aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorpyllyukko <pyllyukko AT maimed dot org>2013-02-13 18:40:57 -0500
committerdsomero <xgizzmo@slackbuilds.org>2013-02-13 19:34:03 -0500
commit1af2ba7bf506ab3a261d1bb1b016e6b65a1f944f (patch)
tree7b5729bb78ef16e9eb46f1d998dc7835ef0e1e18
parent8ba76cf2a102e3aa36f9fb5450e9f2bd25b9f523 (diff)
system/paxctl: Added (PaX control program)
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
-rw-r--r--system/paxctl/README12
-rw-r--r--system/paxctl/paxctl.SlackBuild74
-rw-r--r--system/paxctl/paxctl.info10
-rw-r--r--system/paxctl/slack-desc19
4 files changed, 115 insertions, 0 deletions
diff --git a/system/paxctl/README b/system/paxctl/README
new file mode 100644
index 0000000000000..3589bd6023057
--- /dev/null
+++ b/system/paxctl/README
@@ -0,0 +1,12 @@
+This is paxctl for controlling PaX flags on a per binary basis. PaX
+is an intrusion prevention system that provides the best protection
+mechanisms against memory corruption bugs. Some applications are not
+compatible with certain features (due to design or bad engineering)
+and therefore they have to be exempted from certain enforcements. It
+is also possible to use PaX in soft mode where none of the protection
+mechanisms are active by default - here paxctl can be used to turn
+them on for selected programs (e.g., network daemons, programs that
+process network data such as mail clients, web browsers, etc).
+
+PaX is provided by a separate kernel patch, that you need to install
+manually. You can get it from: https://grsecurity.net/
diff --git a/system/paxctl/paxctl.SlackBuild b/system/paxctl/paxctl.SlackBuild
new file mode 100644
index 0000000000000..ff06ccd345f2a
--- /dev/null
+++ b/system/paxctl/paxctl.SlackBuild
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+# Slackware build script for paxctl
+
+# Copyright 2013 pyllyukko
+# All rights reserved.
+
+PRGNAM=paxctl
+VERSION=${VERSION:-0.7}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+
+if [ -z "$ARCH" ]; then
+ case "$( uname -m )" in
+ i?86) ARCH=i486 ;;
+ arm*) ARCH=arm ;;
+ *) ARCH=$( uname -m ) ;;
+ esac
+fi
+
+CWD=$(pwd)
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i486" ]; then
+ SLKCFLAGS="-O2 -march=i486 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+ SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+ LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+ SLKCFLAGS="-O2 -fPIC"
+ LIBDIRSUFFIX="64"
+else
+ SLKCFLAGS="-O2"
+ LIBDIRSUFFIX=""
+fi
+
+set -e
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find . \
+ \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \
+ -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
+ -exec chmod 644 {} \;
+
+make
+make install DESTDIR=$PKG MANDIR=/usr/man/man1
+
+find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
+ | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cp -a \
+ ChangeLog README \
+ $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}
diff --git a/system/paxctl/paxctl.info b/system/paxctl/paxctl.info
new file mode 100644
index 0000000000000..f1c2cbcfc5172
--- /dev/null
+++ b/system/paxctl/paxctl.info
@@ -0,0 +1,10 @@
+PRGNAM="paxctl"
+VERSION="0.7"
+HOMEPAGE="http://pax.grsecurity.net/"
+DOWNLOAD="http://pax.grsecurity.net/paxctl-0.7.tar.bz2"
+MD5SUM="25bf9df751976e87be20243e75291263"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="pyllyukko"
+EMAIL="pyllyukko AT maimed dot org"
diff --git a/system/paxctl/slack-desc b/system/paxctl/slack-desc
new file mode 100644
index 0000000000000..c65eb0bf04c99
--- /dev/null
+++ b/system/paxctl/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct. It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+ |-----handy-ruler------------------------------------------------------|
+paxctl: paxctl (PaX control program)
+paxctl:
+paxctl: This is paxctl for controlling PaX flags on a per binary basis. PaX
+paxctl: is an intrusion prevention system that provides the best protection
+paxctl: mechanisms against memory corruption bugs. Some applications are not
+paxctl: compatible with certain features (due to design or bad engineering)
+paxctl: and therefore they have to be exempted from certain enforcements.
+paxctl:
+paxctl:
+paxctl: Homepage: http://pax.grsecurity.net/
+paxctl: