| 1 |
commit: 01f6e550124b5c81be2565355558f59b7480645d |
| 2 |
Author: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Thu Mar 28 18:04:11 2013 +0000 |
| 4 |
Commit: Anthony G. Basile <blueness <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Thu Mar 28 18:04:11 2013 +0000 |
| 6 |
URL: http://git.overlays.gentoo.org/gitweb/?p=proj/hardened-dev.git;a=commit;h=01f6e550 |
| 7 |
|
| 8 |
pax-utils.eclass: incorporate suggestion from gentoo-dev@ list |
| 9 |
|
| 10 |
--- |
| 11 |
eclass/pax-utils.eclass | 21 +++++++++++++-------- |
| 12 |
1 files changed, 13 insertions(+), 8 deletions(-) |
| 13 |
|
| 14 |
diff --git a/eclass/pax-utils.eclass b/eclass/pax-utils.eclass |
| 15 |
index 9299c02..ee7e6e3 100644 |
| 16 |
--- a/eclass/pax-utils.eclass |
| 17 |
+++ b/eclass/pax-utils.eclass |
| 18 |
@@ -25,6 +25,10 @@ |
| 19 |
if [[ ${___ECLASS_ONCE_PAX_UTILS} != "recur -_+^+_- spank" ]] ; then |
| 20 |
___ECLASS_ONCE_PAX_UTILS="recur -_+^+_- spank" |
| 21 |
|
| 22 |
+# @ECLASS-VARIABLE: PAX_MARKINGS |
| 23 |
+# @DESCRIPTION: |
| 24 |
+# Control which markings are made: |
| 25 |
+# PT = PT_PAX markings, XT = XATTR_PAX markings |
| 26 |
# Default to both PT and XT markings. |
| 27 |
PAX_MARKINGS=${PAX_MARKINGS:="PT XT"} |
| 28 |
|
| 29 |
@@ -65,12 +69,12 @@ pax-mark() { |
| 30 |
# 3. z is allowed for the default |
| 31 |
|
| 32 |
flags="${1//[!zPpEeMmRrSs]}" |
| 33 |
- [ "${flags}" ] || return 0 |
| 34 |
+ [[ "${flags}" ]] || return 0 |
| 35 |
shift |
| 36 |
|
| 37 |
# z = default. For XATTR_PAX, the default is no xattr field at all |
| 38 |
local dodefault="" |
| 39 |
- [ "${flags//[!z]}" ] && dodefault="yes" |
| 40 |
+ [[ "${flags//[!z]}" ]] && dodefault="yes" |
| 41 |
|
| 42 |
if has PT ${PAX_MARKINGS}; then |
| 43 |
|
| 44 |
@@ -81,10 +85,11 @@ pax-mark() { |
| 45 |
for f in "$@"; do |
| 46 |
# First, try modifying the existing PAX_FLAGS header |
| 47 |
paxctl -q${flags} "${f}" && continue |
| 48 |
- # Second, try stealing the (unused under PaX) PT_GNU_STACK header |
| 49 |
- paxctl -qc${flags} "${f}" && continue |
| 50 |
- # Third, creating a PT_PAX header (works on ET_EXEC) |
| 51 |
+ # Second, try creating a PT_PAX header (works on ET_EXEC) |
| 52 |
+ # Even though this is less safe, most exes need it, eg bug #463170 |
| 53 |
paxctl -qC${flags} "${f}" && continue |
| 54 |
+ # Third, try stealing the (unused under PaX) PT_GNU_STACK header |
| 55 |
+ paxctl -qc${flags} "${f}" && continue |
| 56 |
pt_fail=1 |
| 57 |
pt_failures="${pt_failures} ${f}" |
| 58 |
done |
| 59 |
@@ -96,7 +101,7 @@ pax-mark() { |
| 60 |
_pax_list_files einfo "$@" |
| 61 |
for f in "$@"; do |
| 62 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -L -z "${f}" |
| 63 |
- [ "${flags}" ] || continue |
| 64 |
+ [[ "${flags}" ]] || continue |
| 65 |
paxctl-ng -L -${flags} "${f}" && continue |
| 66 |
pt_fail=1 |
| 67 |
pt_failures="${pt_failures} ${f}" |
| 68 |
@@ -131,7 +136,7 @@ pax-mark() { |
| 69 |
_pax_list_files einfo "$@" |
| 70 |
for f in "$@"; do |
| 71 |
[[ ${dodefault} == "yes" ]] && paxctl-ng -d "${f}" |
| 72 |
- [ "${flags}" ] || continue |
| 73 |
+ [[ "${flags}" ]] || continue |
| 74 |
paxctl-ng -l -${flags} "${f}" && continue |
| 75 |
xt_fail=1 |
| 76 |
xt_failures="${tx_failures} ${f}" |
| 77 |
@@ -139,7 +144,7 @@ pax-mark() { |
| 78 |
|
| 79 |
#Next try setfattr |
| 80 |
elif type -p setfattr > /dev/null; then |
| 81 |
- [ "${flags//[!Ee]}" ] || flags+="e" # bug 447150 |
| 82 |
+ [[ "${flags//[!Ee]}" ]] || flags+="e" # bug 447150 |
| 83 |
einfo "XT PaX marking -${flags} with setfattr" |
| 84 |
_pax_list_files einfo "$@" |
| 85 |
for f in "$@"; do |
Archives