Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: build/mac/make_heap_non_executable.py

Issue 7714018: Give plug-in processes an executable heap and disable PIE/ASLR for Native (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 9 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « build/mac/change_mach_o_flags_from_xcode.sh ('k') | build/mac/make_heap_non_executable_from_xcode.sh » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 #!/usr/bin/python
2
3 # Copyright (c) 2011 The Chromium Authors. All rights reserved.
4 # Use of this source code is governed by a BSD-style license that can be
5 # found in the LICENSE file.
6
7 # Usage: make_heap_non_executable.py <executable_path>
8 #
9 # Arranges for the executable at |executable_path| to have its data (heap)
10 # pages protected to prevent execution on Mac OS X 10.7 ("Lion").
11 #
12 # Traditionally in Mac OS X, 32-bit processes did not have data pages set to
13 # prohibit execution. Although user programs could call mprotect and
14 # mach_vm_protect to deny execution of code in data pages, the kernel would
15 # silently ignore such requests without updating the page tables, and the
16 # hardware would happily execute code on such pages. 64-bit processes were
17 # always given proper hardware protection of data pages. This behavior was
18 # controllable on a system-wide level via the vm.allow_data_exec sysctl, which
19 # is set by default to 1. The bit with value 1 (set by default) allows code
20 # execution on data pages for 32-bit processes, and the bit with value 2
21 # (clear by default) does the same for 64-bit processes.
22 #
23 # In Mac OS X 10.7, executables can "opt in" to having hardware protection
24 # against code execution on data pages applied. This is done by setting a new
25 # bit in the |flags| field of an executable's |mach_header|. When
26 # MH_NO_HEAP_EXECUTION is set, proper protections will be applied, regardless
27 # of the setting of vm.allow_data_exec. See xnu-1699.22.73/osfmk/vm/vm_map.c
28 # override_nx and xnu-1699.22.73/bsd/kern/mach_loader.c load_machfile.
29 #
30 # The Apple toolchain has been revised to set the MH_NO_HEAP_EXECUTION when
31 # producing executables, provided that -allow_heap_execute is not specified
32 # at link time. Only linkers shipping with Xcode 4.0 and later (ld64-123.2 and
33 # later) have this ability. See ld64-123.2.1/src/ld/Options.cpp
34 # Options::reconfigureDefaults() and
35 # ld64-123.2.1/src/ld/HeaderAndLoadCommands.hpp
36 # HeaderAndLoadCommandsAtom<A>::flags().
37 #
38 # This script sets the MH_NO_HEAP_EXECUTION bit on Mach-O executables. It is
39 # intended for use with executables produced by a linker that predates Apple's
40 # modifications to set this bit itself. It is also useful for setting this bit
41 # for non-i386 executables, including x86_64 executables. Apple's linker only
42 # sets it for 32-bit i386 executables, presumably under the assumption that
43 # the value of vm.allow_data_exec is set in stone. However, if someone were to
44 # change vm.allow_data_exec to 2 or 3, 64-bit x86_64 executables would run
45 # without hardware protection against code execution on data pages. This
46 # script can set the bit for x86_64 executables, guaranteeing that they run
47 # with appropriate protection even when vm.allow_data_exec has been tampered
48 # with.
49 #
50 # This script is able to operate on thin (single-architecture) Mach-O files
51 # and fat (universal, multi-architecture) files. When operating on fat files,
52 # it will set the MH_NO_HEAP_EXECUTION bit for each architecture contained
53 # therein.
54
55
56 import os
57 import struct
58 import sys
59
60
61 # <mach-o/fat.h>
62 FAT_MAGIC = 0xcafebabe
63 FAT_CIGAM = 0xbebafeca
64
65 # <mach-o/loader.h>
66 MH_MAGIC = 0xfeedface
67 MH_CIGAM = 0xcefaedfe
68 MH_MAGIC_64 = 0xfeedfacf
69 MH_CIGAM_64 = 0xcffaedfe
70 MH_EXECUTE = 0x2
71 MH_NO_HEAP_EXECUTION = 0x1000000
72
73
74 class MachOError(Exception):
75 """A class for exceptions thrown by this module."""
76
77 pass
78
79
80 def CheckedSeek(file, offset):
81 """Seeks the file-like object at |file| to offset |offset| and raises a
82 MachOError if anything funny happens."""
83
84 file.seek(offset, os.SEEK_SET)
85 new_offset = file.tell()
86 if new_offset != offset:
87 raise MachOError, \
88 'seek: expected offset %d, observed %d' % (offset, new_offset)
89
90
91 def CheckedRead(file, count):
92 """Reads |count| bytes from the file-like |file| object, raising a
93 MachOError if any other number of bytes is read."""
94
95 bytes = file.read(count)
96 if len(bytes) != count:
97 raise MachOError, \
98 'read: expected length %d, observed %d' % (count, len(bytes))
99
100 return bytes
101
102
103 def ReadUInt32(file, endian):
104 """Reads an unsinged 32-bit integer from the file-like |file| object,
105 treating it as having endianness specified by |endian| (per the |struct|
106 module), and returns it as a number. Raises a MachOError if the proper
107 length of data can't be read from |file|."""
108
109 bytes = CheckedRead(file, 4)
110
111 (uint32,) = struct.unpack(endian + 'I', bytes)
112 return uint32
113
114
115 def ReadMachHeader(file, endian):
116 """Reads an entire |mach_header| structure (<mach-o/loader.h>) from the
117 file-like |file| object, treating it as having endianness specified by
118 |endian| (per the |struct| module), and returns a 7-tuple of its members
119 as numbers. Raises a MachOError if the proper length of data can't be read
120 from |file|."""
121
122 bytes = CheckedRead(file, 28)
123
124 magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags = \
125 struct.unpack(endian + '7I', bytes)
126 return magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags
127
128
129 def ReadFatArch(file):
130 """Reads an entire |fat_arch| structure (<mach-o/fat.h>) from the file-like
131 |file| object, treating it as having endianness specified by |endian|
132 (per the |struct| module), and returns a 5-tuple of its members as numbers.
133 Raises a MachOError if the proper length of data can't be read from
134 |file|."""
135
136 bytes = CheckedRead(file, 20)
137
138 cputype, cpusubtype, offset, size, align = struct.unpack('>5I', bytes)
139 return cputype, cpusubtype, offset, size, align
140
141
142 def WriteUInt32(file, uint32, endian):
143 """Writes |uint32| as an unsinged 32-bit integer to the file-like |file|
144 object, treating it as having endianness specified by |endian| (per the
145 |struct| module)."""
146
147 bytes = struct.pack(endian + 'I', uint32)
148 assert len(bytes) == 4
149
150 file.write(bytes)
151
152
153 def HandleMachOFile(file, offset=0):
154 """Seeks the file-like |file| object to |offset|, reads its |mach_header|,
155 and rewrites the header's |flags| field if appropriate. The header's
156 endianness is detected. Both 32-bit and 64-bit Mach-O headers are supported
157 (mach_header and mach_header_64). Raises MachOError if used on a header that
158 does not have a known magic number or is not of type MH_EXECUTE. The
159 MH_NO_HEAP_EXECUTION is set in the |flags| field and written to |file| if
160 not already set. If already set, nothing is written."""
161
162 CheckedSeek(file, offset)
163 magic = ReadUInt32(file, '<')
164 if magic == MH_MAGIC or magic == MH_MAGIC_64:
165 endian = '<'
166 elif magic == MH_CIGAM or magic == MH_CIGAM_64:
167 endian = '>'
168 else:
169 raise MachOError, \
170 'Mach-O file at offset %d has illusion of magic' % offset
171
172 CheckedSeek(file, offset)
173 magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags = \
174 ReadMachHeader(file, endian)
175 assert magic == MH_MAGIC or magic == MH_MAGIC_64
176 if filetype != MH_EXECUTE:
177 raise MachOError, \
178 'Mach-O file at offset %d is type 0x%x, expected MH_EXECUTE' % \
179 (offset, filetype)
180
181 if not flags & MH_NO_HEAP_EXECUTION:
182 flags |= MH_NO_HEAP_EXECUTION
183 CheckedSeek(file, offset + 24)
184 WriteUInt32(file, flags, endian)
185
186
187 def HandleFatFile(file, fat_offset=0):
188 """Seeks the file-like |file| object to |offset| and loops over its
189 |fat_header| entries, calling HandleMachOFile for each."""
190
191 CheckedSeek(file, fat_offset)
192 magic = ReadUInt32(file, '>')
193 assert magic == FAT_MAGIC
194
195 nfat_arch = ReadUInt32(file, '>')
196
197 for index in xrange(0, nfat_arch):
198 cputype, cpusubtype, offset, size, align = ReadFatArch(file)
199 assert size >= 28
200
201 # HandleMachOFile will seek around. Come back here after calling it, in
202 # case it sought.
203 fat_arch_offset = file.tell()
204 HandleMachOFile(file, offset)
205 CheckedSeek(file, fat_arch_offset)
206
207
208 def main(me, args):
209 if len(args) != 1:
210 print >>sys.stderr, 'usage: %s <executable_path>' % me
211 return 1
212
213 executable_path = args[0]
214 executable_file = open(executable_path, 'rb+')
215
216 magic = ReadUInt32(executable_file, '<')
217 if magic == FAT_CIGAM:
218 # Check FAT_CIGAM and not FAT_MAGIC because the read was little-endian.
219 HandleFatFile(executable_file)
220 elif magic == MH_MAGIC or magic == MH_CIGAM or \
221 magic == MH_MAGIC_64 or magic == MH_CIGAM_64:
222 HandleMachOFile(executable_file)
223 else:
224 raise MachOError, '%s is not a Mach-O or fat file' % executable_file
225
226 executable_file.close()
227
228 return 0
229
230 if __name__ == '__main__':
231 sys.exit(main(sys.argv[0], sys.argv[1:]))
OLDNEW
« no previous file with comments | « build/mac/change_mach_o_flags_from_xcode.sh ('k') | build/mac/make_heap_non_executable_from_xcode.sh » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698