--- /usr/portage/sys-apps/chpax/files/pax-init.d	2003-11-22 19:29:35.000000000 -0500
+++ /etc/init.d/chpax	2004-03-04 17:15:41.910505432 -0500
@@ -7,23 +7,51 @@ depend() {
 }
 
 checkconfig() {
-	/sbin/chpax -v /sbin/chpax >/dev/null 2>&1 || return 1
+	if [ "x$CHPAX" = "x" ]; then
+		CHPAX="/sbin/chpax /sbin/paxctl"
+	fi
+	# Find non-existant chpaxes
+	REALCHPAX=""
+	for i in $CHPAX; do
+		REALCHPAX="$REALCHPAX`$i -v $i >/dev/null 2>&1 && echo \ $i`"
+	done
+	if [ "x$REALCHPAX" = "x" ]; then
+		eerror "error:  none of the specified chpax commands exist!"
+		return 1
+	fi
+	CHPAX="$REALCHPAX"
 }
 
 chpax_flag() {
 	flag=$1
 	fname=$2
 
-	if [ -w "$fname" ]; then
-		#einfo "chpax $flags $fname"
-		/sbin/chpax -$flag ${fname}
-		[ $? != 0 ] && eerror "error: chpax -$flag ${fname}"
+	if [ -w ${fname} ]; then
+		#einfo "-${flag} flagging ${fname}"
+		for i in $CHPAX; do
+			#einfo "    with $i"
+			$i -$flag ${fname}
+			[ $? != 0 ] && eerror "error: $i -$flag ${fname}"
+		done
 	fi
 }
 
+fix_exempts() {
+	#need to do this for foo{,bar,baz} expressions to work.
+	PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT`
+	TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT`
+	RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT`
+	MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT`
+	SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT`
+	RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT`
+}
+
 start() {
 	checkconfig || return 1
 
+	fix_exempts
+
+	ebegin "Setting PaX flags on binaries"
 	for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done
 	for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done
 	for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done
@@ -31,6 +59,7 @@ start() {
 	for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done
 	for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done
 
+	eend
 	return 0
 }
 
@@ -38,13 +67,14 @@ stop() {
 	checkconfig || return 1
 
 	[ "$ZERO_FLAG_MASK" = "yes" ] || return 0
+	fix_exempts
 	einfo "chpax zero flag masking"
-	for p in $PAGEEXEC_EXEMPT; do chpax_flag z ${p} ;done
-	for e in $TRAMPOLINE_EXEMPT; do chpax_flag z ${e} ;done
-	for r in $RANDMMAP_EXEMPT; do chpax_flag z ${r} ;done
-	for m in $MPROTECT_EXEMPT; do chpax_flag z ${m} ;done
-	for s in $SEGMEXEC_EXEMPT; do chpax_flag z ${s} ;done
-	for x in $RANDEXEC_EXEMPT; do chpax_flag z ${x} ;done
+	for p in $PAGEEXEC_EXEMPT; do chpax_flag zex ${p} ;done
+	for e in $TRAMPOLINE_EXEMPT; do chpax_flag zex ${e} ;done
+	for r in $RANDMMAP_EXEMPT; do chpax_flag zex ${r} ;done
+	for m in $MPROTECT_EXEMPT; do chpax_flag zex ${m} ;done
+	for s in $SEGMEXEC_EXEMPT; do chpax_flag zex ${s} ;done
+	for x in $RANDEXEC_EXEMPT; do chpax_flag zex ${x} ;done
 
 	return 0
 }