diff options
Diffstat (limited to 'kernels/paxutils/paxutils')
-rw-r--r-- | kernels/paxutils/paxutils | 186 |
1 files changed, 0 insertions, 186 deletions
diff --git a/kernels/paxutils/paxutils b/kernels/paxutils/paxutils deleted file mode 100644 index 69662a646..000000000 --- a/kernels/paxutils/paxutils +++ /dev/null @@ -1,186 +0,0 @@ -#!/bin/bash - -function usage() { - echo $(basename $0) \[options\] >&2 - echo - echo ' -h This help.' - echo ' -y Do not ask before changes.' - echo - exit 1 -} - -function homedir() { - egrep ^$1 /etc/passwd | cut -d: -f 6 -} - -[ "$1" = '-h' ] && usage - -[ "$UID" = "0" ] || { - sudo $0 $@ - exit $! -} - -declare -A perms - -perms=( - # RANDMMAP off - ['cPSMXEr']=' - /usr/bin/grub-script-check - ' - # MPROTECT and RANDMMAP off - ['cPSmXEr']=' - /usr/bin/elinks - /usr/bin/gnome-shell - /usr/bin/pyrogenesis - /usr/lib/iceweasel/iceweasel - /usr/lib/iceweasel/plugin-container - /usr/lib/icecat/icecat - /usr/lib/icecat/plugin-container - /usr/lib/polkit-1/polkitd - /usr/lib/icedove/icedove - ' - # SEGMEXEC and MPROTECT off - # (RANDEXEC is not activatable for qemu. The binaries seem to be compiled - # with PIE enabled, though.) - ['cPsmxER']=' - /usr/bin/qemu-alpha - /usr/bin/qemu-arm - /usr/bin/qemu-armeb - /usr/bin/qemu-cris - /usr/bin/qemu-i386 - /usr/bin/qemu-m68k - /usr/bin/qemu-microblaze - /usr/bin/qemu-microblazeel - /usr/bin/qemu-mips - /usr/bin/qemu-mipsel - /usr/bin/qemu-ppc - /usr/bin/qemu-ppc64 - /usr/bin/qemu-ppc64abi32 - /usr/bin/qemu-s390x - /usr/bin/qemu-sh4 - /usr/bin/qemu-sh4eb - /usr/bin/qemu-sparc - /usr/bin/qemu-sparc32plus - /usr/bin/qemu-sparc64 - /usr/bin/qemu-unicore32 - /usr/bin/qemu-x86_64 - ' - # MPROTECT off - ['cPSmXER']=" - /usr/bin/blender - /usr/bin/clamscan - /usr/bin/freshclam - /usr/bin/glxdemo - /usr/bin/glxgears - /usr/bin/glxinfo - /usr/bin/kdeinit4 - /usr/bin/kdenlive - /usr/bin/kmail - /usr/bin/kwin - /usr/bin/liferea - /usr/bin/mono - /usr/bin/mplayer - /usr/bin/okular - /usr/bin/qemu-system-alpha - /usr/bin/qemu-system-arm - /usr/bin/qemu-system-cris - /usr/bin/qemu-system-i386 - /usr/bin/qemu-system-lm32 - /usr/bin/qemu-system-m68k - /usr/bin/qemu-system-microblaze - /usr/bin/qemu-system-microblazeel - /usr/bin/qemu-system-mips - /usr/bin/qemu-system-mips64 - /usr/bin/qemu-system-mips64el - /usr/bin/qemu-system-mipsel - /usr/bin/qemu-system-ppc - /usr/bin/qemu-system-ppc64 - /usr/bin/qemu-system-ppcemb - /usr/bin/qemu-system-s390x - /usr/bin/qemu-system-sh4 - /usr/bin/qemu-system-sh4eb - /usr/bin/qemu-system-sparc - /usr/bin/qemu-system-sparc64 - /usr/bin/qemu-system-x86_64 - /usr/bin/qemu-system-xtensa - /usr/bin/qemu-system-xtensaeb - /usr/bin/ruby - /usr/bin/systemsettings - /usr/bin/tcc - /usr/bin/valgrind - /usr/lib/erlang/erts-*/bin/beam - /usr/lib/erlang/erts-*/bin/beam.smp - /usr/lib/ghc-*/ghc - /usr/lib/valgrind/cachegrind-amd64-linux - /usr/lib/valgrind/cachegrind-x86-linux - /usr/lib/valgrind/callgrind-amd64-linux - /usr/lib/valgrind/callgrind-x86-linux - /usr/lib/valgrind/drd-amd64-linux - /usr/lib/valgrind/drd-x86-linux - /usr/lib/valgrind/exp-bbv-amd64-linux - /usr/lib/valgrind/exp-bbv-x86-linux - /usr/lib/valgrind/exp-dhat-amd64-linux - /usr/lib/valgrind/exp-dhat-x86-linux - /usr/lib/valgrind/exp-sgcheck-amd64-linux - /usr/lib/valgrind/exp-sgcheck-x86-linux - /usr/lib/valgrind/helgrind-amd64-linux - /usr/lib/valgrind/helgrind-x86-linux - /usr/lib/valgrind/lackey-amd64-linux - /usr/lib/valgrind/lackey-x86-linux - /usr/lib/valgrind/massif-amd64-linux - /usr/lib/valgrind/massif-x86-linux - /usr/lib/valgrind/memcheck-amd64-linux - /usr/lib/valgrind/memcheck-x86-linux - /usr/lib/valgrind/none-amd64-linux - /usr/lib/valgrind/none-x86-linux - /usr/lib/xbmc/xbmc.bin - /usr/sbin/clamd - /usr/sbin/grub-probe - /usr/sbin/vbetool - " - # PAGEEXEC, MPROTECT, EMUTRAMP and RANDMMAP off - ['cpSmXer']=' - /usr/bin/sbcl - ' - # All off - ['cpsmxer']=' - /usr/bin/wine - /usr/bin/wine-preloader - /usr/lib/jvm/java-6-openjdk/bin/java - /usr/lib/jvm/java-6-openjdk/bin/javac - /usr/lib/jvm/java-6-openjdk/jre/bin/java - /usr/lib/jvm/java-7-openjdk/bin/javac - /usr/lib/jvm/java-7-openjdk/jre/bin/java - ' -) - -echo Some programs do not work properly without deactivating some of the PaX -echo features. Please close all instances of them if you want to change the -echo configuration for the following binaries: - -for perm in ${!perms[@]}; do - for path in ${perms[$perm]}; do - [ -f "$path" ] && echo " * $path" - done -done - -echo -echo Continue writing PaX headers? \[Y/n\] - -[ "$1" = '-y' ] && a=y || read a - -case $a in - "Y"|"y"|"") - for perm in ${!perms[@]}; do - for path in ${perms[$perm]}; do - [ -f "$path" ] && { - echo $perm $path - paxctl -$perm "$path" - } - done - done - ;; - *) - exit 0 - ;; -esac |