Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 97493 Details for
Bug 148170
ebuilds that need to modify binaries for PaX kernel compatibility should use a function in an eclass instead of chpax
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
scanelf migration
sun-jdk-1.4.2.12-r1.ebuild.scanelf.patch (text/plain), 1.44 KB, created by
Alexander Gabert (RETIRED)
on 2006-09-19 19:39:00 UTC
(
hide
)
Description:
scanelf migration
Filename:
MIME Type:
Creator:
Alexander Gabert (RETIRED)
Created:
2006-09-19 19:39:00 UTC
Size:
1.44 KB
patch
obsolete
>--- dev-java/sun-jdk/sun-jdk-1.4.2.12-r1.ebuild.ORIG 2006-09-01 03:06:23.000000000 +0200 >+++ dev-java/sun-jdk/sun-jdk-1.4.2.12-r1.ebuild 2006-09-20 03:55:35.000000000 +0200 >@@ -163,28 +163,14 @@ > # Set as default VM if none exists > java-vm-2_pkg_postinst > >- # if chpax is on the target system, set the appropriate PaX flags >- # this will not hurt the binary, it modifies only unused ELF bits >- # but may confuse things like AV scanners and automatic tripwire >- if has_version sys-apps/chpax >- then >- echo >- einfo "setting up conservative PaX flags for jar, javac and java" >- >- for paxkills in "jar" "javac" "java" "javah" "javadoc" >- do >- chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills >- done >+ ewarn "Disabling some PaX restrictions (${CHPAX_CONSERVATIVE_FLAGS})" > >- # /opt/sun-jdk-1.4.2.03/jre/bin/java_vm >- chpax -${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm >+ for paxkills in "jar" "javac" "java" "javah" "javadoc" >+ do >+ $(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/bin/$paxkills >+ done > >- einfo "you should have seen lots of chpax output above now" >- ewarn "make sure the grsec ACL contains those entries also" >- ewarn "because enabling it will override the chpax setting" >- ewarn "on the physical files - help for PaX and grsecurity" >- ewarn "can be given by #gentoo-hardened + hardened@gentoo.org" >- fi >+ $(which scanelf) -Xxz ${CHPAX_CONSERVATIVE_FLAGS} /opt/${P}/jre/bin/java_vm > > if ! use X; then > echo
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=97493">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 148170
:
97466
|
97475
|
97477
|
97479
|
97480
|
97488
|
97489
|
97490
|
97491
|
97492
| 97493 |
97494
|
97495
|
97496
|
97497
|
97498
|
97499
|
97500
|
97501
|
97502
|
97503
