Subject: Re: segvguard [was: Re: CVS commit: src/sys/sys]
To: None <tech-kern@netbsd.org>
From: Christos Zoulas <christos@astron.com>
List: tech-kern
Date: 12/08/2006 18:32:05
In article <20061208101716.7961411705@yamt.dyndns.org>,
YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp> wrote:
>> Index: libexec/ld.elf_so/sysident.h
>> ===================================================================
>> RCS file: /usr/cvs/src/libexec/ld.elf_so/sysident.h,v
>> retrieving revision 1.13
>> diff -u -p -r1.13 sysident.h
>> --- libexec/ld.elf_so/sysident.h	13 Jun 2006 13:55:58 -0000	1.13
>> +++ libexec/ld.elf_so/sysident.h	1 Dec 2006 21:49:16 -0000
>> @@ -75,3 +75,17 @@ __asm(
>>  	"\t.previous\n"
>>  	"\t.p2align\t2\n"
>>  );
>> +
>> +__asm(
>> +	".section\t\".note.netbsd.pax\", \"a\"\n"
>> +	"\t.p2align\t2\n\n"
>> +
>> +	"\t.long\t" __S(ELF_NOTE_PAX_NAMESZ) "\n"
>> +	"\t.long\t" __S(ELF_NOTE_PAX_DESCSZ) "\n"
>> +	"\t.long\t" __S(ELF_NOTE_TYPE_PAX_TAG) "\n"
>> +	"\t.ascii\t" __S(ELF_NOTE_PAX_NAME) "\n"
>> +	"\t.long\t" __S(0) "\n\n"
>> +
>> +	"\t.previous\n"
>> +	"\t.p2align\t2\n"
>> +);
>
>is it too difficult to make paxctl add the section to existing executables?

I think so; we don't have an elf library. I agree though that it would be
a lot better if paxctl did it. I will investigate some more.

christos