|
Lines 7-36
depend() {
Link Here
|
| 7 |
} |
7 |
} |
| 8 |
|
8 |
|
| 9 |
checkconfig() { |
9 |
checkconfig() { |
| 10 |
/sbin/chpax -v /sbin/chpax >/dev/null 2>&1 || return 1 |
10 |
if [ "x$CHPAX" = "x" ]; then |
|
|
11 |
CHPAX="/sbin/chpax /sbin/paxctl" |
| 12 |
fi |
| 13 |
# Find non-existant chpaxes |
| 14 |
REALCHPAX="" |
| 15 |
for i in $CHPAX; do |
| 16 |
REALCHPAX="$REALCHPAX`$i -v $i >/dev/null 2>&1 && echo \ $i`" |
| 17 |
done |
| 18 |
if [ "x$REALCHPAX" = "x" ]; then |
| 19 |
eerror "error: none of the specified chpax commands exist!" |
| 20 |
return 1 |
| 21 |
fi |
| 22 |
CHPAX="$REALCHPAX" |
| 11 |
} |
23 |
} |
| 12 |
|
24 |
|
| 13 |
chpax_flag() { |
25 |
chpax_flag() { |
| 14 |
flag=$1 |
26 |
flag=$1 |
| 15 |
fname=$2 |
27 |
fname=$2 |
| 16 |
|
28 |
|
| 17 |
if [ -w "$fname" ]; then |
29 |
if [ -w ${fname} ]; then |
| 18 |
#einfo "chpax $flags $fname" |
30 |
#einfo "-${flag} flagging ${fname}" |
| 19 |
/sbin/chpax -$flag ${fname} |
31 |
for i in $CHPAX; do |
| 20 |
[ $? != 0 ] && eerror "error: chpax -$flag ${fname}" |
32 |
#einfo " with $i" |
|
|
33 |
$i -$flag ${fname} |
| 34 |
[ $? != 0 ] && eerror "error: $i -$flag ${fname}" |
| 35 |
done |
| 21 |
fi |
36 |
fi |
| 22 |
} |
37 |
} |
| 23 |
|
38 |
|
|
|
39 |
fix_exempts() { |
| 40 |
#need to do this for foo{,bar,baz} expressions to work. |
| 41 |
PAGEEXEC_EXEMPT=`eval echo $PAGEEXEC_EXEMPT` |
| 42 |
TRAMPOLINE_EXEMPT=`eval echo $TRAMPOLINE_EXEMPT` |
| 43 |
RANDMMAP_EXEMPT=`eval echo $RANDMMAP_EXEMPT` |
| 44 |
MPROTECT_EXEMPT=`eval echo $MPROTECT_EXEMPT` |
| 45 |
SEGMEXEC_EXEMPT=`eval echo $SEGMEXEC_EXEMPT` |
| 46 |
RANDEXEC_EXEMPT=`eval echo $RANDEXEC_EXEMPT` |
| 47 |
} |
| 48 |
|
| 24 |
start() { |
49 |
start() { |
| 25 |
checkconfig || return 1 |
50 |
checkconfig || return 1 |
| 26 |
|
51 |
|
| 27 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag p ${p} ;done |
52 |
fix_exempts |
|
|
53 |
|
| 54 |
ebegin "Setting PaX flags on binaries" |
| 28 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done |
55 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag e ${e} ;done |
| 29 |
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done |
56 |
for r in $RANDMMAP_EXEMPT; do chpax_flag r ${r} ;done |
| 30 |
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done |
57 |
for m in $MPROTECT_EXEMPT; do chpax_flag m ${m} ;done |
| 31 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag s ${s} ;done |
58 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag pem ${p} ;done |
|
|
59 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag sem ${s} ;done |
| 32 |
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done |
60 |
for x in $RANDEXEC_EXEMPT; do chpax_flag x ${x} ;done |
| 33 |
|
61 |
|
|
|
62 |
eend |
| 34 |
return 0 |
63 |
return 0 |
| 35 |
} |
64 |
} |
| 36 |
|
65 |
|
|
Lines 38-50
stop() {
Link Here
|
| 38 |
checkconfig || return 1 |
67 |
checkconfig || return 1 |
| 39 |
|
68 |
|
| 40 |
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0 |
69 |
[ "$ZERO_FLAG_MASK" = "yes" ] || return 0 |
|
|
70 |
fix_exempts |
| 41 |
einfo "chpax zero flag masking" |
71 |
einfo "chpax zero flag masking" |
| 42 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag z ${p} ;done |
72 |
for p in $PAGEEXEC_EXEMPT; do chpax_flag ze ${p} ;done |
| 43 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag z ${e} ;done |
73 |
for e in $TRAMPOLINE_EXEMPT; do chpax_flag ze ${e} ;done |
| 44 |
for r in $RANDMMAP_EXEMPT; do chpax_flag z ${r} ;done |
74 |
for r in $RANDMMAP_EXEMPT; do chpax_flag ze ${r} ;done |
| 45 |
for m in $MPROTECT_EXEMPT; do chpax_flag z ${m} ;done |
75 |
for m in $MPROTECT_EXEMPT; do chpax_flag ze ${m} ;done |
| 46 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag z ${s} ;done |
76 |
for s in $SEGMEXEC_EXEMPT; do chpax_flag ze ${s} ;done |
| 47 |
for x in $RANDEXEC_EXEMPT; do chpax_flag z ${x} ;done |
77 |
for x in $RANDEXEC_EXEMPT; do chpax_flag ze ${x} ;done |
| 48 |
|
78 |
|
| 49 |
return 0 |
79 |
return 0 |
| 50 |
} |
80 |
} |
