Commit Graph

24 Commits

Author SHA1 Message Date
Ed Maste
828e50092a elfctl: whitespace cleanup
Reported by:	jrm (in review D34283)
2022-02-15 08:46:14 -05:00
Ed Maste
82b611ed18 elfctl: fix operations with multiple features on multiple files
Previously an invocation like

  elfctl -e +feature1,feature2 file1 file2

would set both feature flags in file 1 but only feature1 in file2 (due
to the string being modified by strsep()).

Reported by:	jrm
Tested by:	jrm
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34283
2022-02-15 08:42:17 -05:00
Ed Maste
b8185579f4 elfctl: fix -e invalid operation error handling
Validate the operation prior to parsing the feature string, so that e.g.
-e 0x1 reports invalid operation '0' rather than invalid feature 'x11'.
Also make it an error rather than a warning, so that it is not repeated
if multiple files are specified.

(Previously an invalid operation resulted in a segfault.)

MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2022-02-14 22:35:03 -05:00
Ed Maste
f0cf9b602d elfctl: error if -e is specified multiple times
Reported by:	jrm
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
2022-02-14 22:08:47 -05:00
Ed Maste
dbc7364b18 elfctl: update man page example for 'no' prefix
Reported by:	Mark Millard on freebsd-current@
Fixes:		c763f99d11 ("elfctl: prefix disable flags with "no"")
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2022-02-04 21:05:10 -05:00
Mark Johnston
758d98debe exec: Remove the stack gap implementation
ASLR stack randomization will reappear in a forthcoming commit.  Rather
than inserting a random gap into the stack mapping, the entire stack
mapping itself will be randomized in the same way that other mappings
are when ASLR is enabled.

No functional change intended, as the stack gap implementation is
currently disabled by default.

Reviewed by:	kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33704
2022-01-17 16:11:54 -05:00
Ed Maste
3f2508b7f3 elfctl: avoid touching file if no change made
Suggested by:	brooks
Reviewed by:	brooks, markj
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D30452
2021-05-26 10:12:12 -04:00
Marcin Wojtas
4a27bf128b usr.bin/elfctl: Allow for cross-endian operations.
Detect if host endian is different than target endian and swap
byte order of ELF note fields instead of failing.

Submitted by: Dawid Gorecki <dgr@semihalf.com>
Reviewed by: imp
Obtained from: Semihalf
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D29550
2021-05-21 15:32:04 +02:00
Konstantin Belousov
9940ac808d elfctl: Fix type errors.
Target value for val has uint32_t type, not uint, adjust used constant.
Change val type to unsigned so that left and right sides of comparision
operator do not expose different signed types of same range [*].

Switch to unsigned long long and strtoll(3) so that 0x80000000 is
accepted by conversion function [**].

Reported by:	kargl [*]
Noted by:	emaste [**]
Reviewed by:	emaste
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28301
2021-01-23 17:24:32 +02:00
Ed Maste
f302fd1aa6 elfctl: fix typo from last-minute refactoring
Reported by:	jkim
Fixes:		86f33b5fcf
2021-01-22 16:35:05 -05:00
Ed Maste
86f33b5fcf elfctl: allow features to be specified by value
This will allow elfctl on older releases to set bits that are not yet
known there, so that the binary will have the correct settings applied
if run on a later FreeBSD version.

PR:		252629 (related)
Suggested by:	kib
Reviewed by:	gbe (manpage, earlier), kib
MFC after:	3 days
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28284
2021-01-22 14:38:52 -05:00
Ed Maste
c763f99d11 elfctl: prefix disable flags with "no"
Some ELF feature flags indicate a request to opt-out of some feature,
for example NT_FREEBSD_FCTL_ASLR_DISABLE indicates that ASLR should be
disabled for the tagged binary.  Using "aslr" as the short name for the
flag is confusing as it seems to indicate a request for ASLR to be
enabled.  Rename "noaslr", and make a similar change for other opt-out
flags.

Reviewed by:	bapt, manu, markj
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D28139
2021-01-14 15:09:13 -05:00
Ed Maste
3dfcb70b6a elfctl: add backwards compatibility for "no" prefixes
I am going to prefix opt-out ELF feature flag names with "no" to make
their meaning more clear (review D28139), but there are some uses of the
existing names already (e.g., the PR referenced below).

For now accept the older, unprefixed name as well, and emit a warning.
We can revert this after FreeBSD 13 branches.

% elfctl -e +aslr foo
elfctl: interpreting aslr as noaslr; please specify noaslr

PR:		239873 (related)
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28140
2021-01-14 15:09:08 -05:00
Ed Maste
f6d95a0110 elftcl: add -i flag to ignore unknown flags
This may allow an identical elfctl invocation to be used on multiple
FreeBSD versions, with features not implemented on older releases being
silently ignored.

PR:		252629 (related)
Reviewed by:	kib
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D28130
2021-01-13 00:10:13 -05:00
Konstantin Belousov
673e2dd652 Add ELF flag to disable ASLR stack gap.
Also centralize and unify checks to enable ASLR stack gap in a new
helper exec_stackgap().

PR:	239873
Sponsored by:	The FreeBSD Foundation
MFC after:	1 week
2020-12-18 23:14:39 +00:00
Konstantin Belousov
bc6f027a39 Reserve FreeBSD ELF feature control bit LA48 to control VA layout on amd64.
Tested by:	pho
Sponsored by:	The FreeBSD Foundation
Differential revision:	https://reviews.freebsd.org/D25273
2020-08-23 19:47:27 +00:00
Ed Maste
4ac4a7f80b elfctl: update earliest FreeBSD revision to 12.2
elfctl has been merged to stable/12, and so will appear in FreeBSD 12.2

Reported by:	Dewayne Geraghty
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2020-05-05 21:50:52 +00:00
Ed Maste
b7a9e9d6b2 elfctl: remove memory leak
CID:		1420356
Reported by:	Coverity Scan
Sponsored by:	The FreeBSD Foundation
2020-03-11 13:51:01 +00:00
Ed Maste
d06e23f9d9 Reserve WXNEEDED ELF feature control flag
This will be used to tag binaries that require W+X mappings, in advance
of the ability to prevent W^X in mmap/mprotect.

There is still some discussion about the flag's name, but the ABI won't
change even if the name does (as kib pointed out in the review).

Reviewed by:	csjp, kib
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23909
2020-03-04 18:21:30 +00:00
Ed Maste
76cd520d45 elfctl: check read return value
CID:		1420212, 1420213
Reported by:	Coverity Scan
Sponsored by:	The FreeBSD Foundation
2020-03-04 16:57:23 +00:00
Ed Maste
87a920c065 elfctl: style(9): use C99 uintX_t types
Sponsored by:	The FreeBSD Foundation
2020-03-04 16:53:49 +00:00
Ed Maste
ba6d70a065 elfctl: tiny style(9) cleanup, use bool where appropriate 2020-03-02 14:34:26 +00:00
Kyle Evans
fdafb99d81 elfctl: initialize features
GCC points out a couple levels down in convert_to_features that this may be
used uninitialized. Indeed, this is true- initialize it to NULL so that we
at least deref a null pointer.
2020-03-02 04:22:38 +00:00
Ed Maste
79bfb05b07 Move ELF feature note tool to usr.bin/elfctl
elfctl is a tool for modifying the NT_FREEBSD_FEATURE_CTL ELF note,
which contains a set of flags for enabling or disabling vulnerability
mitigations and other features.

Reviewed by:	csjp, kib
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D23910
2020-03-02 02:36:41 +00:00