Does what it says on the tin..save the code as "glibc-2.17-pt_pax-1.patch" and apply. As an aside with Glibc2-17 "cv_pic_default=yes" enables pic as default if needed as a ./configure option. Doesnt it drive you crazy undocumented features...
Oh i forgot to say GCC-4.8.0,Binutils-2.23.2,Glibc-2.17 with a little patching build a hardened toolchain successfully.
Code:
--- elf/elf.h
+++ elf/elf.h
@@ -568,6 +568,7 @@
#define PT_GNU_EH_FRAME 0x6474e550 /* GCC .eh_frame_hdr segment */
#define PT_GNU_STACK 0x6474e551 /* Indicates stack executability */
#define PT_GNU_RELRO 0x6474e552 /* Read-only after relocation */
+#define PT_PAX_FLAGS 0x65041580 /* Indicates PaX flag markings */
#define PT_LOSUNW 0x6ffffffa
#define PT_SUNWBSS 0x6ffffffa /* Sun Specific segment */
#define PT_SUNWSTACK 0x6ffffffb /* Stack segment */
@@ -581,6 +582,18 @@
#define PF_X (1 << 0) /* Segment is executable */
#define PF_W (1 << 1) /* Segment is writable */
#define PF_R (1 << 2) /* Segment is readable */
+#define PF_PAGEEXEC (1 << 4) /* Enable PAGEEXEC */
+#define PF_NOPAGEEXEC (1 << 5) /* Disable PAGEEXEC */
+#define PF_SEGMEXEC (1 << 6) /* Enable SEGMEXEC */
+#define PF_NOSEGMEXEC (1 << 7) /* Disable SEGMEXEC */
+#define PF_MPROTECT (1 << 8) /* Enable MPROTECT */
+#define PF_NOMPROTECT (1 << 9) /* Disable MPROTECT */
+#define PF_RANDEXEC (1 << 10) /* Enable RANDEXEC */
+#define PF_NORANDEXEC (1 << 11) /* Disable RANDEXEC */
+#define PF_EMUTRAMP (1 << 12) /* Enable EMUTRAMP */
+#define PF_NOEMUTRAMP (1 << 13) /* Disable EMUTRAMP */
+#define PF_RANDMMAP (1 << 14) /* Enable RANDMMAP */
+#define PF_NORANDMMAP (1 << 15) /* Disable RANDMMAP */
#define PF_MASKOS 0x0ff00000 /* OS-specific */
#define PF_MASKPROC 0xf0000000 /* Processor-specific */
This diff is a bit broken but can be applied amnually to the makeconfig file. works fine too.(PIE patch)
Code:
2012-11-11 Magnus Granberg <zorry@gentoo.org>
#442712
* Makeconfig (+link): Set to +link-pie.
(+link-static-before-libc): Change $(static-start-installed-name) to
S$(static-start-installed-name).
(+prector): Set to +prectorS.
(+postctor): Set to +postctorS.
--- libc/Makeconfig
+++ libc/Makeconfig
@@ -447,11 +447,12 @@
$(common-objpfx)libc% $(+postinit),$^) \
$(link-extra-libs) $(link-libc) $(+postctorS) $(+postinit)
endif
++link = $(+link-pie)
# Command for statically linking programs with the C library.
ifndef +link-static
+link-static-before-libc = $(CC) -nostdlib -nostartfiles -static -o $@ \
$(sysdep-LDFLAGS) $(LDFLAGS) $(LDFLAGS-$(@F)) \
- $(addprefix $(csu-objpfx),$(static-start-installed-name)) \
+ $(addprefix $(csu-objpfx),S$(static-start-installed-name)) \
$(+preinit) $(+prectorT) \
$(filter-out $(addprefix $(csu-objpfx),start.o \
$(start-installed-name))\
@@ -549,11 +550,10 @@
ifeq ($(elf),yes)
+preinit = $(addprefix $(csu-objpfx),crti.o)
+postinit = $(addprefix $(csu-objpfx),crtn.o)
-+prector = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbegin.o`
-+postctor = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
-# Variants of the two previous definitions for linking PIE programs.
+prectorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginS.o`
+postctorS = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtendS.o`
++prector = $(+prectorS)
++postctor = $(+postctorS)
# Variants of the two previous definitions for statically linking programs.
+prectorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtbeginT.o`
+postctorT = `$(CC) $(sysdep-LDFLAGS) --print-file-name=crtend.o`
+interp = $(addprefix $(elf-objpfx),interp.os)
endif
csu-objpfx = $(common-objpfx)csu/
Now just to sort out some gcc stuff and everythings fine.
Emma
