From d3a1c675c8dbdd3504b9465f17fbf75dab5cd20c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Deuc=D0=B5?= <shurd@sasktel.net>
Date: Mon, 5 Feb 2024 03:34:20 -0500
Subject: [PATCH] Allow RWX pages on NetBSD and OpenBSD.

By default, both NetBSD and OpenBSD will not allow pages to be mapped
both writable and executable.

On OpenBSD, if the filesystem is mounted with the wxallowed option,
this would work, and before v6.0, passing -z wxallowed to the linker
would allow it on a per-binary basis.  However, since this is not
the default, and since the JS engine can use mprotect() to switch
between RW and RX, I've decided to enable this instead.  This will
slow things down, but it will work "out of the box".

For NetBSD, the situation is different, you can't switch between
RW and RX using mprotect()... instead, you need to use mremap() to
get a separate mapping for each set of perms.  This does *not*
appear to be present in the 1.8.5 source, so we can't do the same
fix as OpenBSD.  Instead, NetBSD allows paxctl to add an elf note
indicating that RWX is needed, and it "just works" (by default).
---
 3rdp/build/GNUmakefile           |  2 +-
 3rdp/build/js-no-rwx-pages.patch | 13 +++++++++++++
 src/sbbs3/GNUmakefile            |  9 +++++++++
 3 files changed, 23 insertions(+), 1 deletion(-)
 create mode 100644 3rdp/build/js-no-rwx-pages.patch

diff --git a/3rdp/build/GNUmakefile b/3rdp/build/GNUmakefile
index 6aaf19fb6b..04d68cb878 100644
--- a/3rdp/build/GNUmakefile
+++ b/3rdp/build/GNUmakefile
@@ -58,7 +58,6 @@ $(JS_SRC): | $(3RDPSRCDIR)
 $(JS_IDIR): | $(3RDPODIR)
 	$(QUIET)$(IFNOTEXIST) mkdir $(JS_IDIR)
 
-#	$(QUIET)patch -b -p0 -d $(JS_SRC) < js-no-rwx-pages.patch
 $(JSLIB_BUILD): $(3RDP_ROOT)/dist/libmozjs.tgz $(3RDP_ROOT)/build/js_src_jsnativestack_cpp.patch $(3RDP_ROOT)/build/js-configure.patch $(3RDP_ROOT)/build/js-configure.in.patch $(3RDP_ROOT)/build/imacro-asm-fix.patch $(3RDP_ROOT)/build/js-volatile-outside-functions.patch $(3RDP_ROOT)/build/js-Wno-misleading-indentation.patch $(3RDP_ROOT)/build/js-allow-python3.patch $(3RDP_ROOT)/build/js-no-rwx-pages.patch $(3RDP_ROOT)/build/js-disable-shell.patch | $(JS_SRC) $(JS_IDIR)
 	@echo Creating $@ ...
 	$(QUIET)-rm -rf $(JS_SRC)/*
@@ -75,6 +74,7 @@ $(JSLIB_BUILD): $(3RDP_ROOT)/dist/libmozjs.tgz $(3RDP_ROOT)/build/js_src_jsnativ
 	$(QUIET)patch -b -p0 -d $(JS_SRC) < js-makefile.patch
 	$(QUIET)patch -b -p0 -d $(JS_SRC) < js-disable-warnings.patch
 	$(QUIET)patch -b -p0 -d $(JS_SRC) < js-disable-shell.patch
+	$(QUIET)patch -b -p0 -d $(JS_SRC) < js-no-rwx-pages.patch
 	-$(QUIET)cd $(JS_SRC)/js-1.8.5/js/src && autoconf-2.13
 	$(QUIET)cd $(JS_SRC)/js-1.8.5/js/src && env $(JS_CONFIGURE_ENV) ./configure $(JS_CONFIGURE_ARGS)
 ifdef VERBOSE
diff --git a/3rdp/build/js-no-rwx-pages.patch b/3rdp/build/js-no-rwx-pages.patch
new file mode 100644
index 0000000000..981cb2ee54
--- /dev/null
+++ b/3rdp/build/js-no-rwx-pages.patch
@@ -0,0 +1,13 @@
+--- ./js-1.8.5/js/src/assembler/wtf/Platform.h.orig	2011-03-31 15:08:36.000000000 -0400
++++ ./js-1.8.5/js/src/assembler/wtf/Platform.h	2024-02-05 02:46:23.601607000 -0500
+@@ -935,8 +935,9 @@
+ #endif
+ /* Setting this flag prevents the assembler from using RWX memory; this may improve
+    security but currectly comes at a significant performance cost. */
+-#if WTF_PLATFORM_IPHONE
++#if WTF_PLATFORM_OPENBSD || WTF_PLATFORM_IPHONE
+ #define ENABLE_ASSEMBLER_WX_EXCLUSIVE 1
++#define WTF_ENABLE_ASSEMBLER_WX_EXCLUSIVE 1
+ #else
+ #define ENABLE_ASSEMBLER_WX_EXCLUSIVE 0
+ #endif
diff --git a/src/sbbs3/GNUmakefile b/src/sbbs3/GNUmakefile
index 0228efd06b..8caa255a13 100644
--- a/src/sbbs3/GNUmakefile
+++ b/src/sbbs3/GNUmakefile
@@ -166,6 +166,9 @@ LDFLAGS +=	$(UIFC-MT_LDFLAGS) $(XPDEV-MT_LDFLAGS) $(SMBLIB_LDFLAGS) $(ENCODE_LDF
 $(SBBS): $(JS_DEPS) $(CRYPT_DEPS) $(OBJS) $(LIBS) $(EXTRA_SBBS_DEPENDS) $(ENCODE_LIB) $(HASH_LIB) | $(LIBODIR)
 	@echo Linking $@
 	$(QUIET)$(MKSHPPLIB) $(LDFLAGS) -o $@ $(OBJS) $(SBBS_LIBS) $(SMBLIB_LIBS) $(LIBS) $(SHLIBOPTS) $(JS_LIBS) $(CRYPT_LIBS) $(ENCODE_LIBS) $(HASH_LIBS) $(XPDEV-MT_LIBS) $(FILE_LIBS) -Wl,--version-script=sbbs.version
+ifeq ($(os), netbsd)
+	paxctl +m $(SBBS)
+endif
 
 # FTP Server Link Rule
 $(FTPSRVR): $(MTOBJODIR)/ftpsrvr.o
@@ -251,11 +254,17 @@ $(MAKEUSER): $(MAKEUSER_OBJS) | $(EXEODIR)
 $(JSDOOR): $(JSDOOR_OBJS) $(XPDEV_LIB) $(ENCODE_LIB) $(HASH_LIB) | $(EXEODIR)
 	@echo Linking $@
 	$(QUIET)$(CXX) $(JS_CFLAGS) $(LDFLAGS) $(MT_LDFLAGS) -o $@ $(JSDOOR_OBJS) $(JS_LIBS) $(CRYPT_LIBS) $(UIFC-MT_LIBS) $(CIOLIB-MT_LIBS) $(SMBLIB_LIBS) $(ENCODE_LIBS) $(XPDEV-MT_LIBS) $(HASH_LIBS) $(FILE_LIBS)
+ifeq ($(os), netbsd)
+	paxctl +m $(JSDOOR)
+endif
 
 # JSEXEC
 $(JSEXEC): $(JSEXEC_OBJS) $(SBBS) | $(EXEODIR)
 	@echo Linking $@
 	$(QUIET)$(CXX) $(LDFLAGS) $(MT_LDFLAGS) -o $@ $(JSEXEC_OBJS) -lsbbs $(JS_LIBS) $(SMBLIB_LIBS) $(UIFC-MT_LIBS) $(CIOLIB-MT_LIBS) $(XPDEV-MT_LIBS)
+ifeq ($(os), netbsd)
+	paxctl +m $(JSEXEC)
+endif
 
 # ANS2ASC
 $(ANS2ASC): $(OBJODIR)/ans2asc.o $(OBJODIR)/sauce.o $(XPDEV_LIB) | $(EXEODIR)
-- 
GitLab