Re: CVS commit: src/sys

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: CVS commit: src/sys
From: Maxime Villard <max%m00nbsd.net@localhost>
Date: Sun, 2 Aug 2015 08:52:26 +0200

Le 31/07/2015 20:24, Martin Husemann a écrit :
> On Fri, Jul 31, 2015 at 01:09:37PM +0200, Maxime Villard wrote:
>> I don't know how to do that, but you need to fix it this way:
>>  - remove the "security.pax.mprotect.global" instruction in paxinit()
> 
> Why is that?

Because changing security.pax.mprotect.global no longer enables PaX on
processes that are already running.

> (And why do those sysctls have no description?)
> 

They do, don't they? (the code is here)

>>  - the test being a C file - therefore, an ELF binary -, you need to
>>    PaX the binary this way:
>>        paxctl +M t_mprotect
> 
> Something like the (non-working) patch below?

Yes; except the wrong order, as Taylor said.

> 
> Martin
> 
> Index: Makefile
> ===================================================================
> RCS file: /cvsroot/src/tests/lib/libc/sys/Makefile,v
> retrieving revision 1.39
> diff -u -r1.39 Makefile
> --- Makefile	22 Jun 2015 00:05:23 -0000	1.39
> +++ Makefile	31 Jul 2015 18:22:48 -0000
> @@ -38,7 +38,6 @@
>  TESTS_C+=		t_mknod
>  TESTS_C+=		t_mlock
>  TESTS_C+=		t_mmap
> -TESTS_C+=		t_mprotect
>  TESTS_C+=		t_msgctl
>  TESTS_C+=		t_msgget
>  TESTS_C+=		t_msgrcv
> @@ -67,8 +66,16 @@
>  TESTS_C+=		t_unlink
>  TESTS_C+=		t_write
>  
> +PROGS+=			t_mprotect
>  SRCS.t_mprotect=	t_mprotect.c ${SRCS_EXEC_PROT}
>  
> +t_mprotect:	t_mprotect_nopax
> +	${TOOL_PAXCTL} +M t_mprotect
> +	cp t_mprotect t_mprotect_nopax
> +
> +t_mprotect_nopax:	${SRCS.t_mprotect}
> +	${LINK.c} -o ${.TARGET} ${SRCS.t_mprotect} ${LDLIBS}
> +
>  LDADD.t_getpid+=        -lpthread
>  
>  .if (${MKRUMP} != "no") && !defined(BSD_MK_COMPAT_FILE)
> Index: bsd.own.mk
> ===================================================================
> RCS file: /cvsroot/src/share/mk/bsd.own.mk,v
> retrieving revision 1.862
> diff -u -r1.862 bsd.own.mk
> --- bsd.own.mk	23 Jul 2015 08:03:26 -0000	1.862
> +++ bsd.own.mk	31 Jul 2015 18:23:14 -0000
> @@ -367,6 +367,7 @@
>  TOOL_NBPERF=		${TOOLDIR}/bin/${_TOOL_PREFIX}perf
>  TOOL_NCDCS=		${TOOLDIR}/bin/${_TOOL_PREFIX}ibmnws-ncdcs
>  TOOL_PAX=		${TOOLDIR}/bin/${_TOOL_PREFIX}pax
> +TOOL_PAXCTL=		${TOOLDIR}/bin/${_TOOL_PREFIX}paxctl
>  TOOL_PIC=		${TOOLDIR}/bin/${_TOOL_PREFIX}pic
>  TOOL_PIGZ=		${TOOLDIR}/bin/${_TOOL_PREFIX}pigz
>  TOOL_PKG_CREATE=	${TOOLDIR}/bin/${_TOOL_PREFIX}pkg_create
> 
>

Follow-Ups:
- Re: CVS commit: src/sys
  - From: Martin Husemann

References:
- Re: CVS commit: src/sys
  - From: Ryota Ozaki
- Re: CVS commit: src/sys
  - From: Maxime Villard
- Re: CVS commit: src/sys
  - From: Martin Husemann

Prev by Date: Re: CVS commit: src/sys
Next by Date: Re: CVS commit: src/sys
Previous by Thread: Re: CVS commit: src/sys
Next by Thread: Re: CVS commit: src/sys
Indexes:

Home | Main Index | Thread Index | Old Index