On 05/29/2013 02:31 AM, "Tóth Attila" wrote:
2013.Május 29.(Sze) 03:29 időpontban Anthony G. Basile ezt írta:
On 05/28/2013 07:46 PM, "Tóth Attila" wrote:
If PT_PAX has E, python2.7 would not start on my system.
Let's correct that:
paxctl-ng -e /usr/bin/python2.7
Now python works again.
Something changed in the latest python upgrades because I'm having
problems of a different nature. I'll have to investigate.
I wanted the community to know, that the situation looks scary for the
first time, but there's an easy fix. In case anybody else runs into this.
You can pass a glob to paxctl-ng so for example
paxctl-ng -v /bin/*
will show PT_PAX and XATTR_PAX flags for all binaries in /bin.
Sidenote:
Even after running migrate-pax -m, there are binaries on the system
having
only PT_PAX marking. Example:
migrate-pax -m
paxctl-ng -v /usr/bin/clear
/usr/bin/clear:
PT_PAX : -e---
XATTR_PAX : not found
Unfortunately it is very difficult to find everything that links against
everything on a system. First there's just a simple logistic problem,
going through all ELF on a system and running ldd (or readelf -d) is
time consuming and likely to miss stuff. On gentoo with portage (not
paludis!) we have linkage info in NEEDED.ELF.2 in vdb created at build
time by examing linkage info, but this also can't be everything.
Consider plugins that dlopen-ed at runtime.
So something will be missed.
Is there an easy command I can use to list binaries having PT_PAX flags
and missing XATTR_PAX flags?
BUT!
That's not what's happening there. No XATTR_PAX flags implies the
default markings which is "-e---". This is so we don't have to go
around creating xattrs on every ELF binary on your system just to get
the default. Upstream wanted it that way and it does make sense.
According to my recent experience, if EMUTRAMP is enabled by a PT_PAX flag
and there's no XATTR_PAX flag present, the system will listen to the
PT_PAX flag. Can I influence this behavior to rather use the mentioned
XATTR_PAX default and don't pay attention to the PT_PAX flag?
Thanks:
Dw.
If you have PAX_PT_PAX_FLAGS off and PAX_XATTR_PAX_FLAGS on it will only
listen to the XATTR_PAX flags.
--
Anthony G. Basile, Ph. D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
(716) 829-8197
