Lines 7-36
depend() {
Link Here
|
7 |
} |
7 |
} |
8 |
|
8 |
|
9 |
checkconfig() { |
9 |
checkconfig() { |
10 |
/sbin/chpax -v /sbin/chpax >/dev/null 2>&1 || return 1 |
10 |
if [ "x$CHPAX" = "x" ]; then |
|
|
11 |
CHPAX="/sbin/chpax /sbin/paxctl" |
12 |
fi |
13 |
# Find non-existant chpaxes |
14 |
REALCHPAX="" |
15 |
for i in $CHPAX; do |
16 |
REALCHPAX="$REALCHPAX`$i -v $i >/dev/null 2>&1 && echo \ $i`" |
17 |
done |
18 |
if [ "x$REALCHPAX" = "x" ]; then |
19 |
eerror "error: none of the specified chpax commands exist!" |
20 |
return 1 |
21 |
fi |
22 |
CHPAX="$REALCHPAX" |
11 |
} |
23 |
} |
12 |
|
24 |
|
13 |
chpax_flag() { |
25 |
chpax_flag() { |
14 |
flag=$1 |
26 |
flag=$1 |
15 |
fname=$2 |
27 |
fname=$2 |
16 |
|
28 |
|
17 |
if [ -w "$fname" ]; then |
29 |
if [ -w ${fname} ]; then |
18 |
#einfo "chpax $flags $fname" |
30 |
#einfo "-${flag} flagging ${fname}" |
19 |
/sbin/chpax -$flag ${fname} |
31 |
for i in $CHPAX; do |
20 |
[ $? != 0 ] && eerror "error: chpax -$flag ${fname}" |
32 |
#einfo " with $i" |
|
|
33 |
$i -$flag ${fname} |
34 |
[ $? != 0 ] && eerror "error: $i -$flag ${fname}" |
35 |
done |
21 |
fi |
36 |
fi |
22 |
} |
37 |
} |
23 |
|
38 |
|
|
|
39 |
fix_exempts() { |
40 |
#need to do this for foo{,bar,baz} expressions to work. |
41 |
PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT` |
42 |
TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT` |
43 |
RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT` |
44 |
MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT` |
45 |
SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT` |
46 |
RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT` |
47 |
} |
48 |
|
24 |
start() { |
49 |
start() { |
25 |
checkconfig || return 1 |
50 |
checkconfig || return 1 |
26 |
|
51 |
|
27 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done |
52 |
fix_exempts |
|
|
53 |
|
54 |
ebegin "Setting PaX flags on binaries" |
28 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done |
55 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done |
29 |
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done |
56 |
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done |
30 |
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done |
57 |
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done |
31 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done |
58 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag pem ${p} ;done |
|
|
59 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag sem ${s} ;done |
32 |
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done |
60 |
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done |
33 |
|
61 |
|
|
|
62 |
eend |
34 |
return 0 |
63 |
return 0 |
35 |
} |
64 |
} |
36 |
|
65 |
|
Lines 38-50
stop() {
Link Here
|
38 |
checkconfig || return 1 |
67 |
checkconfig || return 1 |
39 |
|
68 |
|
40 |
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0 |
69 |
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0 |
|
|
70 |
fix_exempts |
41 |
einfo "chpax zero flag masking" |
71 |
einfo "chpax zero flag masking" |
42 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag z ${p} ;done |
72 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag ze ${p} ;done |
43 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag z ${e} ;done |
73 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag ze ${e} ;done |
44 |
for r in $RANDMMAP_EXEMPT; do chpax_flag z ${r} ;done |
74 |
for r in $RANDMMAP_EXEMPT; do chpax_flag ze ${r} ;done |
45 |
for m in $MPROTECT_EXEMPT; do chpax_flag z ${m} ;done |
75 |
for m in $MPROTECT_EXEMPT; do chpax_flag ze ${m} ;done |
46 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag z ${s} ;done |
76 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag ze ${s} ;done |
47 |
for x in $RANDEXEC_EXEMPT; do chpax_flag z ${x} ;done |
77 |
for x in $RANDEXEC_EXEMPT; do chpax_flag ze ${x} ;done |
48 |
|
78 |
|
49 |
return 0 |
79 |
return 0 |
50 |
} |
80 |
} |