Yo! I just changed my system to Hardened and was kinda surprised seeing openoffice-bin be killed, as I was under the impression the ebuild set the MPROTECT flag to off correctly. Some investigation showed that all OpenOffice and LibreOffice ebuilds actually set the PaX marking in somewhat random ways, ie. the -bin ones just do it if chpax is present, which is both deprecated and not usually installed on recent Hardened systems. The from-source ebuild does some kind of check for either paxctl or chpax to be present, and then just uses scanelf from pax-util to set the flag... ??? I'm basically proposing to transition to using the pax-mark function from pax-utils.eclass, which correctly takes care of PaX marking using the available tools on the users system. Just inherit pax-utils and substitute the chpax/paxctl calls with pax-mark -m /usr/$(get_libdir)/openoffice/program/soffice.bin You might want to prefix this with ${ROOT} too. Have a good day, Luca Longinotti.
As the pax-stuff is not especially my forte, patches would be welcome ;-)
Created attachment 261395 [details] Files to change, where, how. I put together a list of the ebuilds that need changing, which line needs to be changed, and what the change should be. Putting together 6 one-liner patches seemed a bit silly, considering it's a copy-and-paste change to substitute that one line in each ebuild. Hope this helps!
Fixed this everywhere now, thanks for the help!
