92 lines
2.5 KiB
Makefile
92 lines
2.5 KiB
Makefile
#!/sbin/runscript
|
|
# Copyright 1999-2004 Gentoo Foundation
|
|
# Distributed under the terms of the GNU General Public License v2
|
|
# $Header: /var/cvsroot/gentoo-x86/sys-apps/chpax/files/Attic/pax-init.d,v 1.8 2004/09/28 01:49:28 swegener Exp $
|
|
|
|
depend() {
|
|
need bootmisc
|
|
}
|
|
|
|
checkconfig() {
|
|
if [ "x$CHPAX" = "x" ]; then
|
|
CHPAX="/sbin/chpax /sbin/paxctl"
|
|
fi
|
|
# Find non-existant chpaxes
|
|
REALCHPAX=""
|
|
for i in $CHPAX; do
|
|
REALCHPAX="$REALCHPAX`$i -v $i >/dev/null 2>&1 && echo \ $i`"
|
|
done
|
|
if [ "x$REALCHPAX" = "x" ]; then
|
|
eerror "error: none of the specified chpax commands exist!"
|
|
return 1
|
|
fi
|
|
CHPAX="$REALCHPAX"
|
|
}
|
|
|
|
chpax_flag() {
|
|
flag=$1
|
|
fname=$2
|
|
|
|
#if [ -w ${fname} ]; then
|
|
#einfo "-${flag} flagging ${fname}"
|
|
for i in $CHPAX; do
|
|
#einfo " with $i"
|
|
# nonverbose is ultraquiet
|
|
if [ "$VERBOSE" = "yes" -a -x ${fname} ]; then
|
|
einfo "-${flag} flagging ${fname} with $i"
|
|
$i -$flag ${fname}
|
|
[ $? != 0 ] && eerror "error: $i -$flag ${fname}"
|
|
else
|
|
[ -x ${fname} ] && $i -$flag ${fname} 2>/dev/null >/dev/null
|
|
fi
|
|
done
|
|
#fi
|
|
}
|
|
|
|
fix_exempts() {
|
|
#need to do this for foo{,bar,baz} expressions to work.
|
|
PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT`
|
|
TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT`
|
|
RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT`
|
|
MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT`
|
|
SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT`
|
|
PS_EXEC_EXEMPT=`eval echo $PS_EXEC_EXEMPT`
|
|
RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT`
|
|
}
|
|
|
|
start() {
|
|
checkconfig || return 1
|
|
|
|
fix_exempts
|
|
|
|
ebegin "Setting PaX flags on binaries"
|
|
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done
|
|
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done
|
|
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done
|
|
for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done
|
|
for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done
|
|
for s in $PS_EXEC_EXEMPT; do chpax_flag psem ${s} ;done
|
|
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done
|
|
|
|
eend
|
|
return 0
|
|
}
|
|
|
|
stop() {
|
|
checkconfig || return 1
|
|
|
|
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0
|
|
fix_exempts
|
|
einfo "chpax zero flag masking"
|
|
for p in $PAGEEXEC_EXEMPT; do chpax_flag ze ${p} ;done
|
|
for e in $TRAMPOLINE_EXEMPT; do chpax_flag ze ${e} ;done
|
|
for r in $RANDMMAP_EXEMPT; do chpax_flag ze ${r} ;done
|
|
for m in $MPROTECT_EXEMPT; do chpax_flag ze ${m} ;done
|
|
for s in $SEGMEXEC_EXEMPT; do chpax_flag ze ${s} ;done
|
|
for s in $PS_EXEC_EXEMPT; do chpax_flag ze ${s} ;done
|
|
for x in $RANDEXEC_EXEMPT; do chpax_flag ze ${x} ;done
|
|
|
|
return 0
|
|
}
|
|
|
|
|