1 |
commit: 01f6e550124b5c81be2565355558f59b7480645d |
2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
3 |
AuthorDate: Thu Mar 28 18:04:11 2013 +0000 |
4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
5 |
CommitDate: Thu Mar 28 18:04:11 2013 +0000 |
6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=01f6e550 |
7 |
|
8 |
pax-utils.eclass: incorporate suggestion from gentoo-dev@ list |
9 |
|
10 |
--- |
11 |
eclass/pax-utils.eclass | 21 +++++++++++++-------- |
12 |
1 files changed, 13 insertions(+), 8 deletions(-) |
13 |
|
14 |
diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass |
15 |
index 9299c02..ee7e6e3 100644 |
16 |
--- a/eclass/pax-utils.eclass |
17 |
+++ b/eclass/pax-utils.eclass |
18 |
@@ -25,6 +25,10 @@ |
19 |
if [[ ${___ECLASS_ONCE_PAX_UTILS} != "recur -_+^+_- spank" ]] ; then |
20 |
___ECLASS_ONCE_PAX_UTILS="recur -_+^+_- spank" |
21 |
|
22 |
+# @ECLASS-VARIABLE: PAX_MARKINGS |
23 |
+# @DESCRIPTION: |
24 |
+# Control which markings are made: |
25 |
+# PT = PT_PAX markings, XT = XATTR_PAX markings |
26 |
# Default to both PT and XT markings. |
27 |
PAX_MARKINGS=${PAX_MARKINGS:="PT XT"} |
28 |
|
29 |
@@ -65,12 +69,12 @@ pax-mark() { |
30 |
# 3. z is allowed for the default |
31 |
|
32 |
flags="${1//[!zPpEeMmRrSs]}" |
33 |
- [ "${flags}" ] || return 0 |
34 |
+ [[ "${flags}" ]] || return 0 |
35 |
shift |
36 |
|
37 |
# z = default. For XATTR_PAX, the default is no xattr field at all |
38 |
local dodefault="" |
39 |
- [ "${flags//[!z]}" ] && dodefault="yes" |
40 |
+ [[ "${flags//[!z]}" ]] && dodefault="yes" |
41 |
|
42 |
if has PT ${PAX_MARKINGS}; then |
43 |
|
44 |
@@ -81,10 +85,11 @@ pax-mark() { |
45 |
for f in "$@"; do |
46 |
# First, try modifying the existing PAX_FLAGS header |
47 |
paxctl -q${flags} "${f}" && continue |
48 |
- # Second, try stealing the (unused under PaX) PT_GNU_STACK header |
49 |
- paxctl -qc${flags} "${f}" && continue |
50 |
- # Third, creating a PT_PAX header (works on ET_EXEC) |
51 |
+ # Second, try creating a PT_PAX header (works on ET_EXEC) |
52 |
+ # Even though this is less safe, most exes need it, eg bug #463170 |
53 |
paxctl -qC${flags} "${f}" && continue |
54 |
+ # Third, try stealing the (unused under PaX) PT_GNU_STACK header |
55 |
+ paxctl -qc${flags} "${f}" && continue |
56 |
pt_fail=1 |
57 |
pt_failures="${pt_failures} ${f}" |
58 |
done |
59 |
@@ -96,7 +101,7 @@ pax-mark() { |
60 |
_pax_list_files einfo "$@" |
61 |
for f in "$@"; do |
62 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}" |
63 |
- [ "${flags}" ] || continue |
64 |
+ [[ "${flags}" ]] || continue |
65 |
paxctl-ng -L -${flags} "${f}" && continue |
66 |
pt_fail=1 |
67 |
pt_failures="${pt_failures} ${f}" |
68 |
@@ -131,7 +136,7 @@ pax-mark() { |
69 |
_pax_list_files einfo "$@" |
70 |
for f in "$@"; do |
71 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}" |
72 |
- [ "${flags}" ] || continue |
73 |
+ [[ "${flags}" ]] || continue |
74 |
paxctl-ng -l -${flags} "${f}" && continue |
75 |
xt_fail=1 |
76 |
xt_failures="${tx_failures} ${f}" |
77 |
@@ -139,7 +144,7 @@ pax-mark() { |
78 |
|
79 |
#Next try setfattr |
80 |
elif type -p setfattr > /dev/null; then |
81 |
- [ "${flags//[!Ee]}" ] || flags+="e" # bug 447150 |
82 |
+ [[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150 |
83 |
einfo "XT PaX marking -${flags} with setfattr" |
84 |
_pax_list_files einfo "$@" |
85 |
for f in "$@"; do |