diff options
author | Mike Frysinger <vapier@gentoo.org> | 2002-10-28 05:53:00 +0000 |
---|---|---|
committer | Mike Frysinger <vapier@gentoo.org> | 2002-10-28 05:53:00 +0000 |
commit | cc7c03f47baba1c9fae5a2028c3f86e4207fde47 (patch) | |
tree | 39e73eca9f624a7f1b4ccf1043237ffb9dad41c8 /sys-apps/gradm | |
parent | added virtual/xft (diff) | |
download | gentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.tar.gz gentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.tar.bz2 gentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.zip |
Version bump
Diffstat (limited to 'sys-apps/gradm')
-rw-r--r-- | sys-apps/gradm/ChangeLog | 20 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.5a | 2 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm-1.5a-chpax.c | 244 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.4.ebuild | 4 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.5a.ebuild | 47 |
5 files changed, 309 insertions, 8 deletions
diff --git a/sys-apps/gradm/ChangeLog b/sys-apps/gradm/ChangeLog index 0df751867681..9e6f9e2b6aa6 100644 --- a/sys-apps/gradm/ChangeLog +++ b/sys-apps/gradm/ChangeLog @@ -1,9 +1,11 @@ # ChangeLog for media-gfx/scrot # Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.6 2002/10/17 18:24:10 blizzy Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.7 2002/10/28 05:53:00 vapier Exp $ - 17 Oct 2002; Maik Schreiber <blizzy@gentoo.org> gradm-1.4.ebuild: - Changed KEYWORDS to phase out of package.mask. +*gradm-1.5a (28 Oct 2002) + + 28 Oct 2002; Mike Frysinger <vapier@gentoo.org> : + Version bump + move of chpax.c from SRC_URI to FILESDIR *gradm-1.5 (21 Sep 2002) @@ -12,13 +14,19 @@ *gradm-1.4 (12 Aug 2002) - 12 Aug 2002; Maik Schreiber <blizzy@gentoo.org> : new version + 17 Oct 2002; Maik Schreiber <blizzy@gentoo.org> gradm-1.4.ebuild: + Changed KEYWORDS to phase out of package.mask. + + 12 Aug 2002; Maik Schreiber <blizzy@gentoo.org> : + new version - 21 Jul 2002; Mark Guertin <gerk@gentoo.org> : updated keywords (ppc) + 21 Jul 2002; Mark Guertin <gerk@gentoo.org> : + updated keywords (ppc) 14 Jul 2002; phoen][x <phoenix@gentoo.org> gradm-1.2.1.ebuild: Added KEYWORDS, SLOT. *gradm-1.2.1 (01 May 2002) - 1 May 2002; Preston A. Elder <prez@gentoo.org> : Initial ebuild. + 1 May 2002; Preston A. Elder <prez@gentoo.org> : + Initial ebuild. diff --git a/sys-apps/gradm/files/digest-gradm-1.5a b/sys-apps/gradm/files/digest-gradm-1.5a new file mode 100644 index 000000000000..0b758450865e --- /dev/null +++ b/sys-apps/gradm/files/digest-gradm-1.5a @@ -0,0 +1,2 @@ +MD5 fe58cba7cacdee4c0329914235d4e4ab gradm-1.5a.tar.gz 26954 +MD5 618ddb3d563f4e3cbfb13c9c770dd99c chpax.c 4776 diff --git a/sys-apps/gradm/files/gradm-1.5a-chpax.c b/sys-apps/gradm/files/gradm-1.5a-chpax.c new file mode 100644 index 000000000000..d5482d1c895c --- /dev/null +++ b/sys-apps/gradm/files/gradm-1.5a-chpax.c @@ -0,0 +1,244 @@ +/* + * This program manages various PaX related flags for ELF and a.out binaries. + * The flags only have effect when running the patched Linux kernel. + * + * Written by Solar Designer and placed in the public domain. + * + * Adapted to PaX by the PaX Team. + */ + +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <fcntl.h> +#include <unistd.h> +#include <linux/elf.h> +#include <linux/a.out.h> + +#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-executable pages */ +#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */ +#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */ +#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ +#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */ +#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-executable pages */ + +static struct elf32_hdr header_elf; +static struct exec header_aout; +static void *header; +static int header_size; +static int fd; + +static unsigned long (*get_flags)(); +static void (*put_flags)(unsigned long); + +static unsigned long get_flags_elf() +{ + return header_elf.e_flags; +} + +static void put_flags_elf(unsigned long flags) +{ + header_elf.e_flags = flags; +} + +static unsigned long get_flags_aout() +{ + return N_FLAGS(header_aout); +} + +static void put_flags_aout(unsigned long flags) +{ + N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP); +} + +static int read_header(char *name, int mode) +{ + char *ptr; + int size, block; + + if ((fd = open(name, mode)) < 0) return 1; + + ptr = (char *)&header_elf; + size = sizeof(header_elf); + do { + block = read(fd, ptr, size); + if (block <= 0) { + close(fd); + return block ? 1 : 2; + } + ptr += block; size -= block; + } while (size > 0); + + memcpy(&header_aout, &header_elf, sizeof(header_aout)); + + if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) { + if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) return 2; + if (header_elf.e_machine != EM_386) return 3; + header = &header_elf; header_size = sizeof(header_elf); + get_flags = get_flags_elf; put_flags = put_flags_elf; + } else + if (N_MAGIC(header_aout) == NMAGIC || + N_MAGIC(header_aout) == ZMAGIC || + N_MAGIC(header_aout) == QMAGIC) { + if (N_MACHTYPE(header_aout) != M_386) return 3; + header = &header_aout; header_size = 4; + get_flags = get_flags_aout; put_flags = put_flags_aout; + } else return 2; + + return 0; +} + +int write_header() +{ + char *ptr; + int size, block; + + if (lseek(fd, 0, SEEK_SET)) return 1; + + ptr = (char *)header; + size = header_size; + do { + block = write(fd, ptr, size); + if (block <= 0) break; + ptr += block; size -= block; + } while (size > 0); + + return size; +} + +#define USAGE \ +"Usage: %s OPTIONS FILE...\n" \ +"Manage PaX flags for binaries\n\n" \ +" -P\tenforce paging based non-executable pages\n" \ +" -p\tdo not enforce paging based non-executable pages\n" \ +" -E\temulate trampolines\n" \ +" -e\tdo not emulate trampolines\n" \ +" -M\trestrict mprotect()\n" \ +" -m\tdo not restrict mprotect()\n" \ +" -R\trandomize mmap() base [ELF only]\n" \ +" -r\tdo not randomize mmap() base [ELF only]\n" \ +" -X\trandomize ET_EXEC base [ELF only]\n" \ +" -x\tdo not randomize ET_EXEC base [ELF only]\n" \ +" -S\tenforce segmentation based non-executable pages\n" \ +" -s\tdo not enforce segmentation based non-executable pages\n" \ +" -v\tview current flag state\n\n" \ +"The flags only have effect when running the patched Linux kernel.\n" + +void usage(char *name) +{ + printf(USAGE, name ? name : "chpax"); + exit(1); +} + +int main(int argc, char **argv) +{ + char **current; + unsigned long flags; + int error = 0; + int mode; + + if (argc < 3) usage(argv[0]); + if (strlen(argv[1]) != 2) usage(argv[0]); + if (argv[1][0] != '-' || !strchr("pPeEmMrRxXsSv", argv[1][1])) usage(argv[0]); + + current = &argv[2]; + do { + mode = argv[1][1] == 'v' ? O_RDONLY : O_RDWR; + switch (read_header(*current, mode)) { + case 1: + perror(*current); + error = 1; continue; + + case 2: + printf("%s: Unknown file type\n", *current); + error = 1; continue; + + case 3: + printf("%s: Wrong architecture\n", *current); + error = 1; continue; + } + + flags = get_flags(); + + switch (argv[1][1]) { + case 'p': + put_flags(flags | HF_PAX_PAGEEXEC); + break; + + case 'P': + put_flags((flags & ~HF_PAX_PAGEEXEC)|HF_PAX_SEGMEXEC); + break; + + case 'E': + put_flags(flags | HF_PAX_EMUTRAMP); + break; + + case 'e': + put_flags(flags & ~HF_PAX_EMUTRAMP); + break; + + case 'm': + put_flags(flags | HF_PAX_MPROTECT); + break; + + case 'M': + put_flags(flags & ~HF_PAX_MPROTECT); + break; + + case 'r': + put_flags(flags | HF_PAX_RANDMMAP); + break; + + case 'R': + put_flags(flags & ~HF_PAX_RANDMMAP); + break; + + case 'X': + put_flags(flags | HF_PAX_RANDEXEC); + break; + + case 'x': + put_flags(flags & ~HF_PAX_RANDEXEC); + break; + + case 's': + put_flags(flags | HF_PAX_SEGMEXEC); + break; + + case 'S': + put_flags((flags & ~HF_PAX_SEGMEXEC)|HF_PAX_PAGEEXEC); + break; + + default: + printf("%s: " + "paging based PAGE_EXEC is %s, " + "trampolines are %s, " + "mprotect() is %s, " + "mmap() base is %s, " + "ET_EXEC base is %s, " + "segmentation based PAGE_EXEC is %s\n", *current, + (flags & HF_PAX_PAGEEXEC) || !(flags & HF_PAX_SEGMEXEC) + ? "disabled" : "enabled", + flags & HF_PAX_EMUTRAMP + ? "emulated" : "not emulated", + flags & HF_PAX_MPROTECT + ? "not restricted" : "restricted", + flags & HF_PAX_RANDMMAP + ? "not randomized" : "randomized", + flags & HF_PAX_RANDEXEC + ? "randomized" : "not randomized", + flags & HF_PAX_SEGMEXEC + ? "disabled" : "enabled"); + } + + if (flags != get_flags()) + if (write_header()) { + perror(*current); + error = 1; + } + + close(fd); + } while (*++current); + + return error; +} diff --git a/sys-apps/gradm/gradm-1.4.ebuild b/sys-apps/gradm/gradm-1.4.ebuild index df2333bb0dd9..405e10adcfb2 100644 --- a/sys-apps/gradm/gradm-1.4.ebuild +++ b/sys-apps/gradm/gradm-1.4.ebuild @@ -1,13 +1,13 @@ # Copyright 1999-2002 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.4.ebuild,v 1.3 2002/10/17 18:24:10 blizzy Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.4.ebuild,v 1.4 2002/10/28 05:53:00 vapier Exp $ DESCRIPTION="Administrative interface to grsecurity" SRC_URI="http://www.grsecurity.net/gradm-1.4.tar.gz http://pageexec.virtualave.net/chpax.c" HOMEPAGE="http://www.grsecurity.net" LICENSE="GPL-2" -KEYWORDS="~x86" +KEYWORDS="x86" SLOT="0" DEPEND="sys-devel/bison diff --git a/sys-apps/gradm/gradm-1.5a.ebuild b/sys-apps/gradm/gradm-1.5a.ebuild new file mode 100644 index 000000000000..c836fad9c1e3 --- /dev/null +++ b/sys-apps/gradm/gradm-1.5a.ebuild @@ -0,0 +1,47 @@ +# Copyright 1999-2002 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.5a.ebuild,v 1.1 2002/10/28 05:53:00 vapier Exp $ + +DESCRIPTION="ACL administrative interface to grsecurity" +SRC_URI="http://www.grsecurity.net/${P}.tar.gz" +HOMEPAGE="http://www.grsecurity.net/" +LICENSE="GPL-2" +KEYWORDS="x86" +SLOT="0" + +DEPEND="sys-devel/bison + sys-devel/flex" +RDEPEND="" + +S="${WORKDIR}/${PN}" + +src_unpack() { + unpack ${A} + + cd ${S} + cp ${FILESDIR}/${P}-chpax.c chpax.c + + mv Makefile Makefile.orig + sed <Makefile.orig >Makefile \ + -e 's|YACC=/usr/bin/yacc|YACC=/usr/bin/bison|' \ + -e 's|$(YACC) -d|$(YACC) -y -d|' \ + -e "s|-O2|${CFLAGS}|" +} + +src_compile() { + emake || die "compile problem" + emake chpax || die "compile problem" +} + +src_install() { + doman gradm.8 + dodoc acl + exeinto /etc/init.d + newexe ${FILESDIR}/grsecurity.rc grsecurity + insinto /etc/conf.d + doins ${FILESDIR}/grsecurity + into / + dosbin gradm chpax + fperms 700 /sbin/gradm + fperms 700 /sbin/chpax +} |