From 7854a924c7c91d754c3b0b4c79048ade139d614d Mon Sep 17 00:00:00 2001
From: John Reiser <jreiser@BitWagon.com>
Date: Sat, 20 May 2000 15:49:25 +0000
Subject: [PATCH] put overlay into PT_LOAD, in order to protect from
 /usr/bin/strip, and prepare to discontinue use of /proc/exe by stub 
 p_unix.cpp p_unix.h stub/Makefile 	stub/l_lx_exec86.lds

committer: jreiser <jreiser> 958837765 +0000
---
 src/p_unix.cpp           | 33 +++++++++++++++++++++++++++++++--
 src/p_unix.h             |  2 ++
 src/stub/Makefile        | 28 ++++++++++++++--------------
 src/stub/l_lx_exec86.lds | 17 +++++++++++++++++
 4 files changed, 64 insertions(+), 16 deletions(-)
 create mode 100644 src/stub/l_lx_exec86.lds

diff --git a/src/p_unix.cpp b/src/p_unix.cpp
index 181539d3..6cad77f9 100644
--- a/src/p_unix.cpp
+++ b/src/p_unix.cpp
@@ -191,6 +191,8 @@ void PackUnix::pack(OutputFile *fo)
     set_native32(obuf, lsize);
     fo->write(obuf, 4);
 
+    updateLoader(fo);
+
     // finally check compression ratio
     if (!Packer::checkCompressionRatio(fo->getBytesWritten(), ph.u_len))
         throwNotCompressible();
@@ -425,13 +427,14 @@ void PackLinuxI386::patchLoader()
     patchVersion(loader,lsize);
 
     // The beginning of our loader consists of a elf_hdr (52 bytes) and
-    // two sections elf_phdr (2 * 32 byte), so we have 12 free bytes
+    // one     section elf_phdr (32 byte) now,
+    // another section elf_phdr (32 byte) later, so we have 12 free bytes
     // from offset 116 to the program start at offset 128.
     assert(get_le32(loader + 28) == 52);        // e_phoff
     assert(get_le32(loader + 32) == 0);         // e_shoff
     assert(get_le16(loader + 40) == 52);        // e_ehsize
     assert(get_le16(loader + 42) == 32);        // e_phentsize
-    assert(get_le16(loader + 44) == 2);         // e_phnum
+    assert(get_le16(loader + 44) == 1);         // e_phnum
     assert(get_le16(loader + 48) == 0);         // e_shnum
     assert(lsize > 128 && lsize < 4096);
 
@@ -454,6 +457,32 @@ void PackLinuxI386::patchLoaderChecksum()
 }
 
 
+void PackLinuxI386::updateLoader(OutputFile *fo)
+{
+#define PAGE_MASK (~0<<12)
+    Elf_LE32_Ehdr *ehdr = (Elf_LE32_Ehdr *)(unsigned char *)loader;
+    ehdr->e_phnum = 2;
+
+    // The first Phdr maps the stub (instructions, data, bss) rwx.
+    // Round up hi address to page boundary.
+    Elf_LE32_Phdr *phdro = (Elf_LE32_Phdr *)(sizeof(Elf_LE32_Ehdr)+loader);
+    unsigned const vaddr2 = PAGE_MASK & (~PAGE_MASK + phdro->p_memsz + phdro->p_vaddr);
+
+    // The second Phdr maps the overlay r--,
+    // to defend against /usr/bin/strip removing the overlay.
+    ++phdro;
+    phdro->p_type = PT_LOAD;
+    phdro->p_offset = lsize;
+    phdro->p_paddr = phdro->p_vaddr = vaddr2 + (lsize &~ PAGE_MASK);
+    phdro->p_memsz = phdro->p_filesz = fo->getBytesWritten() - lsize;
+    phdro->p_flags = PF_R;
+    phdro->p_align = -PAGE_MASK;
+
+    patchLoaderChecksum();
+    fo->seek(0, SEEK_SET);
+    fo->rewrite(loader, 0x80);
+#undef PAGE_MASK
+}
 /*
 vi:ts=4:et
 */
diff --git a/src/p_unix.h b/src/p_unix.h
index 3dd636e9..9e8f9730 100644
--- a/src/p_unix.h
+++ b/src/p_unix.h
@@ -53,6 +53,7 @@ protected:
     // called by the generic pack()
     virtual void patchLoader() = 0;
     virtual void patchLoaderChecksum() {}
+    virtual void updateLoader(OutputFile *) = 0;
 
     // in order too share as much code as possible we introduce
     // an endian abstraction here
@@ -146,6 +147,7 @@ protected:
 
     virtual void patchLoader();
     virtual void patchLoaderChecksum();
+    virtual void updateLoader(OutputFile *);
 
     enum {
         UPX_ELF_MAGIC = 0x5850557f          // "\x7fUPX"
diff --git a/src/stub/Makefile b/src/stub/Makefile
index 5addfb87..fe90be8a 100644
--- a/src/stub/Makefile
+++ b/src/stub/Makefile
@@ -186,9 +186,9 @@ l_w32pe.h: l_w32pe.asx
 # // linux rules (exec, elf, sh, sep)
 # ************************************************************************/
 
-l_lx_n2b.h: l_lx_exec.c l_xe_n2b.o
-	$(CC_LINUX) -DNRV2B -s -o $T.o -c $<
-	ld -s -Map l_lx_n2b.map -o $T.bin \
+l_lx_n2b.h: l_lx_exec.c l_xe_n2b.o l_lx_exec86.lds
+	$(CC_LINUX) -DNRV2B -o $T.o -c $<
+	ld -T l_lx_exec86.lds -Map l_lx_n2b.map -o $T.bin \
 		l_xe_n2b.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(STRIPELF) $T.bin
@@ -196,8 +196,8 @@ l_lx_n2b.h: l_lx_exec.c l_xe_n2b.o
 	$(BIN2H) $T.bin linux_i386exec_nrv2b_loader $@
 
 l_le_n2b.h: l_lx_elf.c l_6e_n2b.o l_lx_elf86.lds
-	$(CC_LINUX) -DNRV2B -s -o $T.o -c $<
-	ld -T l_lx_elf86.lds -s -Map $T.map -o $T.bin \
+	$(CC_LINUX) -DNRV2B -o $T.o -c $<
+	ld -T l_lx_elf86.lds -Map $T.map -o $T.bin \
 		l_6e_n2b.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(SETFOLD) $T.bin 0x`nm l_6e_n2b.o | grep fold_begin`
@@ -206,8 +206,8 @@ l_le_n2b.h: l_lx_elf.c l_6e_n2b.o l_lx_elf86.lds
 	$(BIN2H) $T.bin linux_i386elf_nrv2b_loader $@
 
 l_sh_n2b.h: l_lx_sh.c l_6h_n2b.o l_lx_sh86.lds
-	$(CC_LINUX) -DNRV2B -s -o $T.o -c $<
-	ld -T l_lx_sh86.lds -s -Map $T.map -o $T.bin \
+	$(CC_LINUX) -DNRV2B -o $T.o -c $<
+	ld -T l_lx_sh86.lds -Map $T.map -o $T.bin \
 		l_6h_n2b.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(SETFOLD) $T.bin 0x`nm l_6h_n2b.o | grep fold_begin`
@@ -225,9 +225,9 @@ l_6h_n2b.o: l_lx_sh86.asm
 	$(NASM) -i$(UCL_I386)/ -f elf -dNRV2B -o $@ $<
 
 
-l_lx_n2d.h: l_lx_exec.c l_xe_n2d.o
-	$(CC_LINUX) -DNRV2D -s -o $T.o -c $<
-	ld -s -Map $T.map -o $T.bin \
+l_lx_n2d.h: l_lx_exec.c l_xe_n2d.o l_lx_exec86.lds
+	$(CC_LINUX) -DNRV2D -o $T.o -c $<
+	ld -T l_lx_exec86.lds -Map $T.map -o $T.bin \
 		l_xe_n2d.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(STRIPELF) $T.bin
@@ -235,8 +235,8 @@ l_lx_n2d.h: l_lx_exec.c l_xe_n2d.o
 	$(BIN2H) $T.bin linux_i386exec_nrv2d_loader $@
 
 l_le_n2d.h: l_lx_elf.c l_6e_n2d.o l_lx_elf86.lds
-	$(CC_LINUX) -DNRV2D -s -o $T.o -c $<
-	ld -T l_lx_elf86.lds -s -Map $T.map -o $T.bin \
+	$(CC_LINUX) -DNRV2D -o $T.o -c $<
+	ld -T l_lx_elf86.lds -Map $T.map -o $T.bin \
 		l_6e_n2d.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(SETFOLD) $T.bin 0x`nm l_6e_n2d.o | grep fold_begin`
@@ -245,8 +245,8 @@ l_le_n2d.h: l_lx_elf.c l_6e_n2d.o l_lx_elf86.lds
 	$(BIN2H) $T.bin linux_i386elf_nrv2d_loader $@
 
 l_sh_n2d.h: l_lx_sh.c l_6h_n2d.o l_lx_sh86.lds
-	$(CC_LINUX) -DNRV2D -s -o $T.o -c $<
-	ld -T l_lx_sh86.lds -s -Map $T.map -o $T.bin \
+	$(CC_LINUX) -DNRV2D -o $T.o -c $<
+	ld -T l_lx_sh86.lds -Map $T.map -o $T.bin \
 		l_6h_n2d.o $T.o
 	objcopy -S -R .comment -R .note $T.bin
 	$(SETFOLD) $T.bin 0x`nm l_6h_n2d.o | grep fold_begin`
diff --git a/src/stub/l_lx_exec86.lds b/src/stub/l_lx_exec86.lds
new file mode 100644
index 00000000..3226aacb
--- /dev/null
+++ b/src/stub/l_lx_exec86.lds
@@ -0,0 +1,17 @@
+OUTPUT_FORMAT("elf32-i386", "elf32-i386", "elf32-i386")
+OUTPUT_ARCH(i386)
+ENTRY(_start)
+SECTIONS
+{
+  /*  0x08048000: customary Linux/x86 Elf .text start */
+  . = 0x08048000 + SIZEOF_HEADERS;
+  . = ALIGN(0x80);  /* room for Ehdr, 2*Phdr, l_info */
+  .data : { /* put everything together in one Phdr */
+    *(.text)
+    *(.rodata)
+    *(.data)
+    *(.bss)
+    *(COMMON)
+  }
+  /* save other Phdr for the overlay */
+}