diff options
Diffstat (limited to 'kernels/paxutils')
-rw-r--r-- | kernels/paxutils/PKGBUILD | 24 | ||||
-rwxr-xr-x | kernels/paxutils/paxutils | 174 |
2 files changed, 198 insertions, 0 deletions
diff --git a/kernels/paxutils/PKGBUILD b/kernels/paxutils/PKGBUILD new file mode 100644 index 000000000..4d57bec10 --- /dev/null +++ b/kernels/paxutils/PKGBUILD @@ -0,0 +1,24 @@ +# Maintainer: André Silva <emulatorman@lavabit.com> +# Maintainer: Márcio Silva <coadde@lavabit.com> + +pkgname=paxutils +pkgdesc='PaX utilities to configure flags for several binaries to work with PaX kernels' +pkgver=0.1.0 +pkgrel=1 +arch=(any) +url='https://projects.parabolagnulinux.org/abslibre.git/tree/kernels/pax-tuning/' +license=(GPL2) +depends=(bash paxctl) +replaces=('linux-pax-flags' 'linux-libre-pax-flags') +conflicts=('linux-pax-flags' 'linux-libre-pax-flags') +provides=('linux-pax-flags' 'linux-libre-pax-flags') +source=($pkgname) +sha256sums=(bf1fda4919e7ed8052711c91933d9da5d86945ba44133c94e1952dedb4d1759b) + +build() { + return 0 +} + +package() { + install -D -m755 $srcdir/$pkgname $pkgdir/usr/bin/$pkgname +} diff --git a/kernels/paxutils/paxutils b/kernels/paxutils/paxutils new file mode 100755 index 000000000..22f5a8171 --- /dev/null +++ b/kernels/paxutils/paxutils @@ -0,0 +1,174 @@ +#!/bin/bash + +[ "$UID" = "0" ] || { + sudo $0 + exit $! +} + +function homedir() { + egrep ^$1 /etc/passwd | cut -d: -f 6 +} + +declare -A perms + +perms=( + # RANDMMAP off + ['cPSMXEr']=' + /usr/bin/grub-script-check + ' + # MPROTECT and RANDMMAP off + ['cPSmXEr']=' + /usr/bin/elinks + /usr/bin/pyrogenesis + /usr/lib/iceweasel/iceweasel + /usr/lib/iceweasel/plugin-container + /usr/lib/icecat/icecat + /usr/lib/icecat/plugin-container + /usr/lib/polkit-1/polkitd + /usr/lib/icedove/icedove + ' + # SEGMEXEC and MPROTECT off + # (RANDEXEC is not activatable for qemu. The binaries seem to be compiled + # with PIE enabled, though.) + ['cPsmxER']=' + /usr/bin/qemu-alpha + /usr/bin/qemu-arm + /usr/bin/qemu-armeb + /usr/bin/qemu-cris + /usr/bin/qemu-i386 + /usr/bin/qemu-m68k + /usr/bin/qemu-microblaze + /usr/bin/qemu-microblazeel + /usr/bin/qemu-mips + /usr/bin/qemu-mipsel + /usr/bin/qemu-ppc + /usr/bin/qemu-ppc64 + /usr/bin/qemu-ppc64abi32 + /usr/bin/qemu-s390x + /usr/bin/qemu-sh4 + /usr/bin/qemu-sh4eb + /usr/bin/qemu-sparc + /usr/bin/qemu-sparc32plus + /usr/bin/qemu-sparc64 + /usr/bin/qemu-unicore32 + /usr/bin/qemu-x86_64 + ' + # MPROTECT off + ['cPSmXER']=" + /usr/bin/blender + /usr/bin/clamscan + /usr/bin/freshclam + /usr/bin/glxdemo + /usr/bin/glxgears + /usr/bin/glxinfo + /usr/bin/kdeinit4 + /usr/bin/kdenlive + /usr/bin/kmail + /usr/bin/kwin + /usr/bin/liferea + /usr/bin/mono + /usr/bin/mplayer + /usr/bin/okular + /usr/bin/qemu-system-alpha + /usr/bin/qemu-system-arm + /usr/bin/qemu-system-cris + /usr/bin/qemu-system-i386 + /usr/bin/qemu-system-lm32 + /usr/bin/qemu-system-m68k + /usr/bin/qemu-system-microblaze + /usr/bin/qemu-system-microblazeel + /usr/bin/qemu-system-mips + /usr/bin/qemu-system-mips64 + /usr/bin/qemu-system-mips64el + /usr/bin/qemu-system-mipsel + /usr/bin/qemu-system-ppc + /usr/bin/qemu-system-ppc64 + /usr/bin/qemu-system-ppcemb + /usr/bin/qemu-system-s390x + /usr/bin/qemu-system-sh4 + /usr/bin/qemu-system-sh4eb + /usr/bin/qemu-system-sparc + /usr/bin/qemu-system-sparc64 + /usr/bin/qemu-system-x86_64 + /usr/bin/qemu-system-xtensa + /usr/bin/qemu-system-xtensaeb + /usr/bin/ruby + /usr/bin/systemsettings + /usr/bin/tcc + /usr/bin/valgrind + /usr/lib/erlang/erts-*/bin/beam + /usr/lib/erlang/erts-*/bin/beam.smp + /usr/lib/ghc-*/ghc + /usr/lib/valgrind/cachegrind-amd64-linux + /usr/lib/valgrind/cachegrind-x86-linux + /usr/lib/valgrind/callgrind-amd64-linux + /usr/lib/valgrind/callgrind-x86-linux + /usr/lib/valgrind/drd-amd64-linux + /usr/lib/valgrind/drd-x86-linux + /usr/lib/valgrind/exp-bbv-amd64-linux + /usr/lib/valgrind/exp-bbv-x86-linux + /usr/lib/valgrind/exp-dhat-amd64-linux + /usr/lib/valgrind/exp-dhat-x86-linux + /usr/lib/valgrind/exp-sgcheck-amd64-linux + /usr/lib/valgrind/exp-sgcheck-x86-linux + /usr/lib/valgrind/helgrind-amd64-linux + /usr/lib/valgrind/helgrind-x86-linux + /usr/lib/valgrind/lackey-amd64-linux + /usr/lib/valgrind/lackey-x86-linux + /usr/lib/valgrind/massif-amd64-linux + /usr/lib/valgrind/massif-x86-linux + /usr/lib/valgrind/memcheck-amd64-linux + /usr/lib/valgrind/memcheck-x86-linux + /usr/lib/valgrind/none-amd64-linux + /usr/lib/valgrind/none-x86-linux + /usr/lib/xbmc/xbmc.bin + /usr/sbin/clamd + /usr/sbin/grub-probe + /usr/sbin/vbetool + " + # PAGEEXEC, MPROTECT, EMUTRAMP and RANDMMAP off + ['cpSmXer']=' + /usr/bin/sbcl + ' + # All off + ['cpsmxer']=' + /usr/bin/wine + /usr/bin/wine-preloader + /usr/lib/jvm/java-6-openjdk/bin/java + /usr/lib/jvm/java-6-openjdk/bin/javac + /usr/lib/jvm/java-6-openjdk/jre/bin/java + /usr/lib/jvm/java-7-openjdk/bin/javac + /usr/lib/jvm/java-7-openjdk/jre/bin/java + ' +) + +echo Some programs do not work properly without deactivating some of the PaX +echo features. Please close all instances of them if you want to change the +echo configuration for the following binaries: + +for perm in ${!perms[@]}; do + for path in ${perms[$perm]}; do + [ -f $path ] && echo " * $path" + done +done + +echo +echo Continue writing PaX headers? \[Y/n\] + +read a + +case $a in + "Y"|"y"|"") + for perm in ${!perms[@]}; do + for path in ${perms[$perm]}; do + [ -f $path ] && { + echo $perm $path + paxctl -$perm $path + } + done + done + ;; + *) + exit 0 + ;; +esac |