From d884cc83b0e44c27d5d01e97a0b0f85582f5d435 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Thu, 12 Jun 2014 16:11:21 -0400 Subject: [PATCH] remove unnecessary PaX detection Rust no longer has support for JIT compilation, so it doesn't currently require a PaX MPROTECT exception. The extended attributes are preferred over modifying the binaries so it's not actually going to work on most systems like this anyway. If JIT compilation ends up being supported again, it should handle this by *always* applying the exception via an extended attribute without performing auto-detection of PaX on the host. The `paxctl` tool is only necessary with the older method involving modifying the ELF binary. --- configure | 52 ---------------------------------------------------- mk/stage0.mk | 4 ---- 2 files changed, 56 deletions(-) diff --git a/configure b/configure index e5106f93d35..3a306085c77 100755 --- a/configure +++ b/configure @@ -416,7 +416,6 @@ opt mingw-cross 0 "cross-compile for win32 using mingw" opt clang 0 "prefer clang to gcc for building the runtime" opt ccache 0 "invoke gcc/clang via ccache to reuse object files between builds" opt local-rust 0 "use an installed rustc rather than downloading a snapshot" -opt pax-flags 0 "apply PaX flags to rustc binaries (required for GRSecurity/PaX-patched kernels)" opt inject-std-version 1 "inject the current compiler version of libstd into programs" opt llvm-static-stdcpp 0 "statically link to libstdc++ for LLVM" opt rpath 1 "build rpaths into rustc itself" @@ -518,12 +517,6 @@ then fi fi -if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ] -then - probe CFG_PAXCTL paxctl /sbin/paxctl - probe CFG_ZCAT zcat -fi - step_msg "looking for target specific programs" probe CFG_ADB adb @@ -546,51 +539,6 @@ then fi fi -if [ "$CFG_OSTYPE" = "unknown-linux-gnu" ] -then - if [ ! -z "$CFG_ENABLE_PAX_FLAGS" -a -z "$CFG_PAXCTL" ] - then - err "enabled PaX markings but no paxctl binary found" - fi - - if [ -z "$CFG_DISABLE_PAX_FLAGS" ] - then - # GRSecurity/PaX detection. This can be very flaky. - GRSEC_DETECTED= - - # /dev/grsec only exists if CONFIG_GRKERNSEC_NO_RBAC is not set. - # /proc/sys/kernel/grsecurity is not available if ÇONFIG_GRKERNSEC_SYSCTL is not set. - if [ -e /dev/grsec -o -d /proc/sys/kernel/grsecurity ] - then - GRSEC_DETECTED=1 - # /proc/config.gz is normally only available to root, and only if CONFIG_IKCONFIG_PROC has been set. - elif [ -r /proc/config.gz -a ! -z "$CFG_ZCAT" ] - then - if "$CFG_ZCAT" /proc/config.gz | grep --quiet "CONFIG_GRKERNSEC=y" - then - GRSEC_DETECTED=1 - fi - # Flaky. - elif grep --quiet grsec /proc/version - then - GRSEC_DETECTED=1 - fi - - if [ ! -z "$GRSEC_DETECTED" ] - then - step_msg "GRSecurity: yes" - if [ ! -z "$CFG_PAXCTL" ] - then - CFG_ENABLE_PAX_FLAGS=1 - else - warn "GRSecurity kernel detected but no paxctl binary found: not setting CFG_ENABLE_PAX_FLAGS" - fi - else - step_msg "GRSecurity: no" - fi - fi -fi - BIN_SUF= if [ "$CFG_OSTYPE" = "pc-mingw32" ] || [ "$CFG_OSTYPE" = "w64-mingw32" ] then diff --git a/mk/stage0.mk b/mk/stage0.mk index 080e733724d..972cfecea71 100644 --- a/mk/stage0.mk +++ b/mk/stage0.mk @@ -18,10 +18,6 @@ ifdef CFG_ENABLE_LOCAL_RUST $(Q)$(S)src/etc/local_stage0.sh $(CFG_BUILD) $(CFG_LOCAL_RUST_ROOT) rustlib else $(Q)$(CFG_PYTHON) $(S)src/etc/get-snapshot.py $(CFG_BUILD) $(SNAPSHOT_FILE) -ifdef CFG_ENABLE_PAX_FLAGS - @$(call E, apply PaX flags: $@) - @"$(CFG_PAXCTL)" -cm "$@" -endif endif $(Q)touch $@