Previously an invocation like
elfctl -e +feature1,feature2 file1 file2
would set both feature flags in file 1 but only feature1 in file2 (due
to the string being modified by strsep()).
Reported by: jrm
Tested by: jrm
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34283
(cherry picked from commit 82b611ed18)
Validate the operation prior to parsing the feature string, so that e.g.
-e 0x1 reports invalid operation '0' rather than invalid feature 'x11'.
Also make it an error rather than a warning, so that it is not repeated
if multiple files are specified.
(Previously an invalid operation resulted in a segfault.)
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
(cherry picked from commit b8185579f4)
Reported by: Mark Millard on freebsd-current@
Fixes: c763f99d11 ("elfctl: prefix disable flags with "no"")
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
(cherry picked from commit dbc7364b18)
ASLR stack randomization will reappear in a forthcoming commit. Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.
No functional change intended, as the stack gap implementation is
currently disabled by default.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 758d98debe)
Detect if host endian is different than target endian and swap
byte order of ELF note fields instead of failing.
Submitted by: Dawid Gorecki <dgr@semihalf.com>
Reviewed by: imp
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D29550
(cherry picked from commit 4a27bf128b)
This will allow elfctl on older releases to set bits that are not yet
known there, so that the binary will have the correct settings applied
if run on a later FreeBSD version.
PR: 252629 (related)
Suggested by: kib
Reviewed by: gbe (manpage, earlier), kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28284
(cherry picked from commit 86f33b5fcf)
elfctl: fix typo from last-minute refactoring
Reported by: jkim
(cherry picked from commit f302fd1aa6)
elfctl: Fix type errors.
Target value for val has uint32_t type, not uint, adjust used constant.
Change val type to unsigned so that left and right sides of comparision
operator do not expose different signed types of same range [*].
Switch to unsigned long long and strtoll(3) so that 0x80000000 is
accepted by conversion function [**].
Reported by: kargl [*]
Noted by: emaste [**]
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28301
(cherry picked from commit 9940ac808d)
Some ELF feature flags indicate a request to opt-out of some feature,
for example NT_FREEBSD_FCTL_ASLR_DISABLE indicates that ASLR should be
disabled for the tagged binary. Using "aslr" as the short name for the
flag is confusing as it seems to indicate a request for ASLR to be
enabled. Rename "noaslr", and make a similar change for other opt-out
flags.
Reviewed by: bapt, manu, markj
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28139
I am going to prefix opt-out ELF feature flag names with "no" to make
their meaning more clear (review D28139), but there are some uses of the
existing names already (e.g., the PR referenced below).
For now accept the older, unprefixed name as well, and emit a warning.
We can revert this after FreeBSD 13 branches.
% elfctl -e +aslr foo
elfctl: interpreting aslr as noaslr; please specify noaslr
PR: 239873 (related)
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28140
This may allow an identical elfctl invocation to be used on multiple
FreeBSD versions, with features not implemented on older releases being
silently ignored.
PR: 252629 (related)
Reviewed by: kib
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28130
Also centralize and unify checks to enable ASLR stack gap in a new
helper exec_stackgap().
PR: 239873
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
elfctl has been merged to stable/12, and so will appear in FreeBSD 12.2
Reported by: Dewayne Geraghty
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
This will be used to tag binaries that require W+X mappings, in advance
of the ability to prevent W^X in mmap/mprotect.
There is still some discussion about the flag's name, but the ABI won't
change even if the name does (as kib pointed out in the review).
Reviewed by: csjp, kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23909
GCC points out a couple levels down in convert_to_features that this may be
used uninitialized. Indeed, this is true- initialize it to NULL so that we
at least deref a null pointer.
elfctl is a tool for modifying the NT_FREEBSD_FEATURE_CTL ELF note,
which contains a set of flags for enabling or disabling vulnerability
mitigations and other features.
Reviewed by: csjp, kib
MFC after: 2 weeks
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23910
