summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-pax-flags/linux-pax-flags
diff options
context:
space:
mode:
authorNicolás Reynolds <apoyosis@correo.inta.gob.ar>2012-11-21 14:35:33 -0300
committerNicolás Reynolds <apoyosis@correo.inta.gob.ar>2012-11-21 14:35:33 -0300
commit6db0365f800f4d3411cad96b6a5594e723ede007 (patch)
tree9d3184fdd7ebf5336ec0bcdbdd39a68b83d08a9e /kernels/linux-libre-pax-flags/linux-pax-flags
parentcdc73ac802a1af7a5e797e2789db591b244787be (diff)
parent7e1e84043f1e7fcc36ab23acc9f9df97f814d819 (diff)
Merge branch 'master' of ssh://gparabola/srv/git/abslibre
Diffstat (limited to 'kernels/linux-libre-pax-flags/linux-pax-flags')
-rwxr-xr-xkernels/linux-libre-pax-flags/linux-pax-flags174
1 files changed, 174 insertions, 0 deletions
diff --git a/kernels/linux-libre-pax-flags/linux-pax-flags b/kernels/linux-libre-pax-flags/linux-pax-flags
new file mode 100755
index 000000000..22f5a8171
--- /dev/null
+++ b/kernels/linux-libre-pax-flags/linux-pax-flags
@@ -0,0 +1,174 @@
+#!/bin/bash
+
+[ "$UID" = "0" ] || {
+ sudo $0
+ exit $!
+}
+
+function homedir() {
+ egrep ^$1 /etc/passwd | cut -d: -f 6
+}
+
+declare -A perms
+
+perms=(
+ # RANDMMAP off
+ ['cPSMXEr']='
+ /usr/bin/grub-script-check
+ '
+ # MPROTECT and RANDMMAP off
+ ['cPSmXEr']='
+ /usr/bin/elinks
+ /usr/bin/pyrogenesis
+ /usr/lib/iceweasel/iceweasel
+ /usr/lib/iceweasel/plugin-container
+ /usr/lib/icecat/icecat
+ /usr/lib/icecat/plugin-container
+ /usr/lib/polkit-1/polkitd
+ /usr/lib/icedove/icedove
+ '
+ # SEGMEXEC and MPROTECT off
+ # (RANDEXEC is not activatable for qemu. The binaries seem to be compiled
+ # with PIE enabled, though.)
+ ['cPsmxER']='
+ /usr/bin/qemu-alpha
+ /usr/bin/qemu-arm
+ /usr/bin/qemu-armeb
+ /usr/bin/qemu-cris
+ /usr/bin/qemu-i386
+ /usr/bin/qemu-m68k
+ /usr/bin/qemu-microblaze
+ /usr/bin/qemu-microblazeel
+ /usr/bin/qemu-mips
+ /usr/bin/qemu-mipsel
+ /usr/bin/qemu-ppc
+ /usr/bin/qemu-ppc64
+ /usr/bin/qemu-ppc64abi32
+ /usr/bin/qemu-s390x
+ /usr/bin/qemu-sh4
+ /usr/bin/qemu-sh4eb
+ /usr/bin/qemu-sparc
+ /usr/bin/qemu-sparc32plus
+ /usr/bin/qemu-sparc64
+ /usr/bin/qemu-unicore32
+ /usr/bin/qemu-x86_64
+ '
+ # MPROTECT off
+ ['cPSmXER']="
+ /usr/bin/blender
+ /usr/bin/clamscan
+ /usr/bin/freshclam
+ /usr/bin/glxdemo
+ /usr/bin/glxgears
+ /usr/bin/glxinfo
+ /usr/bin/kdeinit4
+ /usr/bin/kdenlive
+ /usr/bin/kmail
+ /usr/bin/kwin
+ /usr/bin/liferea
+ /usr/bin/mono
+ /usr/bin/mplayer
+ /usr/bin/okular
+ /usr/bin/qemu-system-alpha
+ /usr/bin/qemu-system-arm
+ /usr/bin/qemu-system-cris
+ /usr/bin/qemu-system-i386
+ /usr/bin/qemu-system-lm32
+ /usr/bin/qemu-system-m68k
+ /usr/bin/qemu-system-microblaze
+ /usr/bin/qemu-system-microblazeel
+ /usr/bin/qemu-system-mips
+ /usr/bin/qemu-system-mips64
+ /usr/bin/qemu-system-mips64el
+ /usr/bin/qemu-system-mipsel
+ /usr/bin/qemu-system-ppc
+ /usr/bin/qemu-system-ppc64
+ /usr/bin/qemu-system-ppcemb
+ /usr/bin/qemu-system-s390x
+ /usr/bin/qemu-system-sh4
+ /usr/bin/qemu-system-sh4eb
+ /usr/bin/qemu-system-sparc
+ /usr/bin/qemu-system-sparc64
+ /usr/bin/qemu-system-x86_64
+ /usr/bin/qemu-system-xtensa
+ /usr/bin/qemu-system-xtensaeb
+ /usr/bin/ruby
+ /usr/bin/systemsettings
+ /usr/bin/tcc
+ /usr/bin/valgrind
+ /usr/lib/erlang/erts-*/bin/beam
+ /usr/lib/erlang/erts-*/bin/beam.smp
+ /usr/lib/ghc-*/ghc
+ /usr/lib/valgrind/cachegrind-amd64-linux
+ /usr/lib/valgrind/cachegrind-x86-linux
+ /usr/lib/valgrind/callgrind-amd64-linux
+ /usr/lib/valgrind/callgrind-x86-linux
+ /usr/lib/valgrind/drd-amd64-linux
+ /usr/lib/valgrind/drd-x86-linux
+ /usr/lib/valgrind/exp-bbv-amd64-linux
+ /usr/lib/valgrind/exp-bbv-x86-linux
+ /usr/lib/valgrind/exp-dhat-amd64-linux
+ /usr/lib/valgrind/exp-dhat-x86-linux
+ /usr/lib/valgrind/exp-sgcheck-amd64-linux
+ /usr/lib/valgrind/exp-sgcheck-x86-linux
+ /usr/lib/valgrind/helgrind-amd64-linux
+ /usr/lib/valgrind/helgrind-x86-linux
+ /usr/lib/valgrind/lackey-amd64-linux
+ /usr/lib/valgrind/lackey-x86-linux
+ /usr/lib/valgrind/massif-amd64-linux
+ /usr/lib/valgrind/massif-x86-linux
+ /usr/lib/valgrind/memcheck-amd64-linux
+ /usr/lib/valgrind/memcheck-x86-linux
+ /usr/lib/valgrind/none-amd64-linux
+ /usr/lib/valgrind/none-x86-linux
+ /usr/lib/xbmc/xbmc.bin
+ /usr/sbin/clamd
+ /usr/sbin/grub-probe
+ /usr/sbin/vbetool
+ "
+ # PAGEEXEC, MPROTECT, EMUTRAMP and RANDMMAP off
+ ['cpSmXer']='
+ /usr/bin/sbcl
+ '
+ # All off
+ ['cpsmxer']='
+ /usr/bin/wine
+ /usr/bin/wine-preloader
+ /usr/lib/jvm/java-6-openjdk/bin/java
+ /usr/lib/jvm/java-6-openjdk/bin/javac
+ /usr/lib/jvm/java-6-openjdk/jre/bin/java
+ /usr/lib/jvm/java-7-openjdk/bin/javac
+ /usr/lib/jvm/java-7-openjdk/jre/bin/java
+ '
+)
+
+echo Some programs do not work properly without deactivating some of the PaX
+echo features. Please close all instances of them if you want to change the
+echo configuration for the following binaries:
+
+for perm in ${!perms[@]}; do
+ for path in ${perms[$perm]}; do
+ [ -f $path ] && echo " * $path"
+ done
+done
+
+echo
+echo Continue writing PaX headers? \[Y/n\]
+
+read a
+
+case $a in
+ "Y"|"y"|"")
+ for perm in ${!perms[@]}; do
+ for path in ${perms[$perm]}; do
+ [ -f $path ] && {
+ echo $perm $path
+ paxctl -$perm $path
+ }
+ done
+ done
+ ;;
+ *)
+ exit 0
+ ;;
+esac
generated by cgit v1.2.3-2-g168b (git 2.25.1) at 2025-04-17 07:08:14 +0000