Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/usr.sbin/paxctl paxctl(8): Introduce -0 option to clear all ...

details:   https://anonhg.NetBSD.org/src/rev/78a5cf85afcb
branches:  trunk
changeset: 376581:78a5cf85afcb
user:      rin <rin%NetBSD.org@localhost>
date:      Fri Jun 23 01:56:21 2023 +0000

description:
paxctl(8): Introduce -0 option to clear all PaX flag bits in ELF note.
Part of PR toolchain/52675

diffstat:

 usr.sbin/paxctl/paxctl.8 |  11 +++++++----
 usr.sbin/paxctl/paxctl.c |  42 +++++++++++++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 17 deletions(-)

diffs (140 lines):

diff -r c418fb0e2ade -r 78a5cf85afcb usr.sbin/paxctl/paxctl.8
--- a/usr.sbin/paxctl/paxctl.8  Thu Jun 22 22:39:22 2023 +0000
+++ b/usr.sbin/paxctl/paxctl.8  Fri Jun 23 01:56:21 2023 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: paxctl.8,v 1.16 2016/11/08 08:21:52 wiz Exp $
+.\"    $NetBSD: paxctl.8,v 1.17 2023/06/23 01:56:21 rin Exp $
 .\"
 .\" Copyright 2006 Elad Efrat <elad%NetBSD.org@localhost>
 .\" Copyright 2008 Christos Zoulas <christos%NetBSD.org@localhost>
@@ -23,7 +23,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd November 7, 2016
+.Dd June 23, 2023
 .Dt PAXCTL 8
 .Os
 .Sh NAME
@@ -31,7 +31,7 @@
 .Nd list and modify PaX flags associated with an ELF program
 .Sh SYNOPSIS
 .Nm
-.Ar flags
+.Op -0 | flags
 .Ar program ...
 .Sh DESCRIPTION
 The
@@ -44,7 +44,10 @@ can be found in the
 .Xr security 7
 manpage.
 .Pp
-Each flag can be prefixed either with a
+If
+.Fl 0
+option is specified, all PaX flags (including reserved bits) are cleared.
+Otherwise, each flag can be prefixed either with a
 .Dq +
 or a
 .Dq -
diff -r c418fb0e2ade -r 78a5cf85afcb usr.sbin/paxctl/paxctl.c
--- a/usr.sbin/paxctl/paxctl.c  Thu Jun 22 22:39:22 2023 +0000
+++ b/usr.sbin/paxctl/paxctl.c  Fri Jun 23 01:56:21 2023 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: paxctl.c,v 1.12 2009/10/27 16:27:47 christos Exp $ */
+/* $NetBSD: paxctl.c,v 1.13 2023/06/23 01:56:21 rin Exp $ */
 
 /*-
  * Copyright (c) 2006 Elad Efrat <elad%NetBSD.org@localhost>
@@ -34,7 +34,7 @@
 #include <sys/cdefs.h>
 #ifndef lint
 #ifdef __RCSID
-__RCSID("$NetBSD: paxctl.c,v 1.12 2009/10/27 16:27:47 christos Exp $");
+__RCSID("$NetBSD: paxctl.c,v 1.13 2023/06/23 01:56:21 rin Exp $");
 #endif
 #endif /* not lint */
 
@@ -98,7 +98,8 @@ static const struct paxflag {
 static void
 usage(void)
 {
-       (void)fprintf(stderr, "Usage: %s [ <-|+><A|a|G|g|M|m> ] <file> ...\n",
+       (void)fprintf(stderr,
+           "Usage: %s [ -0 | <-|+><A|a|G|g|M|m> ] <file> ...\n",
 #if HAVE_NBTOOL_CONFIG_H
            "paxctl"
 #else
@@ -165,7 +166,7 @@ pax_printflags(const char *name, int man
 
 static int
 process_one(const char *name, uint32_t add_flags, uint32_t del_flags,
-    int list, int many)
+    int clear, int list, int many)
 {
        union {
            Elf32_Ehdr h32;
@@ -279,8 +280,12 @@ process_one(const char *name, uint32_t a
                        break;
                }
 
-               pax_tag.flags |= SWAP(add_flags);
-               pax_tag.flags &= SWAP(~del_flags);
+               if (clear) {
+                       pax_tag.flags = 0;
+               } else {
+                       pax_tag.flags |= SWAP(add_flags);
+                       pax_tag.flags &= SWAP(~del_flags);
+               }
 
                if (!pax_flags_sane(SWAP(pax_tag.flags))) {
                        warnx("New flags 0x%x don't make sense",
@@ -315,7 +320,7 @@ int
 main(int argc, char **argv)
 {
        char *opt;
-       int i, list = 0, bad = 0, many, minus;
+       int i, clear = 0, list = 0, bad = 0, many, minus;
        uint32_t add_flags = 0, del_flags = 0;
 
        setprogname(argv[0]);
@@ -326,6 +331,11 @@ main(int argc, char **argv)
        for (i = 1; i < argc; i++) {
                opt = argv[i];
 
+               if (strcmp(opt, "-0") == 0) {
+                       clear = 1;
+                       continue;
+               }
+
                if (*opt == '-' || *opt == '+') {
                        uint32_t t;
                        minus = 0;
@@ -361,15 +371,21 @@ main(int argc, char **argv)
        if (i == argc)
                usage();
 
-       if (add_flags || del_flags) {
-               if (list)
-                       usage();
-       } else
+       switch ((add_flags != 0 || del_flags != 0) + clear) {
+       case 0:
                list = 1;
+               break;
+       case 1:
+               break;
+       default:
+               usage();
+       }
 
        many = i != argc - 1;
-       for (; i < argc; i++)
-               bad |= process_one(argv[i], add_flags, del_flags, list, many);
+       for (; i < argc; i++) {
+               bad |= process_one(argv[i], add_flags, del_flags,
+                   clear, list, many);
+       }
 
        return bad ? EXIT_FAILURE : 0;
 }
Home | Main Index | Thread Index | Old Index