aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAnthony G. Basile <blueness@gentoo.org>2012-12-28 20:02:42 -0500
committerAnthony G. Basile <blueness@gentoo.org>2012-12-28 20:12:55 -0500
commit16139496142bbcc4b89d7ab50c47d4029ed17d81 (patch)
tree96dc00ab29047efec5db210100aee4eabe65c9b9
parentsrc/paxctl-ng.c: fix uninitialized value for xt_flags (diff)
downloadelfix-16139496142bbcc4b89d7ab50c47d4029ed17d81.tar.gz
elfix-16139496142bbcc4b89d7ab50c47d4029ed17d81.tar.bz2
elfix-16139496142bbcc4b89d7ab50c47d4029ed17d81.zip
src/paxctl-ng.c: -L/-l alone report if PT_PAX/XATTR_PAX is supported
-rw-r--r--doc/fix-gnustack.12
-rw-r--r--doc/fix-gnustack.pod2
-rw-r--r--doc/paxctl-ng.144
-rw-r--r--doc/paxctl-ng.pod24
-rw-r--r--doc/revdep-pax.12
-rw-r--r--doc/revdep-pax.pod2
-rw-r--r--src/paxctl-ng.c68
7 files changed, 83 insertions, 61 deletions
diff --git a/doc/fix-gnustack.1 b/doc/fix-gnustack.1
index 7f7f4c8..3ef26eb 100644
--- a/doc/fix-gnustack.1
+++ b/doc/fix-gnustack.1
@@ -160,7 +160,7 @@ if it has both W and X flags. When called without, it simply reports
what flags it found.
.SH "HOMEPAGE"
.IX Header "HOMEPAGE"
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax\-quickstart.xml
.SH "REPORTING BUGS"
.IX Header "REPORTING BUGS"
Please report bugs at http://bugs.gentoo.org.
diff --git a/doc/fix-gnustack.pod b/doc/fix-gnustack.pod
index 1f01bcc..d94b8b4 100644
--- a/doc/fix-gnustack.pod
+++ b/doc/fix-gnustack.pod
@@ -39,7 +39,7 @@ what flags it found.
=head1 HOMEPAGE
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
=head1 REPORTING BUGS
diff --git a/doc/paxctl-ng.1 b/doc/paxctl-ng.1
index 3a53640..744184b 100644
--- a/doc/paxctl-ng.1
+++ b/doc/paxctl-ng.1
@@ -139,6 +139,8 @@ paxctl\-ng \- get, set or create either PT_PAX or XATTR_PAX flags
.PP
\&\fBpaxctl-ng\fR \-F|\-f [\-v] \s-1ELF\s0
.PP
+\&\fBpaxctl-ng\fR \-L|\-l
+.PP
\&\fBpaxctl-ng\fR [\-h]
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
@@ -195,27 +197,27 @@ Finally, if the user wishes, he can remove the extended attribute field by runni
.IP "" 4
.PD
If both enabling and disabling flags are set for one item,
-eg. \-Pp for \s-1PAGEEXEC\s0, then the default setting \- is used.
-.IP "\fB\-Z\fR Set most secure settings (PSMeRx)" 4
-.IX Item "-Z Set most secure settings (PSMeRx)"
+eg. \-Pp for \s-1PAGEEXEC\s0, then the default setting '\-' is used.
+.IP "\fB\-Z\fR Set most secure settings (PSMeRx)." 4
+.IX Item "-Z Set most secure settings (PSMeRx)."
.PD 0
-.IP "\fB\-z\fR Set default setting (\-\-\-\-\-\-)" 4
-.IX Item "-z Set default setting (------)"
-.IP "\fB\-C\fR Create \s-1XATTR_PAX\s0 markings with the most secure PaX settings" 4
-.IX Item "-C Create XATTR_PAX markings with the most secure PaX settings"
-.IP "\fB\-c\fR Create \s-1XATTR_PAX\s0 markings with the default PaX settings" 4
-.IX Item "-c Create XATTR_PAX markings with the default PaX settings"
-.ie n .IP "\fB\-d\fR Delete \s-1XATTR_PAX\s0 field, ""user.pax.flags""" 4
-.el .IP "\fB\-d\fR Delete \s-1XATTR_PAX\s0 field, ``user.pax.flags''" 4
-.IX Item "-d Delete XATTR_PAX field, user.pax.flags"
-.IP "\fB\-F\fR Copy \s-1PT_PAX\s0 flags to \s-1XATTR_PAX\s0, if possible" 4
-.IX Item "-F Copy PT_PAX flags to XATTR_PAX, if possible"
-.IP "\fB\-f\fR Copy \s-1XATTR_PAX\s0 flags to \s-1PT_PAX\s0, if possible" 4
-.IX Item "-f Copy XATTR_PAX flags to PT_PAX, if possible"
-.IP "\fB\-L\fR Only set \s-1PT_PAX\s0 flags, if possible" 4
-.IX Item "-L Only set PT_PAX flags, if possible"
-.IP "\fB\-l\fR Only set \s-1XATTR_PAX\s0 flags, if possible" 4
-.IX Item "-l Only set XATTR_PAX flags, if possible"
+.IP "\fB\-z\fR Set default setting (\-\-\-\-\-\-)." 4
+.IX Item "-z Set default setting (------)."
+.IP "\fB\-C\fR Create \s-1XATTR_PAX\s0 markings with the most secure PaX settings." 4
+.IX Item "-C Create XATTR_PAX markings with the most secure PaX settings."
+.IP "\fB\-c\fR Create \s-1XATTR_PAX\s0 markings with the default PaX settings." 4
+.IX Item "-c Create XATTR_PAX markings with the default PaX settings."
+.ie n .IP "\fB\-d\fR Delete \s-1XATTR_PAX\s0 field, ""user.pax.flags""." 4
+.el .IP "\fB\-d\fR Delete \s-1XATTR_PAX\s0 field, ``user.pax.flags''." 4
+.IX Item "-d Delete XATTR_PAX field, user.pax.flags."
+.IP "\fB\-F\fR Copy \s-1PT_PAX\s0 flags to \s-1XATTR_PAX\s0, if possible." 4
+.IX Item "-F Copy PT_PAX flags to XATTR_PAX, if possible."
+.IP "\fB\-f\fR Copy \s-1XATTR_PAX\s0 flags to \s-1PT_PAX\s0, if possible." 4
+.IX Item "-f Copy XATTR_PAX flags to PT_PAX, if possible."
+.IP "\fB\-L\fR When given with other flags, only set \s-1PT_PAX\s0 flags, if possible. When given alone, return \s-1EXIT_SUCCESS\s0 if \s-1PT_PAX\s0 is supported, else return \s-1EXIT_FAILURE\s0." 4
+.IX Item "-L When given with other flags, only set PT_PAX flags, if possible. When given alone, return EXIT_SUCCESS if PT_PAX is supported, else return EXIT_FAILURE."
+.IP "\fB\-l\fR When given with other flags, only set \s-1XATTR_PAX\s0 flags, if possible. When given alone, return \s-1EXIT_SUCCESS\s0 if \s-1XATTR_PAX\s0 is supported, else return \s-1EXIT_FAILURE\s0." 4
+.IX Item "-l When given with other flags, only set XATTR_PAX flags, if possible. When given alone, return EXIT_SUCCESS if XATTR_PAX is supported, else return EXIT_FAILURE."
.IP "\fB\-v\fR View the flags" 4
.IX Item "-v View the flags"
.IP "\fB\-h\fR Print out a short help message and exit." 4
@@ -223,7 +225,7 @@ eg. \-Pp for \s-1PAGEEXEC\s0, then the default setting \- is used.
.PD
.SH "HOMEPAGE"
.IX Header "HOMEPAGE"
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax\-quickstart.xml
.SH "REPORTING BUGS"
.IX Header "REPORTING BUGS"
Please report bugs at http://bugs.gentoo.org.
diff --git a/doc/paxctl-ng.pod b/doc/paxctl-ng.pod
index a18a3a5..d409a09 100644
--- a/doc/paxctl-ng.pod
+++ b/doc/paxctl-ng.pod
@@ -10,6 +10,8 @@ B<paxctl-ng> -C|-c|-d [-v] ELF
B<paxctl-ng> -F|-f [-v] ELF
+B<paxctl-ng> -L|-l
+
B<paxctl-ng> [-h]
=head1 DESCRIPTION
@@ -69,25 +71,25 @@ B<paxctl-ng> with the B<-d> flag.
=item
If both enabling and disabling flags are set for one item,
-eg. -Pp for PAGEEXEC, then the default setting - is used.
+eg. -Pp for PAGEEXEC, then the default setting '-' is used.
-=item B<-Z> Set most secure settings (PSMeRx)
+=item B<-Z> Set most secure settings (PSMeRx).
-=item B<-z> Set default setting (------)
+=item B<-z> Set default setting (------).
-=item B<-C> Create XATTR_PAX markings with the most secure PaX settings
+=item B<-C> Create XATTR_PAX markings with the most secure PaX settings.
-=item B<-c> Create XATTR_PAX markings with the default PaX settings
+=item B<-c> Create XATTR_PAX markings with the default PaX settings.
-=item B<-d> Delete XATTR_PAX field, "user.pax.flags"
+=item B<-d> Delete XATTR_PAX field, "user.pax.flags".
-=item B<-F> Copy PT_PAX flags to XATTR_PAX, if possible
+=item B<-F> Copy PT_PAX flags to XATTR_PAX, if possible.
-=item B<-f> Copy XATTR_PAX flags to PT_PAX, if possible
+=item B<-f> Copy XATTR_PAX flags to PT_PAX, if possible.
-=item B<-L> Only set PT_PAX flags, if possible
+=item B<-L> When given with other flags, only set PT_PAX flags, if possible. When given alone, return EXIT_SUCCESS if PT_PAX is supported, else return EXIT_FAILURE.
-=item B<-l> Only set XATTR_PAX flags, if possible
+=item B<-l> When given with other flags, only set XATTR_PAX flags, if possible. When given alone, return EXIT_SUCCESS if XATTR_PAX is supported, else return EXIT_FAILURE.
=item B<-v> View the flags
@@ -97,7 +99,7 @@ eg. -Pp for PAGEEXEC, then the default setting - is used.
=head1 HOMEPAGE
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
=head1 REPORTING BUGS
diff --git a/doc/revdep-pax.1 b/doc/revdep-pax.1
index f801135..58568fa 100644
--- a/doc/revdep-pax.1
+++ b/doc/revdep-pax.1
@@ -200,7 +200,7 @@ so that the PaX flags of the target inherit the flags of the source.
.PD
.SH "HOMEPAGE"
.IX Header "HOMEPAGE"
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax\-quickstart.xml
.SH "REPORTING BUGS"
.IX Header "REPORTING BUGS"
Please report bugs at http://bugs.gentoo.org.
diff --git a/doc/revdep-pax.pod b/doc/revdep-pax.pod
index 7cddd9d..b1f6d28 100644
--- a/doc/revdep-pax.pod
+++ b/doc/revdep-pax.pod
@@ -82,7 +82,7 @@ so that the PaX flags of the target inherit the flags of the source.
=head1 HOMEPAGE
-http://dev.gentoo.org/~blueness/elfix
+http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml
=head1 REPORTING BUGS
diff --git a/src/paxctl-ng.c b/src/paxctl-ng.c
index dcfdde9..a451aac 100644
--- a/src/paxctl-ng.c
+++ b/src/paxctl-ng.c
@@ -58,10 +58,11 @@
#if defined(PTPAX) && defined(XTPAX)
#define COPY_PT_TO_XT_FLAGS 4
#define COPY_XT_TO_PT_FLAGS 5
- #define LIMIT_TO_PT_FLAGS 6
- #define LIMIT_TO_XT_FLAGS 7
#endif
+#define LIMIT_TO_PT_FLAGS 6
+#define LIMIT_TO_XT_FLAGS 7
+
#define FLAGS_SIZE 6
#include <config.h>
@@ -87,6 +88,7 @@ print_help_exit(char *v)
" : %s -F|-f [-v] ELF\n"
#endif
" : %s -v ELF\n"
+ " : %s -L|-l\n"
" : %s [-h]\n\n"
"Options : -P enable PAGEEXEC\t-p disable PAGEEXEC\n"
" : -E enable EMUTRAMP\t-e disable EMUTRAMP\n"
@@ -107,7 +109,16 @@ print_help_exit(char *v)
" : -F copy PT_PAX to XATTR_PAX\n"
" : -f copy XATTR_PAX to PT_PAX\n"
#endif
- " :\n"
+#ifdef PTPAX
+ " : -L when given alone, EXIT_SUCCESS (PT_PAX is supported)\n"
+#else
+ " : -L when given alone, EXIT_FAILURE (PT_PAX is not supported)\n"
+#endif
+#ifdef XTPAX
+ " : -l when given alone, EXIT_SUCCESS (XATTR_PAX is supported)\n"
+#else
+ " : -l when given alone, EXIT_FAILURE (XATTR_PAX is not supported)\n"
+#endif
" : -v view the flags, along with any accompanying operation\n"
" : -h print out this help\n\n"
"Note : If both enabling and disabling flags are set, the default - is used\n\n",
@@ -120,6 +131,7 @@ print_help_exit(char *v)
basename(v),
#endif
basename(v),
+ basename(v),
basename(v)
);
@@ -143,26 +155,12 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
*verbose = 0;
*cp_flags = 0;
- /* Accept all options and silently ignore irrelevant ones below.
- * We can then pass any parameter in scripts without failure.
- *
- * Alternatively we could do
- *
- * #if !defined(PTPAX) && defined(XTPAX)
- * while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcvh")) != -1)
- * #elif defined(PTPAX) && defined(XTPAX)
- * while((oc = getopt(argc, argv,":PpSsMmEeRrZzCcFfvh")) != -1)
- * #else
- * while((oc = getopt(argc, argv,":PpSsMmEeRrZzvh")) != -1)
- * #endif
- */
-
#if defined(PTPAX) && defined(XTPAX)
while((oc = getopt(argc, argv,":PpEeMmRrSsZzCcdFfLlvh")) != -1)
#elif defined(XTPAX) && !defined(PTPAX)
- while((oc = getopt(argc, argv,":PpEeMmRrSsZzCcdvh")) != -1)
+ while((oc = getopt(argc, argv,":PpEeMmRrSsZzCcdLlvh")) != -1)
#else
- while((oc = getopt(argc, argv,":PpEeMmRrSsZzvh")) != -1)
+ while((oc = getopt(argc, argv,":PpEeMmRrSsZzLlvh")) != -1)
#endif
{
switch(oc)
@@ -240,6 +238,8 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
solitaire += 1;
*cp_flags = COPY_XT_TO_PT_FLAGS;
break;
+#endif
+#endif
case 'L':
limitflags += 1;
*limit = LIMIT_TO_PT_FLAGS;
@@ -248,8 +248,6 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
limitflags += 1;
*limit = LIMIT_TO_XT_FLAGS;
break;
-#endif
-#endif
case 'v':
*verbose = 1;
break;
@@ -263,11 +261,31 @@ parse_cmd_args(int argc, char *argv[], uint16_t *pax_flags, int *verbose, int *c
}
if(
+ (setflags == 0 && solflags == 0 && limitflags == 1 && solitaire == 0)
+ && *verbose == 0
+ && argv[optind] == NULL // -L|-l
+ )
+ {
+
+#ifdef PTPAX
+ if(*limit == LIMIT_TO_PT_FLAGS)
+ exit(EXIT_SUCCESS);
+#endif
+
+#ifdef XTPAX
+ if(*limit == LIMIT_TO_XT_FLAGS)
+ exit(EXIT_SUCCESS);
+#endif
+
+ exit(EXIT_FAILURE);
+ }
+
+ if(
(
- (setflags == 1 && solflags == 0 && limitflags <= 1 && solitaire == 0) || //-PpEeMmRrSs [-L|-l] [-v] ELF
- (setflags == 0 && solflags == 1 && limitflags <= 1 && solitaire == 0) || //-Z|-z [-L|-l] [-v] ELF
- (setflags == 0 && solflags == 0 && limitflags == 0 && solitaire == 1) || //-C|-c|-d|-F|-f [-v] ELF
- (setflags == 0 && solflags == 0 && limitflags == 0 && solitaire == 0 && *verbose == 1) // -v ELF
+ (setflags == 1 && solflags == 0 && limitflags <= 1 && solitaire == 0) //-PpEeMmRrSs [-L|-l] [-v] ELF
+ || (setflags == 0 && solflags == 1 && limitflags <= 1 && solitaire == 0) //-Z|-z [-L|-l] [-v] ELF
+ || (setflags == 0 && solflags == 0 && limitflags == 0 && solitaire == 1) //-C|-c|-d|-F|-f [-v] ELF
+ || (setflags == 0 && solflags == 0 && limitflags == 0 && solitaire == 0 && *verbose == 1) // -v ELF
)
&& argv[optind] != NULL
)