[packages/chpax.git] / chpax.c

/*
 * This program manages various PaX related flags for ELF and a.out binaries.
 * The flags only have effect when running the patched Linux kernel.
 *
 * Written by Solar Designer and placed in the public domain.
 *
 * Adapted to PaX by the PaX Team.
 */

#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>
#include <linux/elf.h>
#include <linux/a.out.h>

#define HF_PAX_PAGEEXEC         1       /* 0: Enforce PAGE_EXEC */
#define HF_PAX_EMUTRAMP         2       /* 0: Emulate trampolines */
#define HF_PAX_MPROTECT         4       /* 0: Restrict mprotect() */
#define HF_PAX_RANDMMAP         8       /* 0: Randomize mmap() base */

static struct elf32_hdr header_elf;
static struct exec header_aout;
static void *header;
static int header_size;
static int fd;

static unsigned long (*get_flags)();
static void (*put_flags)(unsigned long);

static unsigned long get_flags_elf()
{
	return header_elf.e_flags;
}

static void put_flags_elf(unsigned long flags)
{
	header_elf.e_flags = flags;
}

static unsigned long get_flags_aout()
{
	return N_FLAGS(header_aout);
}

static void put_flags_aout(unsigned long flags)
{
	N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP);
}

static int read_header(char *name, int mode)
{
	char *ptr;
	int size, block;

	if ((fd = open(name, mode)) < 0) return 1;

	ptr = (char *)&header_elf;
	size = sizeof(header_elf);
	do {
		block = read(fd, ptr, size);
		if (block <= 0) {
			close(fd);
			return block ? 1 : 2;
		}
		ptr += block; size -= block;
	} while (size > 0);

	memcpy(&header_aout, &header_elf, sizeof(header_aout));

	if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) {
		if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) return 2;
		if (header_elf.e_machine != EM_386) return 3;
		header = &header_elf; header_size = sizeof(header_elf);
		get_flags = get_flags_elf; put_flags = put_flags_elf;
	} else
	if (N_MAGIC(header_aout) == NMAGIC ||
	    N_MAGIC(header_aout) == ZMAGIC ||
	    N_MAGIC(header_aout) == QMAGIC) {
		if (N_MACHTYPE(header_aout) != M_386) return 3;
		header = &header_aout; header_size = 4;
		get_flags = get_flags_aout; put_flags = put_flags_aout;
	} else return 2;

	return 0;
}

int write_header()
{
	char *ptr;
	int size, block;

	if (lseek(fd, 0, SEEK_SET)) return 1;

	ptr = (char *)header;
	size = header_size;
	do {
		block = write(fd, ptr, size);
		if (block <= 0) break;
		ptr += block; size -= block;
	} while (size > 0);

	return size;
}

#define USAGE \
"Usage: %s OPTIONS FILE...\n" \
"Manage PaX flags for binaries\n\n" \
"  -P\tenforce PAGE_EXEC\n" \
"  -p\tdo not enforce PAGE_EXEC\n" \
"  -E\temulate trampolines\n" \
"  -e\tdo not emulate trampolines\n" \
"  -M\trestrict mprotect()\n" \
"  -m\tdo not restrict mprotect()\n" \
"  -R\trandomize mmap() base [ELF only]\n" \
"  -r\tdo not randomize mmap() base [ELF only]\n" \
"  -v\tview current flag state\n\n" \
"The flags only have effect when running the patched Linux kernel.\n"

void usage(char *name)
{
	printf(USAGE, name ? name : "chpax");
	exit(1);
}

int main(int argc, char **argv)
{
	char **current;
	unsigned long flags;
	int error = 0;
	int mode;

	if (argc < 3) usage(argv[0]);
	if (strlen(argv[1]) != 2) usage(argv[0]);
	if (argv[1][0] != '-' || !strchr("pPeEmMrRv", argv[1][1])) usage(argv[0]);

	current = &argv[2];
	do {
		mode = argv[1][1] == 'v' ? O_RDONLY : O_RDWR;
		switch (read_header(*current, mode)) {
		case 1:
			perror(*current);
			error = 1; continue;

		case 2:
			printf("%s: Unknown file type\n", *current);
			error = 1; continue;

		case 3:
			printf("%s: Wrong architecture\n", *current);
			error = 1; continue;
		}

		flags = get_flags();

		switch (argv[1][1]) {
		case 'p':
			put_flags(flags | HF_PAX_PAGEEXEC);
			break;

		case 'P':
			put_flags(flags & ~HF_PAX_PAGEEXEC);
			break;

		case 'E':
			put_flags(flags | HF_PAX_EMUTRAMP);
			break;

		case 'e':
			put_flags(flags & ~HF_PAX_EMUTRAMP);
			break;

		case 'm':
			put_flags(flags | HF_PAX_MPROTECT);
			break;

		case 'M':
			put_flags(flags & ~HF_PAX_MPROTECT);
			break;

		case 'r':
			put_flags(flags | HF_PAX_RANDMMAP);
			break;

		case 'R':
			put_flags(flags & ~HF_PAX_RANDMMAP);
			break;

		default:
			printf("%s: "
			       "PAGE_EXEC is %s, "
			       "trampolines are %s, "
			       "mprotect() is %s, "
			       "mmap() base is %s\n", *current,
				flags & HF_PAX_PAGEEXEC
				? "disabled" : "enabled",
				flags & HF_PAX_EMUTRAMP
				? "emulated" : "not emulated",
				flags & HF_PAX_MPROTECT
				? "not restricted" : "restricted",
				flags & HF_PAX_RANDMMAP
				? "not randomized" : "randomized");
		}

		if (flags != get_flags())
		if (write_header()) {
			perror(*current);
			error = 1;
		}

		close(fd);
	} while (*++current);

	return error;
}
Commit	Line	Data
450271d5 AM	1	/*
	2	* This program manages various PaX related flags for ELF and a.out binaries.
	3	* The flags only have effect when running the patched Linux kernel.
	4	*
	5	* Written by Solar Designer and placed in the public domain.
	6	*
	7	* Adapted to PaX by the PaX Team.
	8	*/
	9
	10	#include <stdio.h>
	11	#include <string.h>
	12	#include <sys/types.h>
	13	#include <fcntl.h>
	14	#include <unistd.h>
	15	#include <linux/elf.h>
	16	#include <linux/a.out.h>
	17
	18	#define HF_PAX_PAGEEXEC 1 /* 0: Enforce PAGE_EXEC */
	19	#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */
	20	#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */
	21	#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */
	22
	23	static struct elf32_hdr header_elf;
	24	static struct exec header_aout;
	25	static void *header;
	26	static int header_size;
	27	static int fd;
	28
	29	static unsigned long (*get_flags)();
	30	static void (*put_flags)(unsigned long);
	31
	32	static unsigned long get_flags_elf()
	33	{
	34	return header_elf.e_flags;
	35	}
	36
	37	static void put_flags_elf(unsigned long flags)
	38	{
	39	header_elf.e_flags = flags;
	40	}
	41
	42	static unsigned long get_flags_aout()
	43	{
	44	return N_FLAGS(header_aout);
	45	}
	46
	47	static void put_flags_aout(unsigned long flags)
	48	{
	49	N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP);
	50	}
	51
	52	static int read_header(char *name, int mode)
	53	{
	54	char *ptr;
	55	int size, block;
	56
	57	if ((fd = open(name, mode)) < 0) return 1;
	58
	59	ptr = (char *)&header_elf;
	60	size = sizeof(header_elf);
	61	do {
	62	block = read(fd, ptr, size);
	63	if (block <= 0) {
	64	close(fd);
65	return block ? 1 : 2;
66	}
67	ptr += block; size -= block;
68	} while (size > 0);
69
70	memcpy(&header_aout, &header_elf, sizeof(header_aout));
71
72	if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) {
73	if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) return 2;
74	if (header_elf.e_machine != EM_386) return 3;
75	header = &header_elf; header_size = sizeof(header_elf);
76	get_flags = get_flags_elf; put_flags = put_flags_elf;
77	} else
78	if (N_MAGIC(header_aout) == NMAGIC \|\|
79	N_MAGIC(header_aout) == ZMAGIC \|\|
80	N_MAGIC(header_aout) == QMAGIC) {
81	if (N_MACHTYPE(header_aout) != M_386) return 3;
82	header = &header_aout; header_size = 4;
83	get_flags = get_flags_aout; put_flags = put_flags_aout;
84	} else return 2;
85
86	return 0;
87	}
88
89	int write_header()
90	{
91	char *ptr;
92	int size, block;
93
94	if (lseek(fd, 0, SEEK_SET)) return 1;
95
96	ptr = (char *)header;
97	size = header_size;
98	do {
99	block = write(fd, ptr, size);
100	if (block <= 0) break;
101	ptr += block; size -= block;
102	} while (size > 0);
103
104	return size;
105	}
106
107	#define USAGE \
108	"Usage: %s OPTIONS FILE...\n" \
109	"Manage PaX flags for binaries\n\n" \
110	" -P\tenforce PAGE_EXEC\n" \
111	" -p\tdo not enforce PAGE_EXEC\n" \
112	" -E\temulate trampolines\n" \
113	" -e\tdo not emulate trampolines\n" \
114	" -M\trestrict mprotect()\n" \
115	" -m\tdo not restrict mprotect()\n" \
116	" -R\trandomize mmap() base [ELF only]\n" \
117	" -r\tdo not randomize mmap() base [ELF only]\n" \
118	" -v\tview current flag state\n\n" \
119	"The flags only have effect when running the patched Linux kernel.\n"
120
121	void usage(char *name)
122	{
123	printf(USAGE, name ? name : "chpax");
124	exit(1);
125	}
126
127	int main(int argc, char **argv)
128	{
129	char **current;
130	unsigned long flags;
131	int error = 0;
132	int mode;
133
134	if (argc < 3) usage(argv[0]);
135	if (strlen(argv[1]) != 2) usage(argv[0]);
136	if (argv[1][0] != '-' \|\| !strchr("pPeEmMrRv", argv[1][1])) usage(argv[0]);
137
138	current = &argv[2];
139	do {
140	mode = argv[1][1] == 'v' ? O_RDONLY : O_RDWR;
141	switch (read_header(*current, mode)) {
142	case 1:
143	perror(*current);
144	error = 1; continue;
145
146	case 2:
147	printf("%s: Unknown file type\n", *current);
148	error = 1; continue;
149
150	case 3:
151	printf("%s: Wrong architecture\n", *current);
152	error = 1; continue;
153	}
154
155	flags = get_flags();
156
157	switch (argv[1][1]) {
158	case 'p':
159	put_flags(flags \| HF_PAX_PAGEEXEC);
160	break;
161
162	case 'P':
163	put_flags(flags & ~HF_PAX_PAGEEXEC);
164	break;
165
166	case 'E':
167	put_flags(flags \| HF_PAX_EMUTRAMP);
168	break;
169
170	case 'e':
171	put_flags(flags & ~HF_PAX_EMUTRAMP);
172	break;
173
174	case 'm':
175	put_flags(flags \| HF_PAX_MPROTECT);
176	break;
177
178	case 'M':
179	put_flags(flags & ~HF_PAX_MPROTECT);
180	break;
181
182	case 'r':
183	put_flags(flags \| HF_PAX_RANDMMAP);
184	break;
185
186	case 'R':
187	put_flags(flags & ~HF_PAX_RANDMMAP);
188	break;
189
190	default:
191	printf("%s: "
192	"PAGE_EXEC is %s, "
193	"trampolines are %s, "
194	"mprotect() is %s, "
195	"mmap() base is %s\n", *current,
196	flags & HF_PAX_PAGEEXEC
197	? "disabled" : "enabled",
198	flags & HF_PAX_EMUTRAMP
199	? "emulated" : "not emulated",
200	flags & HF_PAX_MPROTECT
201	? "not restricted" : "restricted",
202	flags & HF_PAX_RANDMMAP
203	? "not randomized" : "randomized");
204	}
205
206	if (flags != get_flags())
207	if (write_header()) {
208	perror(*current);
209	error = 1;
210	}
211
212	close(fd);
213	} while (*++current);
214
215	return error;
216	}