Attachment #205865 for bug #268285

View | Details | Raw Unified | Return to bug 268285
Collapse All | Expand All

Lines 29-34 Link Here

(-)mkinitrd-3.5.7.orig/grubby/mount_by_label.c (+9 lines)
29		29
30	#define _(str) (str)	30	#define _(str) (str)
31		31
		32	#ifndef gnu_dev_makedev
		33	unsigned long long int gnu_dev_makedev (unsigned int __major, unsigned int __minor)
		34	{
		35	return ((__minor & 0xff) \| ((__major & 0xfff) << 8)
		36	\| (((unsigned long long int) (__minor & ~0xff)) << 12)
		37	\| (((unsigned long long int) (__major & ~0xfff)) << 32));
		38	}
		39	#endif
		40
32	static struct uuidCache_s {	41	static struct uuidCache_s {
33	struct uuidCache_s *next;	42	struct uuidCache_s *next;
34	char uuid[16];	43	char uuid[16];




CFLAGS=-Wall -DVERSION=\"$(VERSION)\" -g
VERSION=$(shell awk -F= '/^VERSION=/ { print $$2 }' ../mkinitrd)
OBJS = nash.o mount_by_label.o

ARCH := $(patsubst i%86,i386,$(shell uname -m))
ARCH := $(patsubst sparc%,sparc,$(ARCH))

ifeq (i386, $(ARCH))
CC:=diet $(CC)
CFLAGS += -fno-stack-protector
OBJS +=
else
STATIC=-static
endif

mandir=usr/share/man

nash: $(OBJS)
	$(CC) $(STATIC) -static -fno-stack-protector $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)

clean:
	rm -f nash $(MINILIBC) $(OBJS)

install:
	mkdir -p $(BUILDROOT)/sbin

Lines 172-178 uuidcache_init(void) { Link Here

(-)mkinitrd-3.5.7.orig/nash/mount_by_label.c (-1 / +1 lines)
172	int mustRemoveDir = 0;	172	int mustRemoveDir = 0;
173	int i;	173	int i;
174		174
175	sprintf(device, "%s/%s", DEVLABELDIR, ptname);	175	snprintf(device, sizeof(device), "%s/%s", DEVLABELDIR, ptname);
176	if (access(device, F_OK)) {	176	if (access(device, F_OK)) {
177	ptr = device;	177	ptr = device;
178	i = 0;	178	i = 0;




#define MS_REMOUNT      32
#endif

#if (defined(__dietlibc__) && !defined(__PIC__))
static inline _syscall2(int,pivot_root,const char *,one,const char *,two)
#endif


}

static int my_pivot_root(char * one, char * two) {
#ifdef __dietlibc__
    return pivot_root(one, two);
#else
    return syscall(__NR_pivot_root, one, two);

	strcpy(separator, "/");

    for (devNum = 0; devNum < 256; devNum++) {
	snprintf(devName, sizeof(devName), "/dev/loop%s%d", separator, devNum);
	if ((fd = open(devName, O_RDONLY)) < 0) return 0;

	if (ioctl(fd, LOOP_GET_STATUS, &loopInfo)) {

			char * ptr, * deviceDir;
			int i;

			snprintf(devName, sizeof(devName), "%s/%s", prefix, start);
			unlink(devName);

			ptr = devName;




/*
 * Distributed under the terms of the GNU General Public License v2
 * $Header: /var/cvsroot/gentoo-x86/sys-apps/mkinitrd/files/mkinitrd-3.5.7-dietssp.patch,v 1.1 2004/10/10 22:44:47 solar Exp $
 *
 * This is a modified version of Hiroaki Etoh's stack smashing routines
 * implemented for glibc.
 *
 * The following people have contributed input to this code.
 * Ned Ludd - <solar[@]gentoo.org>
 * Alexander Gabert - <pappy[@]gentoo.org>
 * The PaX Team - <pageexec[@]freemail.hu>
 * Peter S. Mazinger - <ps.m[@]gmx.net>
 * Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
 * Robert Connolly - <robert[@]linuxfromscratch.org>
 * Cory Visi <cory@visi.name>
 *
 */

#ifdef HAVE_CONFIG_H
# include <config.h>
#endif

#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <unistd.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/un.h>
#include <sys/syslog.h>
#include <sys/time.h>
#include <sys/sysctl.h>

#ifndef _PATH_LOG
#define _PATH_LOG "/dev/log"
#endif

#ifdef __PROPOLICE_BLOCK_SEGV__
#define SSP_SIGTYPE SIGSEGV
#elif __PROPOLICE_BLOCK_KILL__
#define SSP_SIGTYPE SIGKILL
#else
#define SSP_SIGTYPE SIGABRT
#endif

unsigned long __guard = 0UL;

void
__guard_setup (void)
{
  size_t size;
#ifdef HAVE_DEV_ERANDOM
  int mib[3];
#endif

  if (__guard != 0UL)
    return;

#ifndef __SSP_QUICK_CANARY__
#ifdef HAVE_DEV_ERANDOM
  /* Random is another depth in Linux, hence an array of 3. */
  mib[0] = CTL_KERN;
  mib[1] = KERN_RANDOM;
  mib[2] = RANDOM_ERANDOM;

  size = sizeof (unsigned long);
  if (__sysctl (mib, 3, &__guard, &size, NULL, 0) != (-1))
    if (__guard != 0UL)
      return;
#endif
  /* 
   * Attempt to open kernel pseudo random device if one exists before 
   * opening urandom to avoid system entropy depletion.
   */
  {
    int fd;
#ifdef HAVE_DEV_ERANDOM
    if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1))
#endif
      fd = open ("/dev/urandom", O_RDONLY);
    if (fd != (-1))
      {
	size = read (fd, (char *) &__guard, sizeof (__guard));
	close (fd);
	if (size == sizeof (__guard))
	  return;
      }
  }
#endif

  /* If sysctl was unsuccessful, use the "terminator canary". */
  __guard = 0xFF0A0D00UL;

  {
    /* Everything failed? Or we are using a weakened model of the 
     * terminator canary */
    struct timeval tv;

    gettimeofday (&tv, NULL);
    __guard ^= tv.tv_usec ^ tv.tv_sec;
  }
}

void
__stack_smash_handler (char func[], int damaged)
{
#ifndef __dietlibc__
  struct sockaddr_un sock;	/* AF_UNIX address of local logger */
#endif
  struct sigaction sa;
  const char message[] = ": stack smashing attack in function ";
  char buf[512];
  int bufsz, len;
#if !defined(__dietlibc__)
  int log;
  extern char *__progname;
#else
  static char *__progname = "dietapp";
#endif

  sigset_t mask;
  sigfillset (&mask);

  sigdelset (&mask, SSP_SIGTYPE);	/* Block all signal handlers */
  sigprocmask (SIG_BLOCK, &mask, NULL);	/* except SIGABRT */

  bufsz = sizeof (buf);
  strcpy (buf, "<2>");
  len = 3;

  strncat (buf, __progname, sizeof (buf) - 4);
  len = strlen (buf);

  if (bufsz > len)
    {
      strncat (buf, message, bufsz - len - 1);
      len = strlen (buf);
    }
  if (bufsz > len)
    {
      strncat (buf, func, bufsz - len - 1);
      len = strlen (buf);
    }

  /* print error message */
  write (STDERR_FILENO, buf + 3, len - 3);
  write (STDERR_FILENO, "()\n", 3);
#ifndef __dietlibc__
  if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1)
    {
      /* Send "found" message to the "/dev/log" path */
      sock.sun_family = AF_UNIX;
      (void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1);
      sock.sun_path[sizeof (sock.sun_path) - 1] = '\0';
      sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock));
    }
#endif
  /* Make sure the default handler is associated with the our signal handler */

  memset (&sa, 0, sizeof (struct sigaction));
  sigfillset (&sa.sa_mask);	/* Block all signals */
  sa.sa_flags = 0;
  sa.sa_handler = SIG_DFL;
  sigaction (SSP_SIGTYPE, &sa, NULL);
  // (void) kill (getpid (), SSP_SIGTYPE);
  // _exit (127);
}

Return to bug 268285

Lines 72-78 Link Here

(-)mkinitrd-3.5.7.orig/nash/nash.c (-4 / +4 lines)
72	#define MS_REMOUNT 32	72	#define MS_REMOUNT 32
73	#endif	73	#endif
74		74
75	#ifdef USE_DIET	75	#if (defined(__dietlibc__) && !defined(__PIC__))
76	static inline _syscall2(int,pivot_root,const char ,one,const char ,two)	76	static inline _syscall2(int,pivot_root,const char ,one,const char ,two)
77	#endif	77	#endif
78		78
Lines 517-523 int raidautorunCommand(char * cmd, char Link Here
517	}	517	}
518		518
519	static int my_pivot_root(char * one, char * two) {	519	static int my_pivot_root(char * one, char * two) {
520	#ifdef USE_DIET	520	#ifdef __dietlibc__
521	return pivot_root(one, two);	521	return pivot_root(one, two);
522	#else	522	#else
523	return syscall(__NR_pivot_root, one, two);	523	return syscall(__NR_pivot_root, one, two);
Lines 914-920 int findlodevCommand(char * cmd, char * Link Here
914	strcpy(separator, "/");	914	strcpy(separator, "/");
915		915
916	for (devNum = 0; devNum < 256; devNum++) {	916	for (devNum = 0; devNum < 256; devNum++) {
917	sprintf(devName, "/dev/loop%s%d", separator, devNum);	917	snprintf(devName, sizeof(devName), "/dev/loop%s%d", separator, devNum);
918	if ((fd = open(devName, O_RDONLY)) < 0) return 0;	918	if ((fd = open(devName, O_RDONLY)) < 0) return 0;
919		919
920	if (ioctl(fd, LOOP_GET_STATUS, &loopInfo)) {	920	if (ioctl(fd, LOOP_GET_STATUS, &loopInfo)) {
Lines 1045-1051 int mkdevicesCommand(char * cmd, char * Link Here
1045	char * ptr, * deviceDir;	1045	char * ptr, * deviceDir;
1046	int i;	1046	int i;
1047		1047
1048	sprintf(devName, "%s/%s", prefix, start);	1048	snprintf(devName, sizeof(devName), "%s/%s", prefix, start);
1049	unlink(devName);	1049	unlink(devName);
1050		1050
1051	ptr = devName;	1051	ptr = devName;

Lines 1-23 Link Here

(-)mkinitrd-3.5.7.orig/nash/Makefile (-4 / +6 lines)
1	CFLAGS=-Wall -DVERSION=\"$(VERSION)\" -g	1	CFLAGS=-Wall -DVERSION=\"$(VERSION)\" -g
2	VERSION=$(shell awk -F= '/^VERSION=/ { print $$2 }' ../mkinitrd)	2	VERSION=$(shell awk -F= '/^VERSION=/ { print $$2 }' ../mkinitrd)
		3	OBJS = nash.o mount_by_label.o
3		4
4	ARCH := $(patsubst i%86,i386,$(shell uname -m))	5	ARCH := $(patsubst i%86,i386,$(shell uname -m))
5	ARCH := $(patsubst sparc%,sparc,$(ARCH))	6	ARCH := $(patsubst sparc%,sparc,$(ARCH))
6		7
7	ifeq (i386, $(ARCH))	8	ifeq (i386, $(ARCH))
8	CC:=diet $(CC)	9	CC:=diet $(CC)
9	CFLAGS += -DUSE_DIET=1	10	CFLAGS += -fno-stack-protector
		11	OBJS +=
10	else	12	else
11	STATIC=-static	13	STATIC=-static
12	endif	14	endif
13		15
14	mandir=usr/share/man	16	mandir=usr/share/man
15		17
16	nash: nash.o mount_by_label.o	18	nash: $(OBJS)
17	$(CC) $(STATIC) -g $(LDFLAGS) -o $@ nash.o mount_by_label.o	19	$(CC) $(STATIC) -static -fno-stack-protector $(CFLAGS) $(LDFLAGS) -o $@ $(OBJS)
18		20
19	clean:	21	clean:
20	rm -f nash $(MINILIBC) nash.o mount_by_label.o	22	rm -f nash $(MINILIBC) $(OBJS)
21		23
22	install:	24	install:
23	mkdir -p $(BUILDROOT)/sbin	25	mkdir -p $(BUILDROOT)/sbin

Line 0 Link Here

(-)mkinitrd-3.5.7.orig/nash/ssp.c (+168 lines)
		1	/*
		2	* Distributed under the terms of the GNU General Public License v2
		3	* $Header: /var/cvsroot/gentoo-x86/sys-apps/mkinitrd/files/mkinitrd-3.5.7-dietssp.patch,v 1.1 2004/10/10 22:44:47 solar Exp $
		4	*
		5	* This is a modified version of Hiroaki Etoh's stack smashing routines
		6	* implemented for glibc.
		7	*
		8	* The following people have contributed input to this code.
		9	* Ned Ludd - <solar[@]gentoo.org>
		10	* Alexander Gabert - <pappy[@]gentoo.org>
		11	* The PaX Team - <pageexec[@]freemail.hu>
		12	* Peter S. Mazinger - <ps.m[@]gmx.net>
		13	* Yoann Vandoorselaere - <yoann[@]prelude-ids.org>
		14	* Robert Connolly - <robert[@]linuxfromscratch.org>
		15	* Cory Visi <cory@visi.name>
		16	*
		17	*/
		18
		19	#ifdef HAVE_CONFIG_H
		20	# include <config.h>
		21	#endif
		22
		23	#include <stdio.h>
		24	#include <string.h>
		25	#include <fcntl.h>
		26	#include <unistd.h>
		27	#include <signal.h>
		28	#include <sys/types.h>
		29	#include <sys/socket.h>
		30	#include <sys/un.h>
		31	#include <sys/syslog.h>
		32	#include <sys/time.h>
		33	#include <sys/sysctl.h>
		34
		35	#ifndef _PATH_LOG
		36	#define _PATH_LOG "/dev/log"
		37	#endif
		38
		39	#ifdef __PROPOLICE_BLOCK_SEGV__
		40	#define SSP_SIGTYPE SIGSEGV
		41	#elif __PROPOLICE_BLOCK_KILL__
		42	#define SSP_SIGTYPE SIGKILL
		43	#else
		44	#define SSP_SIGTYPE SIGABRT
		45	#endif
		46
		47	unsigned long __guard = 0UL;
		48
		49	void
		50	__guard_setup (void)
		51	{
		52	size_t size;
		53	#ifdef HAVE_DEV_ERANDOM
		54	int mib[3];
		55	#endif
		56
		57	if (__guard != 0UL)
		58	return;
		59
		60	#ifndef __SSP_QUICK_CANARY__
		61	#ifdef HAVE_DEV_ERANDOM
		62	/* Random is another depth in Linux, hence an array of 3. */
		63	mib[0] = CTL_KERN;
		64	mib[1] = KERN_RANDOM;
65	mib[2] = RANDOM_ERANDOM;
66
67	size = sizeof (unsigned long);
68	if (__sysctl (mib, 3, &__guard, &size, NULL, 0) != (-1))
69	if (__guard != 0UL)
70	return;
71	#endif
72	/*
73	* Attempt to open kernel pseudo random device if one exists before
74	* opening urandom to avoid system entropy depletion.
75	*/
76	{
77	int fd;
78	#ifdef HAVE_DEV_ERANDOM
79	if ((fd = open ("/dev/erandom", O_RDONLY)) == (-1))
80	#endif
81	fd = open ("/dev/urandom", O_RDONLY);
82	if (fd != (-1))
83	{
84	size = read (fd, (char *) &__guard, sizeof (__guard));
85	close (fd);
86	if (size == sizeof (__guard))
87	return;
88	}
89	}
90	#endif
91
92	/* If sysctl was unsuccessful, use the "terminator canary". */
93	__guard = 0xFF0A0D00UL;
94
95	{
96	/* Everything failed? Or we are using a weakened model of the
97	* terminator canary */
98	struct timeval tv;
99
100	gettimeofday (&tv, NULL);
101	__guard ^= tv.tv_usec ^ tv.tv_sec;
102	}
103	}
104
105	void
106	__stack_smash_handler (char func[], int damaged)
107	{
108	#ifndef __dietlibc__
109	struct sockaddr_un sock; /* AF_UNIX address of local logger */
110	#endif
111	struct sigaction sa;
112	const char message[] = ": stack smashing attack in function ";
113	char buf[512];
114	int bufsz, len;
115	#if !defined(__dietlibc__)
116	int log;
117	extern char *__progname;
118	#else
119	static char *__progname = "dietapp";
120	#endif
121
122	sigset_t mask;
123	sigfillset (&mask);
124
125	sigdelset (&mask, SSP_SIGTYPE); /* Block all signal handlers */
126	sigprocmask (SIG_BLOCK, &mask, NULL); /* except SIGABRT */
127
128	bufsz = sizeof (buf);
129	strcpy (buf, "<2>");
130	len = 3;
131
132	strncat (buf, __progname, sizeof (buf) - 4);
133	len = strlen (buf);
134
135	if (bufsz > len)
136	{
137	strncat (buf, message, bufsz - len - 1);
138	len = strlen (buf);
139	}
140	if (bufsz > len)
141	{
142	strncat (buf, func, bufsz - len - 1);
143	len = strlen (buf);
144	}
145
146	/* print error message */
147	write (STDERR_FILENO, buf + 3, len - 3);
148	write (STDERR_FILENO, "()\n", 3);
149	#ifndef __dietlibc__
150	if ((log = socket (AF_UNIX, SOCK_DGRAM, 0)) != -1)
151	{
152	/* Send "found" message to the "/dev/log" path */
153	sock.sun_family = AF_UNIX;
154	(void) strncpy (sock.sun_path, _PATH_LOG, sizeof (sock.sun_path) - 1);
155	sock.sun_path[sizeof (sock.sun_path) - 1] = '\0';
156	sendto (log, buf, len, 0, (struct sockaddr *) &sock, sizeof (sock));
157	}
158	#endif
159	/* Make sure the default handler is associated with the our signal handler */
160
161	memset (&sa, 0, sizeof (struct sigaction));
162	sigfillset (&sa.sa_mask); /* Block all signals */
163	sa.sa_flags = 0;
164	sa.sa_handler = SIG_DFL;
165	sigaction (SSP_SIGTYPE, &sa, NULL);
166	// (void) kill (getpid (), SSP_SIGTYPE);
167	// _exit (127);
168	}