mangle-paxflags.c
+++ b/poc/mangle-paxflags.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <error.h>
+#include <libgen.h>
 
 #include <gelf.h>
 
@@ -28,16 +29,17 @@
 #include <fcntl.h>
 #include <unistd.h>
 
+
 #include <config.h>
 
 // From chpax.h
 #define EI_PAX			14	// Index in e_ident[] where to read flags
-#define HF_PAX_PAGEEXEC         1	// 0: Paging based non-exec pages
-#define HF_PAX_EMUTRAMP         2	// 0: Emulate trampolines
-#define HF_PAX_MPROTECT         4	// 0: Restrict mprotect()
-#define HF_PAX_RANDMMAP         8	// 0: Randomize mmap() base
-#define HF_PAX_RANDEXEC         16	// 1: Randomize ET_EXEC base
-#define HF_PAX_SEGMEXEC         32	// 0: Segmentation based non-exec pages
+#define HF_PAX_PAGEEXEC		1	// 0: Paging based non-exec pages
+#define HF_PAX_EMUTRAMP		2	// 0: Emulate trampolines
+#define HF_PAX_MPROTECT		4	// 0: Restrict mprotect()
+#define HF_PAX_RANDMMAP		8	// 0: Randomize mmap() base
+#define HF_PAX_RANDEXEC		16	// 1: Randomize ET_EXEC base
+#define HF_PAX_SEGMEXEC		32	// 0: Segmentation based non-exec pages
 
 #define PRINT(E,F,I)		printf("%s:\t%s\n", #E, E&F? (I? "enabled" : "disabled") : (I? "disabled" : "enabled"));
 #define SPRINT(E,F,A,B)		printf("%c", E&F? A : B);
@@ -48,36 +50,40 @@
 void
 print_help(char *v)
 {
-        printf(
-                "Package Name : " PACKAGE_STRING "\n"
-                "Bug Reports  : " PACKAGE_BUGREPORT "\n"
-                "Description  : Check for, or conditionally remove, executable flag from PT_GNU_STACK\n\n"
-                "Usage        : %s {[-e] [-p] ELFfile | -h}\n"
-                "options      :     Print out EI_PAX and PT_PAX_FLAGS information\n"
-                "             : -e  Set all EI_PAX flags to least secure setting, pEmrXs\n"
-                "             : -p  Remove PT_PAX_FLAGS program header\n"
+	printf(
+		"Package Name : " PACKAGE_STRING "\n"
+		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
+		"Program Name : %s\n"
+		"Description  : Check for, or conditionally remove, executable flag from PT_GNU_STACK\n\n"
+		"Usage        : %s {[-e] [-p] [-v] [-q] ELFfile | [-h]}\n"
+		"options      :     Print out EI_PAX and PT_PAX_FLAGS information\n"
+		"             : -e  Set all EI_PAX flags to least secure setting, pEmrXs\n"
+		"             : -p  Remove PT_PAX_FLAGS program header\n"
 		"             : -v  Verbose expanation of flags (rather than short list)\n"
-                "             : -h  Print out this help\n",
-                v
-        );
+		"             : -q  Surpress all output to stdout (negates verbose)\n"
+		"             : -h  Print out this help\n",
+		basename(v),
+		basename(v)
+	);
 
-        exit(EXIT_SUCCESS);
+	exit(EXIT_SUCCESS);
 }
 
 
 char *
-parse_cmd_args(int c, char *v[], int *flag_ei_pax, int *flag_pt_pax_flags, int *verbose)
+parse_cmd_args(int c, char *v[], int *flag_ei_pax, int *flag_pt_pax_flags, int *verbose, int *quiet)
 {
 	int i, oc;
 
 	if((c != 2)&&(c != 3)&&(c != 4))
-		error(EXIT_FAILURE, 0, "Usage: %s {[-e] [-p] [-v] ELFfile | [-h]}", v[0]);
+		error(EXIT_FAILURE, 0, "Usage: %s {[-e] [-p] [-v] [-q] ELFfile | [-h]}", v[0]);
 
 	*flag_ei_pax = 0;
 	*flag_pt_pax_flags = 0;
 	*verbose = 0;
+	*quiet = 0;
 
-	while((oc = getopt(c, v,":epvh")) != -1)
+	while((oc = getopt(c, v,":epvqh")) != -1)
 		switch(oc)
 		{
 			case 'e':
@@ -89,6 +95,9 @@ parse_cmd_args(int c, char *v[], int *flag_ei_pax, int *flag_pt_pax_flags, int *
 			case 'v':
 				*verbose = 1;
 				break;
+			case 'q':
+				*quiet = 1;
+				break;
 			case 'h':
 				print_help(v[0]);
 				break;
@@ -104,7 +113,8 @@ parse_cmd_args(int c, char *v[], int *flag_ei_pax, int *flag_pt_pax_flags, int *
 int
 main( int argc, char *argv[])
 {
-	int fd, flag_ei_pax, flag_pt_pax_flags, verbose, found_ei_pax;
+	int fd, found_ei_pax;
+	int flag_ei_pax, flag_pt_pax_flags, verbose, quiet;
 	char *f_name;
 	size_t i, phnum;
 
@@ -112,7 +122,7 @@ main( int argc, char *argv[])
 	GElf_Ehdr ehdr;
 	GElf_Phdr phdr;
 
-	f_name = parse_cmd_args(argc, argv, &flag_ei_pax, &flag_pt_pax_flags, &verbose);
+	f_name = parse_cmd_args(argc, argv, &flag_ei_pax, &flag_pt_pax_flags, &verbose, &quiet);
 
 	if(elf_version(EV_CURRENT) == EV_NONE)
 		error(EXIT_FAILURE, 0, "Library out of date.");
@@ -140,110 +150,120 @@ main( int argc, char *argv[])
 
 	found_ei_pax = ((u_long) ehdr.e_ident[EI_PAX + 1] << 8) + (u_long) ehdr.e_ident[EI_PAX];
 
-	printf("==== EI_PAX ====\n") ;
-	if(verbose)
-	{
-		PRINT(HF_PAX_PAGEEXEC, found_ei_pax, 0);
-		PRINT(HF_PAX_EMUTRAMP, found_ei_pax, 1);
-		PRINT(HF_PAX_MPROTECT, found_ei_pax, 0);
-		PRINT(HF_PAX_RANDMMAP, found_ei_pax, 0);
-		PRINT(HF_PAX_RANDEXEC, found_ei_pax, 1);
-		PRINT(HF_PAX_SEGMEXEC, found_ei_pax, 0);
-		printf("\n");
-	}
-	else
+	if(!quiet)
 	{
-		SPRINT(HF_PAX_PAGEEXEC, found_ei_pax, 'p', 'P');
-		SPRINT(HF_PAX_EMUTRAMP, found_ei_pax, 'E', 'e');
-		SPRINT(HF_PAX_MPROTECT, found_ei_pax, 'm', 'M');
-		SPRINT(HF_PAX_RANDMMAP, found_ei_pax, 'r', 'R');
-		SPRINT(HF_PAX_RANDEXEC, found_ei_pax, 'X', 'x');
-		SPRINT(HF_PAX_SEGMEXEC, found_ei_pax, 's', 'S');
-		printf("\n\n");
+		printf("==== EI_PAX ====\n") ;
+		if(verbose)
+		{
+			PRINT(HF_PAX_PAGEEXEC, found_ei_pax, 0);
+			PRINT(HF_PAX_EMUTRAMP, found_ei_pax, 1);
+			PRINT(HF_PAX_MPROTECT, found_ei_pax, 0);
+			PRINT(HF_PAX_RANDMMAP, found_ei_pax, 0);
+			PRINT(HF_PAX_RANDEXEC, found_ei_pax, 1);
+			PRINT(HF_PAX_SEGMEXEC, found_ei_pax, 0);
+			printf("\n");
+		}
+		else
+		{
+			SPRINT(HF_PAX_PAGEEXEC, found_ei_pax, 'p', 'P');
+			SPRINT(HF_PAX_EMUTRAMP, found_ei_pax, 'E', 'e');
+			SPRINT(HF_PAX_MPROTECT, found_ei_pax, 'm', 'M');
+			SPRINT(HF_PAX_RANDMMAP, found_ei_pax, 'r', 'R');
+			SPRINT(HF_PAX_RANDEXEC, found_ei_pax, 'X', 'x');
+			SPRINT(HF_PAX_SEGMEXEC, found_ei_pax, 's', 'S');
+			printf("\n\n");
+		}
 	}
 
 	if( flag_ei_pax )
 	{
-		printf("Disabling EI_PAX\n\n");
+		if(!quiet)
+			printf("Disabling EI_PAX\n\n");
 		ehdr.e_ident[EI_PAX]     = 0xFF;
 		ehdr.e_ident[EI_PAX + 1] = 0xFF;
 		if(!gelf_update_ehdr(elf, &ehdr))
 			error(EXIT_FAILURE, 0, "gelf_update_ehdr(): %s", elf_errmsg(elf_errno()));
 	}
 
-	printf("==== PHRDs ====\n") ;
+	if(!quiet)
+		printf("==== PHRDs ====\n") ;
 	elf_getphdrnum(elf, &phnum);
 	for(i=0; i<phnum; ++i)
 	{
 		if(gelf_getphdr(elf, i, &phdr) != &phdr)
 			error(EXIT_FAILURE, 0, "gelf_getphdr(): %s", elf_errmsg(elf_errno()));
 
-		if(verbose)
-		{
-			switch(phdr.p_type)
-			{
-				CPRINT(i,PT_NULL);
-				CPRINT(i,PT_LOAD);
-				CPRINT(i,PT_DYNAMIC);
-				CPRINT(i,PT_INTERP);
-				CPRINT(i,PT_NOTE);
-				CPRINT(i,PT_SHLIB);
-				CPRINT(i,PT_PHDR);
-				CPRINT(i,PT_TLS);
-				CPRINT(i,PT_NUM);
-				CPRINT(i,PT_LOOS);
-				CPRINT(i,PT_GNU_EH_FRAME);
-				CPRINT(i,PT_GNU_STACK);
-				CPRINT(i,PT_GNU_RELRO);
-				CPRINT(i,PT_PAX_FLAGS);
-				CPRINT(i,PT_LOSUNW);
-				//CPRINT(i,PT_SUNWBSS);
-				CPRINT(i,PT_SUNWSTACK);
-				CPRINT(i,PT_HISUNW);
-				//CPRINT(i,PT_HIOS);
-				CPRINT(i,PT_LOPROC);
-				CPRINT(i,PT_HIPROC);
-			}
-		}
-
-		if(phdr.p_type == PT_PAX_FLAGS)
+		if(!quiet)
 		{
 			if(verbose)
 			{
-				PRINT(PF_PAGEEXEC,   phdr.p_flags, 1);
-				PRINT(PF_NOPAGEEXEC, phdr.p_flags, 1);
-				PRINT(PF_SEGMEXEC,   phdr.p_flags, 1);
-				PRINT(PF_NOSEGMEXEC, phdr.p_flags, 1);
-				PRINT(PF_MPROTECT,   phdr.p_flags, 1);
-				PRINT(PF_NOMPROTECT, phdr.p_flags, 1);
-				PRINT(PF_RANDEXEC,   phdr.p_flags, 1);
-				PRINT(PF_NORANDEXEC, phdr.p_flags, 1);
-				PRINT(PF_EMUTRAMP,   phdr.p_flags, 1);
-				PRINT(PF_NOEMUTRAMP, phdr.p_flags, 1);
-				PRINT(PF_RANDMMAP,   phdr.p_flags, 1);
-				PRINT(PF_NORANDMMAP, phdr.p_flags, 1);
+				switch(phdr.p_type)
+				{
+					CPRINT(i,PT_NULL);
+					CPRINT(i,PT_LOAD);
+					CPRINT(i,PT_DYNAMIC);
+					CPRINT(i,PT_INTERP);
+					CPRINT(i,PT_NOTE);
+					CPRINT(i,PT_SHLIB);
+					CPRINT(i,PT_PHDR);
+					CPRINT(i,PT_TLS);
+					CPRINT(i,PT_NUM);
+					CPRINT(i,PT_LOOS);
+					CPRINT(i,PT_GNU_EH_FRAME);
+					CPRINT(i,PT_GNU_STACK);
+					CPRINT(i,PT_GNU_RELRO);
+					CPRINT(i,PT_PAX_FLAGS);
+					CPRINT(i,PT_LOSUNW);
+					//CPRINT(i,PT_SUNWBSS);
+					CPRINT(i,PT_SUNWSTACK);
+					CPRINT(i,PT_HISUNW);
+					//CPRINT(i,PT_HIOS);
+					CPRINT(i,PT_LOPROC);
+					CPRINT(i,PT_HIPROC);
+				}
 			}
-			else
+
+			if(phdr.p_type == PT_PAX_FLAGS)
 			{
-				printf("%d: PT_PAX_FLAGS\n", (int)i);
-				FPRINT(PF_PAGEEXEC, PF_NOPAGEEXEC, phdr.p_flags, 'p', 'P');
-				FPRINT(PF_EMUTRAMP, PF_NOEMUTRAMP, phdr.p_flags, 'e', 'E');
-				FPRINT(PF_MPROTECT, PF_NOMPROTECT, phdr.p_flags, 'm', 'M');
-				FPRINT(PF_RANDMMAP, PF_NORANDMMAP, phdr.p_flags, 'r', 'R');
-				FPRINT(PF_RANDEXEC, PF_NORANDEXEC, phdr.p_flags, 'x', 'X');
-				FPRINT(PF_SEGMEXEC, PF_NOSEGMEXEC, phdr.p_flags, 's', 'S');
+				if(verbose)
+				{
+					PRINT(PF_PAGEEXEC,   phdr.p_flags, 1);
+					PRINT(PF_NOPAGEEXEC, phdr.p_flags, 1);
+					PRINT(PF_SEGMEXEC,   phdr.p_flags, 1);
+					PRINT(PF_NOSEGMEXEC, phdr.p_flags, 1);
+					PRINT(PF_MPROTECT,   phdr.p_flags, 1);
+					PRINT(PF_NOMPROTECT, phdr.p_flags, 1);
+					PRINT(PF_RANDEXEC,   phdr.p_flags, 1);
+					PRINT(PF_NORANDEXEC, phdr.p_flags, 1);
+					PRINT(PF_EMUTRAMP,   phdr.p_flags, 1);
+					PRINT(PF_NOEMUTRAMP, phdr.p_flags, 1);
+					PRINT(PF_RANDMMAP,   phdr.p_flags, 1);
+					PRINT(PF_NORANDMMAP, phdr.p_flags, 1);
+				}
+				else
+				{
+					printf("%d: PT_PAX_FLAGS\n", (int)i);
+					FPRINT(PF_PAGEEXEC, PF_NOPAGEEXEC, phdr.p_flags, 'p', 'P');
+					FPRINT(PF_EMUTRAMP, PF_NOEMUTRAMP, phdr.p_flags, 'e', 'E');
+					FPRINT(PF_MPROTECT, PF_NOMPROTECT, phdr.p_flags, 'm', 'M');
+					FPRINT(PF_RANDMMAP, PF_NORANDMMAP, phdr.p_flags, 'r', 'R');
+					FPRINT(PF_RANDEXEC, PF_NORANDEXEC, phdr.p_flags, 'x', 'X');
+					FPRINT(PF_SEGMEXEC, PF_NOSEGMEXEC, phdr.p_flags, 's', 'S');
+				}
 			}
 		}
 
 		if((phdr.p_type == PT_PAX_FLAGS) && flag_pt_pax_flags )
 		{
-			printf("CONVERTED -> PT_NULL\n\n");
+			if(!quiet)
+				printf("CONVERTED -> PT_NULL\n\n");
 			phdr.p_type = PT_NULL;
 			if(!gelf_update_phdr(elf, i, &phdr))
 				error(EXIT_FAILURE, 0, "gelf_update_phdr(): %s", elf_errmsg(elf_errno()));
 		}
 	}
-	printf("\n\n");
+	if(!quiet)
+		printf("\n\n");
 
 	elf_end(elf);
 	close(fd);
diff --git a/src/fix-gnustack.c b/src/fix-gnustack.c
index 2afd7da..3c12700 100644
--- a/src/fix-gnustack.c
+++ b/src/fix-gnustack.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <error.h>
+#include <libgen.h>
 
 #include <gelf.h>
 
@@ -37,12 +38,13 @@ print_help(char *v)
 	printf(
 		"Package Name : " PACKAGE_STRING "\n"
 		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
+		"Program Name : %s\n"
 		"Description  : Check for, or conditionally remove, executable flag from PT_GNU_STACK\n\n"
 		"Usage        : %s {[-f] ELFfile | [-h]}\n"
 		"options      :     Print out protection flags on PT_GNU_STACK\n"
 		"             : -f  Remove X if WX flags are set on PT_GNU_STACK\n"
 		"             : -h  Print out this help\n",
-		v
+		basename(v), basename(v)
 	);
 
 	exit(EXIT_SUCCESS);
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index 9f1b86a..0957e36 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <error.h>
+#include <libgen.h>
 
 #include <gelf.h>
 
@@ -39,12 +40,13 @@
 void
 print_help(char *v)
 {
-        printf(
-                "Package Name : " PACKAGE_STRING "\n"
-                "Bug Reports  : " PACKAGE_BUGREPORT "\n"
-                "Description  : Get or set pax flags on an ELF object\n\n"
-                "Usage        : %s {[-pPeEmMrRxXsSzZC]  ELFfile | [-h]}\n"
-                "options      :     Print out pax flag information\n"
+	printf(
+		"Package Name : " PACKAGE_STRING "\n"
+		"Bug Reports  : " PACKAGE_BUGREPORT "\n"
+		"Program Name : %s\n"
+		"Description  : Get or set pax flags on an ELF object\n\n"
+		"Usage        : %s {[-pPeEmMrRxXsSzZC]  ELFfile | [-h]}\n"
+		"options      :     Print out pax flag information\n"
 		"             : -p  Disable PAGEEXEC\t-P  Enable  PAGEEXEC\n"
 		"             : -e  Disable EMUTRAMP\t-E  Enable  EMUTRAMP\n"
 		"             : -m  Disable MPROTECT\t-M  Enable  MPROTECT\n"
@@ -53,11 +55,12 @@ print_help(char *v)
 		"             : -s  Disable SEGMEXEC\t-X  Enable  SEGMEXEC\n"
 		"             : -z  Default least secure\t-Z Default most secure\n"
 		"             : -C  Created PT_PAX_FLAGS program header\n"
-                "             : -h  Print out this help\n",
-                v
-        );
+		"             : -h  Print out this help\n",
+		basename(v),
+		basename(v)
+	);
 
-        exit(EXIT_SUCCESS);
+	exit(EXIT_SUCCESS);
 }
author	Anthony G. Basile <basile@opensource.dyc.edu>	2011-05-06 22:21:00 -0400
committer	Anthony G. Basile <basile@opensource.dyc.edu>	2011-05-06 22:21:00 -0400
commit	e6797b5c11034d79c4e59f659736bfe288104c66 (patch)
tree	345666fa496d6ae7607a75d83d97ded418ab22f2
parent	poc/mangle-paxflags.c: added verbose mode (diff)
download	elfix-e6797b5c11034d79c4e59f659736bfe288104c66.tar.gz elfix-e6797b5c11034d79c4e59f659736bfe288104c66.tar.bz2 elfix-e6797b5c11034d79c4e59f659736bfe288104c66.zip