The Tor Browser: media/webrtc/trunk/build/mac/change_mach_o

media/webrtc/trunk/build/mac/change_mach_o_flags.py@6474c204b198 (annotated)

media/webrtc/trunk/build/mac/change_mach_o_flags.py

Wed, 31 Dec 2014 06:09:35 +0100

author: Michael Schloh von Bennewitz <michael@schloh.com>
date: Wed, 31 Dec 2014 06:09:35 +0100
changeset 0: 6474c204b198
permissions: -rwxr-xr-x

Cloned upstream origin tor-browser at tor-browser-31.3.0esr-4.5-1-build1
revision ID fc1c9ff7c1b2defdbc039f12214767608f46423f for hacking purpose.

 #!/usr/bin/env python
 # Copyright (c) 2011 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 """Usage: change_mach_o_flags.py [--executable-heap] [--no-pie] <executablepath>
 Arranges for the executable at |executable_path| to have its data (heap)
 pages protected to prevent execution on Mac OS X 10.7 ("Lion"), and to have
 the PIE (position independent executable) bit set to enable ASLR (address
 space layout randomization). With --executable-heap or --no-pie, the
 respective bits are cleared instead of set, making the heap executable or
 disabling PIE/ASLR.
 This script is able to operate on thin (single-architecture) Mach-O files
 and fat (universal, multi-architecture) files. When operating on fat files,
 it will set or clear the bits for each architecture contained therein.
 NON-EXECUTABLE HEAP
 Traditionally in Mac OS X, 32-bit processes did not have data pages set to
 prohibit execution. Although user programs could call mprotect and
 mach_vm_protect to deny execution of code in data pages, the kernel would
 silently ignore such requests without updating the page tables, and the
 hardware would happily execute code on such pages. 64-bit processes were
 always given proper hardware protection of data pages. This behavior was
 controllable on a system-wide level via the vm.allow_data_exec sysctl, which
 is set by default to 1. The bit with value 1 (set by default) allows code
 execution on data pages for 32-bit processes, and the bit with value 2
 (clear by default) does the same for 64-bit processes.
 In Mac OS X 10.7, executables can "opt in" to having hardware protection
 against code execution on data pages applied. This is done by setting a new
 bit in the |flags| field of an executable's |mach_header|. When
 MH_NO_HEAP_EXECUTION is set, proper protections will be applied, regardless
 of the setting of vm.allow_data_exec. See xnu-1699.22.73/osfmk/vm/vm_map.c
 override_nx and xnu-1699.22.73/bsd/kern/mach_loader.c load_machfile.
 The Apple toolchain has been revised to set the MH_NO_HEAP_EXECUTION when
 producing executables, provided that -allow_heap_execute is not specified
 at link time. Only linkers shipping with Xcode 4.0 and later (ld64-123.2 and
 later) have this ability. See ld64-123.2.1/src/ld/Options.cpp
 Options::reconfigureDefaults() and
 ld64-123.2.1/src/ld/HeaderAndLoadCommands.hpp
 HeaderAndLoadCommandsAtom<A>::flags().
 This script sets the MH_NO_HEAP_EXECUTION bit on Mach-O executables. It is
 intended for use with executables produced by a linker that predates Apple's
 modifications to set this bit itself. It is also useful for setting this bit
 for non-i386 executables, including x86_64 executables. Apple's linker only
 sets it for 32-bit i386 executables, presumably under the assumption that
 the value of vm.allow_data_exec is set in stone. However, if someone were to
 change vm.allow_data_exec to 2 or 3, 64-bit x86_64 executables would run
 without hardware protection against code execution on data pages. This
 script can set the bit for x86_64 executables, guaranteeing that they run
 with appropriate protection even when vm.allow_data_exec has been tampered
 with.
 POSITION-INDEPENDENT EXECUTABLES/ADDRESS SPACE LAYOUT RANDOMIZATION
 This script sets or clears the MH_PIE bit in an executable's Mach-O header,
 enabling or disabling position independence on Mac OS X 10.5 and later.
 Processes running position-independent executables have varying levels of
 ASLR protection depending on the OS release. The main executable's load
 address, shared library load addresess, and the heap and stack base
 addresses may be randomized. Position-independent executables are produced
 by supplying the -pie flag to the linker (or defeated by supplying -no_pie).
 Executables linked with a deployment target of 10.7 or higher have PIE on
 by default.
 This script is never strictly needed during the build to enable PIE, as all
 linkers used are recent enough to support -pie. However, it's used to
 disable the PIE bit as needed on already-linked executables.
 """
 import optparse
 import os
 import struct
 import sys
 # <mach-o/fat.h>
 FAT_MAGIC = 0xcafebabe
 FAT_CIGAM = 0xbebafeca
 # <mach-o/loader.h>
 MH_MAGIC = 0xfeedface
 MH_CIGAM = 0xcefaedfe
 MH_MAGIC_64 = 0xfeedfacf
 MH_CIGAM_64 = 0xcffaedfe
 MH_EXECUTE = 0x2
 MH_PIE = 0x00200000
 MH_NO_HEAP_EXECUTION = 0x01000000
 class MachOError(Exception):
   """A class for exceptions thrown by this module."""
   pass
 def CheckedSeek(file, offset):
   """Seeks the file-like object at |file| to offset |offset| and raises a
   MachOError if anything funny happens."""
   file.seek(offset, os.SEEK_SET)
   new_offset = file.tell()
   if new_offset != offset:
     raise MachOError, \
           'seek: expected offset %d, observed %d' % (offset, new_offset)
 def CheckedRead(file, count):
   """Reads |count| bytes from the file-like |file| object, raising a
   MachOError if any other number of bytes is read."""
   bytes = file.read(count)
   if len(bytes) != count:
     raise MachOError, \
           'read: expected length %d, observed %d' % (count, len(bytes))
   return bytes
 def ReadUInt32(file, endian):
   """Reads an unsinged 32-bit integer from the file-like |file| object,
   treating it as having endianness specified by |endian| (per the |struct|
   module), and returns it as a number. Raises a MachOError if the proper
   length of data can't be read from |file|."""
   bytes = CheckedRead(file, 4)
   (uint32,) = struct.unpack(endian + 'I', bytes)
   return uint32
 def ReadMachHeader(file, endian):
   """Reads an entire |mach_header| structure (<mach-o/loader.h>) from the
   file-like |file| object, treating it as having endianness specified by
   |endian| (per the |struct| module), and returns a 7-tuple of its members
   as numbers. Raises a MachOError if the proper length of data can't be read
   from |file|."""
   bytes = CheckedRead(file, 28)
   magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags = \
       struct.unpack(endian + '7I', bytes)
   return magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags
 def ReadFatArch(file):
   """Reads an entire |fat_arch| structure (<mach-o/fat.h>) from the file-like
   |file| object, treating it as having endianness specified by |endian|
   (per the |struct| module), and returns a 5-tuple of its members as numbers.
   Raises a MachOError if the proper length of data can't be read from
   |file|."""
   bytes = CheckedRead(file, 20)
   cputype, cpusubtype, offset, size, align = struct.unpack('>5I', bytes)
   return cputype, cpusubtype, offset, size, align
 def WriteUInt32(file, uint32, endian):
   """Writes |uint32| as an unsinged 32-bit integer to the file-like |file|
   object, treating it as having endianness specified by |endian| (per the
   |struct| module)."""
   bytes = struct.pack(endian + 'I', uint32)
   assert len(bytes) == 4
   file.write(bytes)
 def HandleMachOFile(file, options, offset=0):
   """Seeks the file-like |file| object to |offset|, reads its |mach_header|,
   and rewrites the header's |flags| field if appropriate. The header's
   endianness is detected. Both 32-bit and 64-bit Mach-O headers are supported
   (mach_header and mach_header_64). Raises MachOError if used on a header that
   does not have a known magic number or is not of type MH_EXECUTE. The
   MH_PIE and MH_NO_HEAP_EXECUTION bits are set or cleared in the |flags| field
   according to |options| and written to |file| if any changes need to be made.
   If already set or clear as specified by |options|, nothing is written."""
   CheckedSeek(file, offset)
   magic = ReadUInt32(file, '<')
   if magic == MH_MAGIC or magic == MH_MAGIC_64:
     endian = '<'
   elif magic == MH_CIGAM or magic == MH_CIGAM_64:
     endian = '>'
   else:
     raise MachOError, \
           'Mach-O file at offset %d has illusion of magic' % offset
   CheckedSeek(file, offset)
   magic, cputype, cpusubtype, filetype, ncmds, sizeofcmds, flags = \
       ReadMachHeader(file, endian)
   assert magic == MH_MAGIC or magic == MH_MAGIC_64
   if filetype != MH_EXECUTE:
     raise MachOError, \
           'Mach-O file at offset %d is type 0x%x, expected MH_EXECUTE' % \
               (offset, filetype)
   original_flags = flags
   if options.no_heap_execution:
     flags |= MH_NO_HEAP_EXECUTION
   else:
     flags &= ~MH_NO_HEAP_EXECUTION
   if options.pie:
     flags |= MH_PIE
   else:
     flags &= ~MH_PIE
   if flags != original_flags:
     CheckedSeek(file, offset + 24)
     WriteUInt32(file, flags, endian)
 def HandleFatFile(file, options, fat_offset=0):
   """Seeks the file-like |file| object to |offset| and loops over its
   |fat_header| entries, calling HandleMachOFile for each."""
   CheckedSeek(file, fat_offset)
   magic = ReadUInt32(file, '>')
   assert magic == FAT_MAGIC
   nfat_arch = ReadUInt32(file, '>')
   for index in xrange(0, nfat_arch):
     cputype, cpusubtype, offset, size, align = ReadFatArch(file)
     assert size >= 28
     # HandleMachOFile will seek around. Come back here after calling it, in
     # case it sought.
     fat_arch_offset = file.tell()
     HandleMachOFile(file, options, offset)
     CheckedSeek(file, fat_arch_offset)
 def main(me, args):
   parser = optparse.OptionParser('%prog [options] <executable_path>')
   parser.add_option('--executable-heap', action='store_false',
                     dest='no_heap_execution', default=True,
                     help='Clear the MH_NO_HEAP_EXECUTION bit')
   parser.add_option('--no-pie', action='store_false',
                     dest='pie', default=True,
                     help='Clear the MH_PIE bit')
   (options, loose_args) = parser.parse_args(args)
   if len(loose_args) != 1:
     parser.print_usage()
     return 1
   executable_path = loose_args[0]
   executable_file = open(executable_path, 'rb+')
   magic = ReadUInt32(executable_file, '<')
   if magic == FAT_CIGAM:
     # Check FAT_CIGAM and not FAT_MAGIC because the read was little-endian.
     HandleFatFile(executable_file, options)
   elif magic == MH_MAGIC or magic == MH_CIGAM or \
       magic == MH_MAGIC_64 or magic == MH_CIGAM_64:
     HandleMachOFile(executable_file, options)
   else:
     raise MachOError, '%s is not a Mach-O or fat file' % executable_file
   executable_file.close()
   return 0
 if __name__ == '__main__':
   sys.exit(main(sys.argv[0], sys.argv[1:]))

The Tor Browser / annotate

media/webrtc/trunk/build/mac/change_mach_o_flags.py@6474c204b198 (annotated)

media/webrtc/trunk/build/mac/change_mach_o_flags.py