diff options
| author | khorben <khorben@pkgsrc.org> | 2016-05-26 16:03:04 +0000 |
|---|---|---|
| committer | khorben <khorben@pkgsrc.org> | 2016-05-26 16:03:04 +0000 |
| commit | b8a2d91a8eb92f1e4004213b661e5f8dfee277c9 (patch) | |
| tree | 8d5ea313247a56aff1ea5f7f5d7954b5f9ea3883 /mk | |
| parent | 6bf9f8249f45f2884b33af3c9df591ced7f217f5 (diff) | |
| download | pkgsrc-b8a2d91a8eb92f1e4004213b661e5f8dfee277c9.tar.gz | |
Import mini-framework for paxctl(8) on NetBSD/{amd64,i386}
This allows setting flags for PaX on select binaries. Two new variables
are introduced for packages: NOT_PAX_ASLR_SAFE and NOT_PAX_MPROTECT_SAFE.
They both expect a list of binaries are known to not support PaX ASLR
and/or PaX MPROTECT, respectively.
"Please commit" wiz@
Diffstat (limited to 'mk')
| -rw-r--r-- | mk/bsd.pkg.mk | 6 | ||||
| -rw-r--r-- | mk/pax.mk | 48 | ||||
| -rw-r--r-- | mk/tools/tools.NetBSD.mk | 6 |
3 files changed, 58 insertions, 2 deletions
diff --git a/mk/bsd.pkg.mk b/mk/bsd.pkg.mk index 5d18d980e46..9dc325f8855 100644 --- a/mk/bsd.pkg.mk +++ b/mk/bsd.pkg.mk @@ -1,4 +1,4 @@ -# $NetBSD: bsd.pkg.mk,v 1.2018 2016/03/23 11:50:01 jperkin Exp $ +# $NetBSD: bsd.pkg.mk,v 1.2019 2016/05/26 16:03:04 khorben Exp $ # # This file is in the public domain. # @@ -678,6 +678,10 @@ _SHORT_UNAME_R= ${:!${UNAME} -r!:C@\.([0-9]*)[_.-].*@.\1@} # n.n[_.]anything => .include "install/bin-install.mk" +# Handle PaX flags +# +.include "pax.mk" + .PHONY: show-pkgtools-version .if !target(show-pkgtools-version) show-pkgtools-version: diff --git a/mk/pax.mk b/mk/pax.mk new file mode 100644 index 00000000000..517ef5441de --- /dev/null +++ b/mk/pax.mk @@ -0,0 +1,48 @@ +# $NetBSD: pax.mk,v 1.1 2016/05/26 16:03:04 khorben Exp $ +# +# Infrastructure support for binaries known to fail with PaX enabled. +# +# User-settable variables: +# PAXCTL +# The path to the paxctl(8) binary +# +# Package-settable variables: +# +# NOT_PAX_ASLR_SAFE +# The list of binaries which do not support PaX ASLR. +# +# NOT_PAX_MPROTECT_SAFE +# The list of binaries which do not support PaX MPROTECT. + +.if !defined(PAX_MK) + +. if defined(TOOLS_PLATFORM.paxctl) +PAXCTL= ${TOOLS_PLATFORM.paxctl} +. if !empty(NOT_PAX_ASLR_SAFE) +_INSTALL_ALL_TARGETS+= post-install-pax-aslr-binaries + +.PHONY: post-install-pax-aslr-binaries +post-install: post-install-pax-aslr-binaries +post-install-pax-aslr-binaries: + @${STEP_MSG} "Setting PaX ASLR flags" + ${RUN} \ + for binary in ${NOT_PAX_ASLR_SAFE}; do \ + ${PAXCTL} +a ${DESTDIR}${PREFIX}/$$binary; \ + done +. endif + +. if !empty(NOT_PAX_MPROTECT_SAFE) +_INSTALL_ALL_TARGETS+= post-install-pax-mprotect-binaries + +.PHONY: post-install-pax-mprotect-binaries +post-install: post-install-pax-mprotect-binaries +post-install-pax-mprotect-binaries: + @${STEP_MSG} "Setting PaX MPROTECT flags" + ${RUN} \ + for binary in ${NOT_PAX_MPROTECT_SAFE}; do \ + ${PAXCTL} +m ${DESTDIR}${PREFIX}/$$binary; \ + done +. endif +. endif + +.endif diff --git a/mk/tools/tools.NetBSD.mk b/mk/tools/tools.NetBSD.mk index 188cd5677a9..063d06cc4e3 100644 --- a/mk/tools/tools.NetBSD.mk +++ b/mk/tools/tools.NetBSD.mk @@ -1,4 +1,4 @@ -# $NetBSD: tools.NetBSD.mk,v 1.57 2015/09/08 11:36:34 jperkin Exp $ +# $NetBSD: tools.NetBSD.mk,v 1.58 2016/05/26 16:03:04 khorben Exp $ # # System-supplied tools for the NetBSD operating system. @@ -83,6 +83,10 @@ TOOLS_PLATFORM.nroff?= /usr/bin/nroff TOOLS_PLATFORM.openssl?= /usr/bin/openssl TOOLS_PLATFORM.patch?= /usr/bin/patch TOOLS_PLATFORM.pax?= /bin/pax +.if empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-386) || \ + empty(MACHINE_PLATFORM:MNetBSD-[^0-3].*-x86_64) +TOOLS_PLATFORM.paxctl?= /usr/sbin/paxctl +.endif TOOLS_PLATFORM.printf?= /usr/bin/printf TOOLS_PLATFORM.pwd?= /bin/pwd .if empty(USE_CROSS_COMPILE:M[yY][eE][sS]) |