summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2002-10-28 05:53:00 +0000
committerMike Frysinger <vapier@gentoo.org>2002-10-28 05:53:00 +0000
commitcc7c03f47baba1c9fae5a2028c3f86e4207fde47 (patch)
tree39e73eca9f624a7f1b4ccf1043237ffb9dad41c8 /sys-apps/gradm
parentadded virtual/xft (diff)
downloadgentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.tar.gz
gentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.tar.bz2
gentoo-2-cc7c03f47baba1c9fae5a2028c3f86e4207fde47.zip
Version bump
Diffstat (limited to 'sys-apps/gradm')
-rw-r--r--sys-apps/gradm/ChangeLog20
-rw-r--r--sys-apps/gradm/files/digest-gradm-1.5a2
-rw-r--r--sys-apps/gradm/files/gradm-1.5a-chpax.c244
-rw-r--r--sys-apps/gradm/gradm-1.4.ebuild4
-rw-r--r--sys-apps/gradm/gradm-1.5a.ebuild47
5 files changed, 309 insertions, 8 deletions
diff --git a/sys-apps/gradm/ChangeLog b/sys-apps/gradm/ChangeLog
index 0df751867681..9e6f9e2b6aa6 100644
--- a/sys-apps/gradm/ChangeLog
+++ b/sys-apps/gradm/ChangeLog
@@ -1,9 +1,11 @@
# ChangeLog for media-gfx/scrot
# Copyright 2002 Gentoo Technologies, Inc.; Distributed under the GPL
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.6 2002/10/17 18:24:10 blizzy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/ChangeLog,v 1.7 2002/10/28 05:53:00 vapier Exp $
- 17 Oct 2002; Maik Schreiber <blizzy@gentoo.org> gradm-1.4.ebuild:
- Changed KEYWORDS to phase out of package.mask.
+*gradm-1.5a (28 Oct 2002)
+
+ 28 Oct 2002; Mike Frysinger <vapier@gentoo.org> :
+ Version bump + move of chpax.c from SRC_URI to FILESDIR
*gradm-1.5 (21 Sep 2002)
@@ -12,13 +14,19 @@
*gradm-1.4 (12 Aug 2002)
- 12 Aug 2002; Maik Schreiber <blizzy@gentoo.org> : new version
+ 17 Oct 2002; Maik Schreiber <blizzy@gentoo.org> gradm-1.4.ebuild:
+ Changed KEYWORDS to phase out of package.mask.
+
+ 12 Aug 2002; Maik Schreiber <blizzy@gentoo.org> :
+ new version
- 21 Jul 2002; Mark Guertin <gerk@gentoo.org> : updated keywords (ppc)
+ 21 Jul 2002; Mark Guertin <gerk@gentoo.org> :
+ updated keywords (ppc)
14 Jul 2002; phoen][x <phoenix@gentoo.org> gradm-1.2.1.ebuild:
Added KEYWORDS, SLOT.
*gradm-1.2.1 (01 May 2002)
- 1 May 2002; Preston A. Elder <prez@gentoo.org> : Initial ebuild.
+ 1 May 2002; Preston A. Elder <prez@gentoo.org> :
+ Initial ebuild.
diff --git a/sys-apps/gradm/files/digest-gradm-1.5a b/sys-apps/gradm/files/digest-gradm-1.5a
new file mode 100644
index 000000000000..0b758450865e
--- /dev/null
+++ b/sys-apps/gradm/files/digest-gradm-1.5a
@@ -0,0 +1,2 @@
+MD5 fe58cba7cacdee4c0329914235d4e4ab gradm-1.5a.tar.gz 26954
+MD5 618ddb3d563f4e3cbfb13c9c770dd99c chpax.c 4776
diff --git a/sys-apps/gradm/files/gradm-1.5a-chpax.c b/sys-apps/gradm/files/gradm-1.5a-chpax.c
new file mode 100644
index 000000000000..d5482d1c895c
--- /dev/null
+++ b/sys-apps/gradm/files/gradm-1.5a-chpax.c
@@ -0,0 +1,244 @@
+/*
+ * This program manages various PaX related flags for ELF and a.out binaries.
+ * The flags only have effect when running the patched Linux kernel.
+ *
+ * Written by Solar Designer and placed in the public domain.
+ *
+ * Adapted to PaX by the PaX Team.
+ */
+
+#include <stdio.h>
+#include <string.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <linux/elf.h>
+#include <linux/a.out.h>
+
+#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-executable pages */
+#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */
+#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */
+#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */
+#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */
+#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-executable pages */
+
+static struct elf32_hdr header_elf;
+static struct exec header_aout;
+static void *header;
+static int header_size;
+static int fd;
+
+static unsigned long (*get_flags)();
+static void (*put_flags)(unsigned long);
+
+static unsigned long get_flags_elf()
+{
+ return header_elf.e_flags;
+}
+
+static void put_flags_elf(unsigned long flags)
+{
+ header_elf.e_flags = flags;
+}
+
+static unsigned long get_flags_aout()
+{
+ return N_FLAGS(header_aout);
+}
+
+static void put_flags_aout(unsigned long flags)
+{
+ N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP);
+}
+
+static int read_header(char *name, int mode)
+{
+ char *ptr;
+ int size, block;
+
+ if ((fd = open(name, mode)) < 0) return 1;
+
+ ptr = (char *)&header_elf;
+ size = sizeof(header_elf);
+ do {
+ block = read(fd, ptr, size);
+ if (block <= 0) {
+ close(fd);
+ return block ? 1 : 2;
+ }
+ ptr += block; size -= block;
+ } while (size > 0);
+
+ memcpy(&header_aout, &header_elf, sizeof(header_aout));
+
+ if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) {
+ if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) return 2;
+ if (header_elf.e_machine != EM_386) return 3;
+ header = &header_elf; header_size = sizeof(header_elf);
+ get_flags = get_flags_elf; put_flags = put_flags_elf;
+ } else
+ if (N_MAGIC(header_aout) == NMAGIC ||
+ N_MAGIC(header_aout) == ZMAGIC ||
+ N_MAGIC(header_aout) == QMAGIC) {
+ if (N_MACHTYPE(header_aout) != M_386) return 3;
+ header = &header_aout; header_size = 4;
+ get_flags = get_flags_aout; put_flags = put_flags_aout;
+ } else return 2;
+
+ return 0;
+}
+
+int write_header()
+{
+ char *ptr;
+ int size, block;
+
+ if (lseek(fd, 0, SEEK_SET)) return 1;
+
+ ptr = (char *)header;
+ size = header_size;
+ do {
+ block = write(fd, ptr, size);
+ if (block <= 0) break;
+ ptr += block; size -= block;
+ } while (size > 0);
+
+ return size;
+}
+
+#define USAGE \
+"Usage: %s OPTIONS FILE...\n" \
+"Manage PaX flags for binaries\n\n" \
+" -P\tenforce paging based non-executable pages\n" \
+" -p\tdo not enforce paging based non-executable pages\n" \
+" -E\temulate trampolines\n" \
+" -e\tdo not emulate trampolines\n" \
+" -M\trestrict mprotect()\n" \
+" -m\tdo not restrict mprotect()\n" \
+" -R\trandomize mmap() base [ELF only]\n" \
+" -r\tdo not randomize mmap() base [ELF only]\n" \
+" -X\trandomize ET_EXEC base [ELF only]\n" \
+" -x\tdo not randomize ET_EXEC base [ELF only]\n" \
+" -S\tenforce segmentation based non-executable pages\n" \
+" -s\tdo not enforce segmentation based non-executable pages\n" \
+" -v\tview current flag state\n\n" \
+"The flags only have effect when running the patched Linux kernel.\n"
+
+void usage(char *name)
+{
+ printf(USAGE, name ? name : "chpax");
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ char **current;
+ unsigned long flags;
+ int error = 0;
+ int mode;
+
+ if (argc < 3) usage(argv[0]);
+ if (strlen(argv[1]) != 2) usage(argv[0]);
+ if (argv[1][0] != '-' || !strchr("pPeEmMrRxXsSv", argv[1][1])) usage(argv[0]);
+
+ current = &argv[2];
+ do {
+ mode = argv[1][1] == 'v' ? O_RDONLY : O_RDWR;
+ switch (read_header(*current, mode)) {
+ case 1:
+ perror(*current);
+ error = 1; continue;
+
+ case 2:
+ printf("%s: Unknown file type\n", *current);
+ error = 1; continue;
+
+ case 3:
+ printf("%s: Wrong architecture\n", *current);
+ error = 1; continue;
+ }
+
+ flags = get_flags();
+
+ switch (argv[1][1]) {
+ case 'p':
+ put_flags(flags | HF_PAX_PAGEEXEC);
+ break;
+
+ case 'P':
+ put_flags((flags & ~HF_PAX_PAGEEXEC)|HF_PAX_SEGMEXEC);
+ break;
+
+ case 'E':
+ put_flags(flags | HF_PAX_EMUTRAMP);
+ break;
+
+ case 'e':
+ put_flags(flags & ~HF_PAX_EMUTRAMP);
+ break;
+
+ case 'm':
+ put_flags(flags | HF_PAX_MPROTECT);
+ break;
+
+ case 'M':
+ put_flags(flags & ~HF_PAX_MPROTECT);
+ break;
+
+ case 'r':
+ put_flags(flags | HF_PAX_RANDMMAP);
+ break;
+
+ case 'R':
+ put_flags(flags & ~HF_PAX_RANDMMAP);
+ break;
+
+ case 'X':
+ put_flags(flags | HF_PAX_RANDEXEC);
+ break;
+
+ case 'x':
+ put_flags(flags & ~HF_PAX_RANDEXEC);
+ break;
+
+ case 's':
+ put_flags(flags | HF_PAX_SEGMEXEC);
+ break;
+
+ case 'S':
+ put_flags((flags & ~HF_PAX_SEGMEXEC)|HF_PAX_PAGEEXEC);
+ break;
+
+ default:
+ printf("%s: "
+ "paging based PAGE_EXEC is %s, "
+ "trampolines are %s, "
+ "mprotect() is %s, "
+ "mmap() base is %s, "
+ "ET_EXEC base is %s, "
+ "segmentation based PAGE_EXEC is %s\n", *current,
+ (flags & HF_PAX_PAGEEXEC) || !(flags & HF_PAX_SEGMEXEC)
+ ? "disabled" : "enabled",
+ flags & HF_PAX_EMUTRAMP
+ ? "emulated" : "not emulated",
+ flags & HF_PAX_MPROTECT
+ ? "not restricted" : "restricted",
+ flags & HF_PAX_RANDMMAP
+ ? "not randomized" : "randomized",
+ flags & HF_PAX_RANDEXEC
+ ? "randomized" : "not randomized",
+ flags & HF_PAX_SEGMEXEC
+ ? "disabled" : "enabled");
+ }
+
+ if (flags != get_flags())
+ if (write_header()) {
+ perror(*current);
+ error = 1;
+ }
+
+ close(fd);
+ } while (*++current);
+
+ return error;
+}
diff --git a/sys-apps/gradm/gradm-1.4.ebuild b/sys-apps/gradm/gradm-1.4.ebuild
index df2333bb0dd9..405e10adcfb2 100644
--- a/sys-apps/gradm/gradm-1.4.ebuild
+++ b/sys-apps/gradm/gradm-1.4.ebuild
@@ -1,13 +1,13 @@
# Copyright 1999-2002 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.4.ebuild,v 1.3 2002/10/17 18:24:10 blizzy Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.4.ebuild,v 1.4 2002/10/28 05:53:00 vapier Exp $
DESCRIPTION="Administrative interface to grsecurity"
SRC_URI="http://www.grsecurity.net/gradm-1.4.tar.gz
http://pageexec.virtualave.net/chpax.c"
HOMEPAGE="http://www.grsecurity.net"
LICENSE="GPL-2"
-KEYWORDS="~x86"
+KEYWORDS="x86"
SLOT="0"
DEPEND="sys-devel/bison
diff --git a/sys-apps/gradm/gradm-1.5a.ebuild b/sys-apps/gradm/gradm-1.5a.ebuild
new file mode 100644
index 000000000000..c836fad9c1e3
--- /dev/null
+++ b/sys-apps/gradm/gradm-1.5a.ebuild
@@ -0,0 +1,47 @@
+# Copyright 1999-2002 Gentoo Technologies, Inc.
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.5a.ebuild,v 1.1 2002/10/28 05:53:00 vapier Exp $
+
+DESCRIPTION="ACL administrative interface to grsecurity"
+SRC_URI="http://www.grsecurity.net/${P}.tar.gz"
+HOMEPAGE="http://www.grsecurity.net/"
+LICENSE="GPL-2"
+KEYWORDS="x86"
+SLOT="0"
+
+DEPEND="sys-devel/bison
+ sys-devel/flex"
+RDEPEND=""
+
+S="${WORKDIR}/${PN}"
+
+src_unpack() {
+ unpack ${A}
+
+ cd ${S}
+ cp ${FILESDIR}/${P}-chpax.c chpax.c
+
+ mv Makefile Makefile.orig
+ sed <Makefile.orig >Makefile \
+ -e 's|YACC=/usr/bin/yacc|YACC=/usr/bin/bison|' \
+ -e 's|$(YACC) -d|$(YACC) -y -d|' \
+ -e "s|-O2|${CFLAGS}|"
+}
+
+src_compile() {
+ emake || die "compile problem"
+ emake chpax || die "compile problem"
+}
+
+src_install() {
+ doman gradm.8
+ dodoc acl
+ exeinto /etc/init.d
+ newexe ${FILESDIR}/grsecurity.rc grsecurity
+ insinto /etc/conf.d
+ doins ${FILESDIR}/grsecurity
+ into /
+ dosbin gradm chpax
+ fperms 700 /sbin/gradm
+ fperms 700 /sbin/chpax
+}