[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#23371: emacs: paxctl usage on NetBSD
|
From: |
Thomas Klausner |
|
Subject: |
bug#23371: emacs: paxctl usage on NetBSD |
|
Date: |
Thu, 28 Apr 2016 00:50:37 +0200 |
On Wed, Apr 27, 2016 at 12:38:53PM -0700, Paul Eggert wrote:
> On 04/27/2016 08:54 AM, Thomas Klausner wrote:
> >>configure.ac says
> >>that paxctl is used only when the operating system is GNU/Linux, unless one
> >>manually configures by setting PAXCTL in the environment or using a
> >>PAXCTL=/some/path argument to 'configure'.
> >That's true, but src/Makefile.in ignores that:
> >PAXCTL_if_present = $(or $(PAXCTL),: paxctl)
>
> I guess I'm still not following. On non-GNU/Linux hosts, $(PAXCTL) should be
> empty because paxctl is not searched for, so PAXCTL_if_present should be ':
> paxctl', i.e., a no-op shell command. And yet you reported that your build
> used 'paxctl -zex' and 'paxctl -r'. Perhaps your build was actually using
> the no-ops ': paxctl -zex' and ': paxctl -r' and you didn't notice the
> colons? That is, perhaps you replaced ': paxctl -zex' (with a prefix colon)
> with 'paxctl +a' (without the colon)?
You're right, I didn't do exactly what I described.
The build system as-is does not use paxctl on NetBSD, so this breaks
when ASLR is enabled. I run the following sed expressions on
src/Makefile.in:
's,$$(PAXCTL_if_present) -zex,/usr/sbin/paxctl +a,g'
's,$$(PAXCTL_if_present) -r,/usr/sbin/paxctl +a,g'
> >My version is attached (I added some more paxctl's for the symlinks
> >when the original version didn't work.) I hope I didn't break it.
>
> Did it work with your version?
No, I just posted it so you can see what I did.
> If so, does 'ln' and/or 'mv' remove the mark placed on an executable by
> 'paxctl +a'? and if that happens, how does 'make install' avoid removing the
> mark in the installed Emacs?
>
> If not, then I'm afraid I'm lost.
All of cp, mv, and ln keep the paxctl settings:
# paxctl a
PaX flags:
a: ASLR, explicit disable
# cp a b
# paxctl b
PaX flags:
a: ASLR, explicit disable
# ln b c
# paxctl c
PaX flags:
a: ASLR, explicit disable
# mv c d
# paxctl d
PaX flags:
a: ASLR, explicit disable
I wasn't sure of that, so I added the extra ones, since it wasn't
working. It's not necessary, so I removed it again.
> Also, I noticed that you removed the indenting on some of the 'ifeq' lines
> in src/Makefile.in; why was that necessary?
Because the patch didn't apply cleanly, I had to manually apply it,
and I didn't indent it correctly, sorry.
So perhaps there is a different problem and paxctl is not properly
detected or applied even with your patch. Let's look more closely:
PAXCTL_dumped value:
work/emacs/config.log:PAXCTL_dumped='$(PAXCTL) +a'
work/emacs/lib/Makefile:PAXCTL_dumped = $(PAXCTL) +a
work/emacs/src/Makefile:PAXCTL_dumped = $(PAXCTL) +a
PAXCTL itself:
work/emacs/config.log:PAXCTL='/usr/sbin/paxctl'
work/emacs/lib/Makefile:PAXCTL = /usr/sbin/paxctl
work/emacs/src/Makefile:PAXCTL = /usr/sbin/paxctl
But PAXCTL_notdumped is empty.
work/emacs/config.status:S["PAXCTL_notdumped"]=""
work/emacs/lib/Makefile:PAXCTL_notdumped =
work/emacs/src/Makefile:PAXCTL_notdumped =
On Linux this uses paxctl -r, which, according to
http://man.he.net/man1/paxctl is:
-r do not randomize memory regions (NORANDMMAP)
While on NetBSD, +a does:
a Explicitly disable PaX ASLR (Address Space Layout Randomization)
for program.
So perhaps notdumped also needs to call paxctl +a, like my sed
expressions do.
(later)
Yes, that's it. I've defined PAXCTL_notdumped to the same value as
PAXCTL_dumped and emacs builds fine now -- basically, one additional
line to configure.ac in the netbsd case.
I'll attach my patches again, just to make it absolutely clear.
Thanks,
Thomas
patch-configure.ac
Description: Text document
patch-src_Makefile.in
Description: Text document