blob: ad40b5fdcae3b3c497036885afe9a6361c9adfaa (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
#!/sbin/runscript
# Copyright 1999-2003 Gentoo Technologies, Inc.
# Distributed under the terms of the GNU General Public License v2
depend() {
need bootmisc
}
checkconfig() {
if [ "x$CHPAX" = "x" ]; then
CHPAX="/sbin/chpax /sbin/paxctl"
fi
# Find non-existant chpaxes
REALCHPAX=""
for i in $CHPAX; do
REALCHPAX="$REALCHPAX`$i -v $i >/dev/null 2>&1 && echo \ $i`"
done
if [ "x$REALCHPAX" = "x" ]; then
eerror "error: none of the specified chpax commands exist!"
return 1
fi
CHPAX="$REALCHPAX"
}
chpax_flag() {
flag=$1
fname=$2
#if [ -w ${fname} ]; then
#einfo "-${flag} flagging ${fname}"
for i in $CHPAX; do
#einfo " with $i"
# nonverbose is ultraquiet
if [ "$VERBOSE" = "yes" -a -x ${fname} ]; then
einfo "-${flag} flagging ${fname} with $i"
$i -$flag ${fname}
[ $? != 0 ] && eerror "error: $i -$flag ${fname}"
else
[ -x ${fname} ] && $i -$flag ${fname} 2>/dev/null >/dev/null
fi
done
#fi
}
fix_exempts() {
#need to do this for foo{,bar,baz} expressions to work.
PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT`
TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT`
RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT`
MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT`
SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT`
PS_EXEC_EXEMPT=`eval echo $PS_EXEC_EXEMPT`
RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT`
}
start() {
checkconfig || return 1
fix_exempts
ebegin "Setting PaX flags on binaries"
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done
for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done
for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done
for s in $PS_EXEC_EXEMPT; do chpax_flag psem ${s} ;done
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done
eend
return 0
}
stop() {
checkconfig || return 1
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0
fix_exempts
einfo "chpax zero flag masking"
for p in $PAGEEXEC_EXEMPT; do chpax_flag ze ${p} ;done
for e in $TRAMPOLINE_EXEMPT; do chpax_flag ze ${e} ;done
for r in $RANDMMAP_EXEMPT; do chpax_flag ze ${r} ;done
for m in $MPROTECT_EXEMPT; do chpax_flag ze ${m} ;done
for s in $SEGMEXEC_EXEMPT; do chpax_flag ze ${s} ;done
for s in $PS_EXEC_EXEMPT; do chpax_flag ze ${s} ;done
for x in $RANDEXEC_EXEMPT; do chpax_flag ze ${x} ;done
return 0
}
|
GitWeb