Summary: | sys-devel/binutils - readelf cannot audit use of -z,execheap and -z,noexecheap | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jeffrey Walton <noloader> |
Component: | [OLD] Core system | Assignee: | Gentoo Toolchain Maintainers <toolchain> |
Status: | RESOLVED WONTFIX | ||
Severity: | normal | CC: | hardened |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | AMD64 | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 427890 | ||
Bug Blocks: |
Description
Jeffrey Walton
2012-08-20 06:27:40 UTC
When performing a similar audit on no-exec stacks using "GNU_STACK", readelf -l will display RW (-z,noexecstack) or RWE (-z,execstack). use `scanelf -x` to analyze settings we're in the process of deprecating PT_PAX_FLAGS, so not much point in extending support for it further (In reply to comment #2) > use `scanelf -x` to analyze settings > > we're in the process of deprecating PT_PAX_FLAGS, so not much point in > extending support for it further Thanks spanKY. scanelf(1) did not discuss the output of the -x (--pax) option. Can we assume we want a `M' (capitol M), and not `m' (lower m)? ** No-Exec Heap ** $ g++ -g3 -O0 -Wall -Wextra -Wconversion -fPIE -pie -fstack-protector-all sample.cpp -o sample.exe -Wl,-z,noexecstack -Wl,-z,noexecheap -Wl,-z,relro -Wl,-z,now $ scanelf -x sample.exe TYPE PAX FILE ET_DYN --Mxe- sample.exe ** Exec Heap ** $ g++ -g3 -O0 -Wall -Wextra -Wconversion -fPIE -pie -fstack-protector-all sample.cpp -o sample.exe -Wl,-z,noexecstack -Wl,-z,execheap -Wl,-z,relro -Wl,-z,now $ scanelf -x sample.exe TYPE PAX FILE ET_DYN --mxe- sample.exe (In reply to comment #3) /* PT_PAX_FLAGS are tristate ... * the display logic is: * lower case: explicitly disabled * upper case: explicitly enabled * - : default */ buffer[0] = PAX_STATE(PF_PAGEEXEC, PF_NOPAGEEXEC, 'P', 'p'); buffer[1] = PAX_STATE(PF_SEGMEXEC, PF_NOSEGMEXEC, 'S', 's'); buffer[2] = PAX_STATE(PF_MPROTECT, PF_NOMPROTECT, 'M', 'm'); buffer[3] = PAX_STATE(PF_RANDEXEC, PF_NORANDEXEC, 'X', 'x'); buffer[4] = PAX_STATE(PF_EMUTRAMP, PF_NOEMUTRAMP, 'E', 'e'); buffer[5] = PAX_STATE(PF_RANDMMAP, PF_NORANDMMAP, 'R', 'r'); |