--- ./configure.in.orig 2014-09-06 20:00:00.000000000 -0600 +++ ./configure.in 2014-09-06 20:00:00.000000000 -0600 @@ -1435,9 +1435,11 @@ if test "$HAVE_SBRK" = "1" ; then AC_LANG_SOURCE([[ #include #include + #define CAN_UNRANDOMIZE_SBRK 1 + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { - #include "h/unrandomize.h" + UNRANDOMIZE_SBRK; return 0;}]])], [AC_MSG_RESULT(yes) AC_DEFINE(CAN_UNRANDOMIZE_SBRK,1,[can prevent sbrk from returning random values])], @@ -1447,12 +1449,11 @@ if test "$HAVE_SBRK" = "1" ; then AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char * argv[],char * envp[]) { FILE *f; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; if (!(f=fopen("conftest1","w"))) return -1; fprintf(f,"%u",sbrk(0)); return 0;}]])],SBRK=`cat conftest1`,SBRK=0,SBRK=0) @@ -1462,12 +1463,11 @@ if test "$HAVE_SBRK" = "1" ; then AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char * argv[],char * envp[]) { FILE *f; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; if (!(f=fopen("conftest1","w"))) return -1; fprintf(f,"%u",sbrk(0)); return 0;}]])],SBRK1=`cat conftest1`,SBRK1=0,SBRK1=0) @@ -1539,6 +1539,7 @@ AC_MSG_CHECKING(CSTACK_ADDRESS) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void * foo() { int i; @@ -1551,9 +1552,7 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ FILE *fp = fopen("conftest1","w"); unsigned long i,j; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; j=1; j<<=$PAGEWIDTH; j<<=16; @@ -1573,6 +1572,7 @@ AC_MSG_CHECKING([cstack bits]) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void * foo() { int i; @@ -1585,9 +1585,7 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ FILE *fp = fopen("conftest1","w"); unsigned long i,j; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; j=1; j<<=$PAGEWIDTH; j<<=16; @@ -1608,11 +1606,10 @@ AC_MSG_CHECKING(NEG_CSTACK_ADDRESS) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; return (long)$cstack_address<0 ? 0 : -1; }]])],[AC_MSG_RESULT(yes) neg_cstack_address=1 @@ -1625,14 +1622,13 @@ AC_MSG_CHECKING([finding CSTACK_ALIGNMEN AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { void *b,*c; FILE *fp = fopen("conftest1","w"); long n; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; b=alloca(sizeof(b)); c=alloca(sizeof(c)); n=b>c ? b-c : c-b; @@ -1648,6 +1644,7 @@ AC_MSG_CHECKING(CSTACK_DIRECTION) AC_RUN_IFELSE([AC_LANG_SOURCE([[ #include #include + #include "h/unrandomize.h" void * foo(void) { int i; @@ -1658,9 +1655,7 @@ AC_RUN_IFELSE([AC_LANG_SOURCE([[ int main(int argc,char **argv,char **envp) { char *b; FILE *fp = fopen("conftest1","w"); - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; fprintf(fp,"%d",((long) &b) > ((long) foo()) ? -1 : 1); fclose(fp); return 0; --- ./configure.orig 2014-09-06 20:00:00.000000000 -0600 +++ ./configure 2014-09-06 20:00:00.000000000 -0600 @@ -7695,9 +7695,11 @@ else #include #include + #define CAN_UNRANDOMIZE_SBRK 1 + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { - #include "h/unrandomize.h" + UNRANDOMIZE_SBRK; return 0;} _ACEOF if ac_fn_c_try_run "$LINENO"; then : @@ -7725,12 +7727,11 @@ else #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char * argv[],char * envp[]) { FILE *f; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; if (!(f=fopen("conftest1","w"))) return -1; fprintf(f,"%u",sbrk(0)); return 0;} @@ -7755,12 +7756,11 @@ else #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char * argv[],char * envp[]) { FILE *f; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; if (!(f=fopen("conftest1","w"))) return -1; fprintf(f,"%u",sbrk(0)); return 0;} @@ -7814,6 +7814,7 @@ else #include #include + #include "h/unrandomize.h" void * foo() { int i; @@ -7826,9 +7827,7 @@ else FILE *fp = fopen("conftest1","w"); unsigned long i,j; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; j=1; j<<=$PAGEWIDTH; j<<=16; @@ -7872,6 +7871,7 @@ else #include #include + #include "h/unrandomize.h" void * foo() { int i; @@ -7884,9 +7884,7 @@ else FILE *fp = fopen("conftest1","w"); unsigned long i,j; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; j=1; j<<=$PAGEWIDTH; j<<=16; @@ -7931,11 +7929,10 @@ else #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; return (long)$cstack_address<0 ? 0 : -1; } _ACEOF @@ -7970,14 +7967,13 @@ else #include #include + #include "h/unrandomize.h" void gprof_cleanup() {} int main(int argc,char **argv,char **envp) { void *b,*c; FILE *fp = fopen("conftest1","w"); long n; - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; b=alloca(sizeof(b)); c=alloca(sizeof(c)); n=b>c ? b-c : c-b; @@ -8017,6 +8013,7 @@ else #include #include + #include "h/unrandomize.h" void * foo(void) { int i; @@ -8027,9 +8024,7 @@ else int main(int argc,char **argv,char **envp) { char *b; FILE *fp = fopen("conftest1","w"); - #ifdef CAN_UNRANDOMIZE_SBRK - #include "h/unrandomize.h" - #endif + UNRANDOMIZE_SBRK; fprintf(fp,"%d",((long) &b) > ((long) foo()) ? -1 : 1); fclose(fp); return 0; --- ./h/unrandomize.h.orig 2014-09-06 09:45:30.000000000 -0600 +++ ./h/unrandomize.h 2014-09-06 20:00:00.000000000 -0600 @@ -1,3 +1,5 @@ +#include +#include #include #include #include @@ -5,61 +7,66 @@ #include #include -{ - errno=0; - - { - - /*READ_IMPLIES_EXEC is for selinux, but selinux will reset it in the child*/ - long pers = personality(READ_IMPLIES_EXEC|personality(0xffffffffUL)); - long flag = ADDR_NO_RANDOMIZE; - - if (sizeof(long)==4) flag|=ADDR_LIMIT_3GB|ADDR_COMPAT_LAYOUT; - - if (pers==-1) {printf("personality failure %d\n",errno);exit(-1);} - if ((pers & flag)!=flag && !getenv("GCL_UNRANDOMIZE")) { - errno=0; - if (personality(pers | flag) != -1 && (personality(0xffffffffUL) & flag)==flag) { - int i,j,k; - char **n,**a; - void *v; - for (i=j=0;argv[i];i++) - j+=strlen(argv[i])+1; - for (k=0;envp[k];k++) - j+=strlen(envp[k])+1; - j+=(i+k+3)*sizeof(char *); - if ((v=sbrk(j))==(void *)-1) { - printf("Cannot brk environment space\n"); - exit(-1); - } - a=v; - v=a+i+1; - n=v; - v=n+k+2; - for (i=0;argv[i];i++) { - a[i]=v; - strcpy(v,argv[i]); - v+=strlen(v)+1; - } - a[i]=0; - for (k=0;envp[k];k++) { - n[k]=v; - strcpy(v,envp[k]); - v+=strlen(v)+1; - } - n[k]="GCL_UNRANDOMIZE=t"; - n[k+1]=0; -#ifdef GCL_GPROF - gprof_cleanup(); +#ifdef CAN_UNRANDOMIZE_SBRK +# ifdef GCL_GPROF +# define GPROF_CLEANUP gprof_cleanup() +# else +# define GPROF_CLEANUP +# endif +# define UNRANDOMIZE_SBRK do { \ + errno=0; \ + { \ + /*READ_IMPLIES_EXEC is for selinux, but selinux will reset it in the child*/ \ + long pers = personality(0xffffffffUL); \ + long flag = ADDR_NO_RANDOMIZE; \ + \ + if (sizeof(long)==4) flag|=ADDR_LIMIT_3GB|ADDR_COMPAT_LAYOUT; \ + \ + if (pers==-1) {printf("personality failure %d\n",errno);exit(-1);} \ + if ((pers & flag)!=flag && !getenv("GCL_UNRANDOMIZE")) { \ + errno=0; \ + if (personality(pers | flag) != -1 && (personality(0xffffffffUL) & flag)==flag) { \ + int i,j,k; \ + char **n,**a; \ + void *v; \ + for (i=j=0;argv[i];i++) \ + j+=strlen(argv[i])+1; \ + for (k=0;envp[k];k++) \ + j+=strlen(envp[k])+1; \ + j+=(i+k+3)*sizeof(char *); \ + if ((v=sbrk(j))==(void *)-1) { \ + printf("Cannot brk environment space\n"); \ + exit(-1); \ + } \ + a=v; \ + v=a+i+1; \ + n=v; \ + v=n+k+2; \ + for (i=0;argv[i];i++) { \ + a[i]=v; \ + strcpy(v,argv[i]); \ + v+=strlen(v)+1; \ + } \ + a[i]=0; \ + for (k=0;envp[k];k++) { \ + n[k]=v; \ + strcpy(v,envp[k]); \ + v+=strlen(v)+1; \ + } \ + n[k]="GCL_UNRANDOMIZE=t"; \ + n[k+1]=0; \ + GPROF_CLEANUP; \ + errno=0; \ + execve(*a,a,n); \ + printf("execve failure %d\n",errno); \ + exit(-1); \ + } else { \ + printf("personality change failure %d\n",errno); \ + exit(-1); \ + } \ + } \ + } \ +} while (0) +#else +# define UNRANDOMIZE_SBRK #endif - errno=0; - execve(*a,a,n); - printf("execve failure %d\n",errno); - exit(-1); - } else { - printf("personality change failure %d\n",errno); - exit(-1); - } - } - } -} --- ./o/main.c.orig 2014-09-06 09:45:30.000000000 -0600 +++ ./o/main.c 2014-09-06 20:00:00.000000000 -0600 @@ -50,6 +50,7 @@ void initialize_process(); #include "include.h" #include #include "page.h" +#include "unrandomize.h" bool saving_system=FALSE; @@ -357,11 +358,7 @@ main(int argc, char **argv, char **envp) gcl_init_alloc(&argv); -#ifdef CAN_UNRANDOMIZE_SBRK -#include -#include -#include "unrandomize.h" -#endif + UNRANDOMIZE_SBRK; #ifdef LD_BIND_NOW #include