--- chpax.orig	2004-02-17 23:52:12.019190731 -0500
+++ chpax	2004-02-17 23:39:26.349316090 -0500
@@ -14,17 +14,29 @@ chpax_flag() {
 	flag=$1
 	fname=$2
 
-	#if [ -w "$fname" ]; then
-		einfo "/sbin/chpax -$flag $fname"
-		eval "/sbin/chpax -$flag $fname"
-		#eval "/sbin/chpax -v $fname"
-		#[ $? != 0 ] && eerror "error: chpax -$flag ${fname}"
-	#fi
+	#einfo "chpax -$flag ${fname}"
+	if [ -w ${fname} ]; then
+		einfo "chpax -$flag ${fname}"
+		/sbin/chpax -$flag ${fname}
+		[ $? != 0 ] && eerror "error: chpax -$flag ${fname}"
+	fi
+}
+
+fix_exempts() {
+	#need to do this for foo{,bar,baz} expressions to work.
+	PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT`
+	TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT`
+	RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT`
+	MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT`
+	SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT`
+	RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT`
 }
 
 start() {
 	checkconfig || return 1
 
+	fix_exempts
+
 	for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done
 	for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done
 	for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done
@@ -39,6 +51,7 @@ stop() {
 	checkconfig || return 1
 
 	[ "$ZERO_FLAG_MASK" = "yes" ] || return 0
+	fix_exempts
 	einfo "chpax zero flag masking"
 	for p in $PAGEEXEC_EXEMPT; do chpax_flag z ${p} ;done
 	for e in $TRAMPOLINE_EXEMPT; do chpax_flag z ${e} ;done