On Fri, Jul 31, 2015 at 01:09:37PM +0200, Maxime Villard wrote:
> I don't know how to do that, but you need to fix it this way:
> - remove the "security.pax.mprotect.global" instruction in paxinit()
Why is that? (And why do those sysctls have no description?)
> - the test being a C file - therefore, an ELF binary -, you need to
> PaX the binary this way:
> paxctl +M t_mprotect
Something like the (non-working) patch below?
Martin
Index: Makefile
===================================================================
RCS file: /cvsroot/src/tests/lib/libc/sys/Makefile,v
retrieving revision 1.39
diff -u -r1.39 Makefile
--- Makefile 22 Jun 2015 00:05:23 -0000 1.39
+++ Makefile 31 Jul 2015 18:22:48 -0000
@@ -38,7 +38,6 @@
TESTS_C+= t_mknod
TESTS_C+= t_mlock
TESTS_C+= t_mmap
-TESTS_C+= t_mprotect
TESTS_C+= t_msgctl
TESTS_C+= t_msgget
TESTS_C+= t_msgrcv
@@ -67,8 +66,16 @@
TESTS_C+= t_unlink
TESTS_C+= t_write
+PROGS+= t_mprotect
SRCS.t_mprotect= t_mprotect.c ${SRCS_EXEC_PROT}
+t_mprotect: t_mprotect_nopax
+ ${TOOL_PAXCTL} +M t_mprotect
+ cp t_mprotect t_mprotect_nopax
+
+t_mprotect_nopax: ${SRCS.t_mprotect}
+ ${LINK.c} -o ${.TARGET} ${SRCS.t_mprotect} ${LDLIBS}
+
LDADD.t_getpid+= -lpthread
.if (${MKRUMP} != "no") && !defined(BSD_MK_COMPAT_FILE)
Index: bsd.own.mk
===================================================================
RCS file: /cvsroot/src/share/mk/bsd.own.mk,v
retrieving revision 1.862
diff -u -r1.862 bsd.own.mk
--- bsd.own.mk 23 Jul 2015 08:03:26 -0000 1.862
+++ bsd.own.mk 31 Jul 2015 18:23:14 -0000
@@ -367,6 +367,7 @@
TOOL_NBPERF= ${TOOLDIR}/bin/${_TOOL_PREFIX}perf
TOOL_NCDCS= ${TOOLDIR}/bin/${_TOOL_PREFIX}ibmnws-ncdcs
TOOL_PAX= ${TOOLDIR}/bin/${_TOOL_PREFIX}pax
+TOOL_PAXCTL= ${TOOLDIR}/bin/${_TOOL_PREFIX}paxctl
TOOL_PIC= ${TOOLDIR}/bin/${_TOOL_PREFIX}pic
TOOL_PIGZ= ${TOOLDIR}/bin/${_TOOL_PREFIX}pigz
TOOL_PKG_CREATE= ${TOOLDIR}/bin/${_TOOL_PREFIX}pkg_create
