SOURCES: glibc-pt_pax.patch (NEW), glibc-pax_dl-execstack.patch - ...

zbyniu zbyniu at pld-linux.org
Wed Oct 17 22:02:44 CEST 2007 

Author: zbyniu                       Date: Wed Oct 17 20:02:44 2007 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- patches from gentoo

---- Files affected:
SOURCES:
   glibc-pt_pax.patch (NONE -> 1.1)  (NEW), glibc-pax_dl-execstack.patch (1.3 -> 1.4) 

---- Diffs:

================================================================
Index: SOURCES/glibc-pt_pax.patch
diff -u /dev/null SOURCES/glibc-pt_pax.patch:1.1
--- /dev/null	Wed Oct 17 22:02:44 2007
+++ SOURCES/glibc-pt_pax.patch	Wed Oct 17 22:02:39 2007
@@ -0,0 +1,29 @@
+--- elf/elf.h
++++ elf/elf.h
+@@ -568,6 +568,7 @@
+ #define PT_GNU_EH_FRAME	0x6474e550	/* GCC .eh_frame_hdr segment */
+ #define PT_GNU_STACK	0x6474e551	/* Indicates stack executability */
+ #define PT_GNU_RELRO	0x6474e552	/* Read-only after relocation */
++#define PT_PAX_FLAGS	0x65041580	/* Indicates PaX flag markings */
+ #define PT_LOSUNW	0x6ffffffa
+ #define PT_SUNWBSS	0x6ffffffa	/* Sun Specific segment */
+ #define PT_SUNWSTACK	0x6ffffffb	/* Stack segment */
+@@ -581,6 +582,18 @@
+ #define PF_X		(1 << 0)	/* Segment is executable */
+ #define PF_W		(1 << 1)	/* Segment is writable */
+ #define PF_R		(1 << 2)	/* Segment is readable */
++#define PF_PAGEEXEC	(1 << 4)	/* Enable  PAGEEXEC */
++#define PF_NOPAGEEXEC	(1 << 5)	/* Disable PAGEEXEC */
++#define PF_SEGMEXEC	(1 << 6)	/* Enable  SEGMEXEC */
++#define PF_NOSEGMEXEC	(1 << 7)	/* Disable SEGMEXEC */
++#define PF_MPROTECT	(1 << 8)	/* Enable  MPROTECT */
++#define PF_NOMPROTECT	(1 << 9)	/* Disable MPROTECT */
++#define PF_RANDEXEC	(1 << 10)	/* Enable  RANDEXEC */
++#define PF_NORANDEXEC	(1 << 11)	/* Disable RANDEXEC */
++#define PF_EMUTRAMP	(1 << 12)	/* Enable  EMUTRAMP */
++#define PF_NOEMUTRAMP	(1 << 13)	/* Disable EMUTRAMP */
++#define PF_RANDMMAP	(1 << 14)	/* Enable  RANDMMAP */
++#define PF_NORANDMMAP	(1 << 15)	/* Disable RANDMMAP */
+ #define PF_MASKOS	0x0ff00000	/* OS-specific */
+ #define PF_MASKPROC	0xf0000000	/* Processor-specific */
+ 

================================================================
Index: SOURCES/glibc-pax_dl-execstack.patch
diff -u SOURCES/glibc-pax_dl-execstack.patch:1.3 SOURCES/glibc-pax_dl-execstack.patch:1.4
--- SOURCES/glibc-pax_dl-execstack.patch:1.3	Fri Oct  7 15:06:08 2005
+++ SOURCES/glibc-pax_dl-execstack.patch	Wed Oct 17 22:02:39 2007
@@ -1,39 +1,64 @@
-diff -urN glibc-2.3.5.orig/sysdeps/unix/sysv/linux/dl-execstack.c glibc-2.3.5/sysdeps/unix/sysv/linux/dl-execstack.c
---- glibc-2.3.5.orig/sysdeps/unix/sysv/linux/dl-execstack.c	2005-09-23 13:07:35.000000000 +0200
-+++ glibc-2.3.5/sysdeps/unix/sysv/linux/dl-execstack.c	2005-09-23 13:31:45.000000000 +0200
-@@ -60,7 +60,10 @@
- 	no_growsupdown = true;
+	With latest versions of glibc, a lot of apps failed on a PaX enabled
+	system with:
+		 cannot enable executable stack as shared object requires: Permission denied
+	
+	This is due to PaX 'exec-protecting' the stack, and ld.so then trying
+	to make the stack executable due to some libraries not containing the
+	PT_GNU_STACK section.  Bug #32960.  <azarah at gentoo.org> (12 Nov 2003).
+
+	Patch also NPTL. Bug #116086. <kevquinn at gentoo.org> (20 Dec 2005).
+
+--- sysdeps/unix/sysv/linux/dl-execstack.c
++++ sysdeps/unix/sysv/linux/dl-execstack.c
+@@ -63,7 +63,10 @@
        else
  # endif
--	return errno;
-+	if (errno == EACCES) /* PaX */
-+	    return 0;
-+	else
-+	    return errno;
+ 	{
+-	  result = errno;
++	  if (errno == EACCES)  /* PAX is enabled */
++	    result = 0;
++	  else
++	    result = errno;
+ 	  goto out;
+ 	}
      }
- #endif
- 
-@@ -86,7 +89,10 @@
+@@ -89,7 +92,12 @@
+ 	page -= size;
+       else
  	{
- 	  /* Unexpected failure mode.  */
- 	  if (errno != ENOMEM && errno != EFAULT)
--	    return errno;
-+	    if (errno == EACCES) /* PaX */
-+		return 0;
-+	    else
-+	    	return errno;
- 
- 	  if (size == GLRO(dl_pagesize))
- 	    /* We just tried to mprotect the top hole page and failed.
-@@ -110,7 +116,10 @@
+-	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
++	  if (errno == EACCES)		/* PAX is enabled */
++	    {
++	      result = 0;
++	      goto out;
++	    }
++	  else if (errno != ENOMEM)	/* Unexpected failure mode.  */
+ 	    {
+ 	      result = errno;
+ 	      goto out;
+@@ -115,7 +123,12 @@
+ 	page += size;
+       else
  	{
- 	  /* Unexpected failure mode.  */
- 	  if (errno != ENOMEM && errno != EFAULT)
--	    return errno;
-+	    if (errno == EACCES) /* PaX */
-+		return 0;
-+	    else
-+	    	return errno;
+-	  if (errno != ENOMEM)	/* Unexpected failure mode.  */
++	  if (errno == EACCES)		/* PAX is enabled */
++	    {
++	      result = 0;
++	      goto out;
++	    }
++	  else if (errno != ENOMEM)	/* Unexpected failure mode.  */
+ 	    {
+ 	      result = errno;
+ 	      goto out;
+--- nptl/allocatestack.c
++++ nptl/allocatestack.c
+@@ -279,7 +279,8 @@
+   size_t len = pd->stackblock_size - pd->guardsize;
+ #endif
+   if (mprotect (stack, len, PROT_READ | PROT_WRITE | PROT_EXEC) != 0)
+-    return errno;
++    if (errno != EACCES) /* PAX is enabled */
++    	return errno;
  
- 	  if (size == GLRO(dl_pagesize))
- 	    /* We just tried to mprotect the lowest hole page and failed.
+   return 0;
+ }
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/glibc-pax_dl-execstack.patch?r1=1.3&r2=1.4&f=u

More information about the pld-cvs-commit mailing list