PAX_ASLR_DELTA_PROG_LEN -> PAX_ASLR_DELTA_EXEC_LEN, and put it in pax.h.

Export randomized bits # for stack and exec base too via sysctl. okay christos@.
2007-12-27 15:21:52 +00:00 · 2007-12-27 15:21:52 +00:00 · d36f83120b
commit d36f83120b
parent 72be971020
3 changed files with 34 additions and 11 deletions
--- a/sys/kern/exec_elf32.c
+++ b/sys/kern/exec_elf32.c
@ -1,4 +1,4 @@
-/*	$NetBSD: exec_elf32.c,v 1.128 2007/12/26 22:11:47 christos Exp $	*/
+/*	$NetBSD: exec_elf32.c,v 1.129 2007/12/27 15:21:52 elad Exp $	*/

 /*-
 * Copyright (c) 1994, 2000, 2005 The NetBSD Foundation, Inc.
@ -64,7 +64,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(1, "$NetBSD: exec_elf32.c,v 1.128 2007/12/26 22:11:47 christos Exp $");
+__KERNEL_RCSID(1, "$NetBSD: exec_elf32.c,v 1.129 2007/12/27 15:21:52 elad Exp $");

 /* If not included by exec_elf64.c, ELFSIZE won't be defined. */
 #ifndef ELFSIZE
@ -125,9 +125,6 @@ int	netbsd_elf_probe(struct lwp *, struct exec_package *, void *, char *,
 /*
 * We don't move this code in kern_pax.c because it is compiled twice.
 */
-#ifndef PAX_ASLR_DELTA_PROG_LEN
-#define PAX_ASLR_DELTA_PROG_LEN	12
-#endif
 static void
 pax_aslr_elf(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh,
    Elf_Phdr *ph)
@ -152,10 +149,10 @@ pax_aslr_elf(struct lwp *l, struct exec_package *epp, Elf_Ehdr *eh,
 #ifdef DEBUG_ASLR
 	uprintf("r=0x%x a=0x%x p=0x%x Delta=0x%lx\n", epp->ep_random,
 	    ilog2(pax_align), PGSHIFT, PAX_ASLR_DELTA(epp->ep_random, 
-		ilog2(pax_align), PAX_ASLR_DELTA_PROG_LEN));
+		ilog2(pax_align), PAX_ASLR_DELTA_EXEC_LEN));
 #endif
 	pax_offset = ELF_TRUNC(PAX_ASLR_DELTA(epp->ep_random,
-	    ilog2(pax_align), PAX_ASLR_DELTA_PROG_LEN), pax_align);
+	    ilog2(pax_align), PAX_ASLR_DELTA_EXEC_LEN), pax_align);

 	for (i = 0; i < eh->e_phnum; i++)
 		ph[i].p_vaddr += pax_offset;
--- a/sys/kern/kern_pax.c
+++ b/sys/kern/kern_pax.c
@ -1,4 +1,4 @@
-/* $NetBSD: kern_pax.c,v 1.18 2007/12/26 22:11:51 christos Exp $ */
+/* $NetBSD: kern_pax.c,v 1.19 2007/12/27 15:21:53 elad Exp $ */

 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@ -28,7 +28,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.18 2007/12/26 22:11:51 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: kern_pax.c,v 1.19 2007/12/27 15:21:53 elad Exp $");

 #include "opt_pax.h"

@ -138,8 +138,10 @@ SYSCTL_SETUP(sysctl_security_pax_setup, "sysctl security.pax setup")
 		       NULL, 0, NULL, 0,
 		       CTL_CREATE, CTL_EOL);

-#ifdef PAX_MPROTECT
 	cnode = rnode;
+
+#ifdef PAX_MPROTECT
+	rnode = cnode;
 	sysctl_createv(clog, 0, &rnode, &rnode,
 		       CTLFLAG_PERMANENT,
 		       CTLTYPE_NODE, "mprotect",
@ -230,6 +232,21 @@ SYSCTL_SETUP(sysctl_security_pax_setup, "sysctl security.pax setup")
 				    "mmap(2) calls."),
 		       NULL, PAX_ASLR_DELTA_MMAP_LEN, NULL, 0,
 		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, &rnode, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
+		       CTLTYPE_INT, "stack_len",
+		       SYSCTL_DESCR("Number of bits randomized for "
+				    "the stack."),
+		       NULL, PAX_ASLR_DELTA_STACK_LEN, NULL, 0,
+		       CTL_CREATE, CTL_EOL);
+	sysctl_createv(clog, 0, &rnode, NULL,
+		       CTLFLAG_PERMANENT|CTLFLAG_IMMEDIATE,
+		       CTLTYPE_INT, "exec_len",
+		       SYSCTL_DESCR("Number of bits randomized for "
+				    "the PIE exec base."),
+		       NULL, PAX_ASLR_DELTA_EXEC_LEN, NULL, 0,
+		       CTL_CREATE, CTL_EOL);
+
 #endif /* PAX_ASLR */
 }

--- a/sys/sys/pax.h
+++ b/sys/sys/pax.h
@ -1,4 +1,4 @@
-/* $NetBSD: pax.h,v 1.10 2007/12/26 22:11:52 christos Exp $ */
+/* $NetBSD: pax.h,v 1.11 2007/12/27 15:21:53 elad Exp $ */

 /*-
 * Copyright (c) 2006 Elad Efrat <elad@NetBSD.org>
@ -36,6 +36,15 @@ struct lwp;
 struct exec_package;
 struct vmspace;

+#ifdef PAX_ASLR
+/*
+ * We stick this here because we need it in kern/exec_elf32.c for now.
+ */
+#ifndef PAX_ASLR_DELTA_EXEC_LEN
+#define	PAX_ASLR_DELTA_EXEC_LEN	12
+#endif
+#endif /* PAX_ASLR */
+
 void pax_init(void);
 void pax_adjust(struct lwp *, uint32_t);