diff options
author | pyllyukko <pyllyukko AT maimed dot org> | 2013-02-13 18:40:57 -0500 |
---|---|---|
committer | dsomero <xgizzmo@slackbuilds.org> | 2013-02-13 19:34:03 -0500 |
commit | 1af2ba7bf506ab3a261d1bb1b016e6b65a1f944f (patch) | |
tree | 7b5729bb78ef16e9eb46f1d998dc7835ef0e1e18 | |
parent | 8ba76cf2a102e3aa36f9fb5450e9f2bd25b9f523 (diff) |
system/paxctl: Added (PaX control program)
Signed-off-by: dsomero <xgizzmo@slackbuilds.org>
-rw-r--r-- | system/paxctl/README | 12 | ||||
-rw-r--r-- | system/paxctl/paxctl.SlackBuild | 74 | ||||
-rw-r--r-- | system/paxctl/paxctl.info | 10 | ||||
-rw-r--r-- | system/paxctl/slack-desc | 19 |
4 files changed, 115 insertions, 0 deletions
diff --git a/system/paxctl/README b/system/paxctl/README new file mode 100644 index 0000000000000..3589bd6023057 --- /dev/null +++ b/system/paxctl/README @@ -0,0 +1,12 @@ +This is paxctl for controlling PaX flags on a per binary basis. PaX +is an intrusion prevention system that provides the best protection +mechanisms against memory corruption bugs. Some applications are not +compatible with certain features (due to design or bad engineering) +and therefore they have to be exempted from certain enforcements. It +is also possible to use PaX in soft mode where none of the protection +mechanisms are active by default - here paxctl can be used to turn +them on for selected programs (e.g., network daemons, programs that +process network data such as mail clients, web browsers, etc). + +PaX is provided by a separate kernel patch, that you need to install +manually. You can get it from: https://grsecurity.net/ diff --git a/system/paxctl/paxctl.SlackBuild b/system/paxctl/paxctl.SlackBuild new file mode 100644 index 0000000000000..ff06ccd345f2a --- /dev/null +++ b/system/paxctl/paxctl.SlackBuild @@ -0,0 +1,74 @@ +#!/bin/sh + +# Slackware build script for paxctl + +# Copyright 2013 pyllyukko +# All rights reserved. + +PRGNAM=paxctl +VERSION=${VERSION:-0.7} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.bz2 +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +make +make install DESTDIR=$PKG MANDIR=/usr/man/man1 + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a \ + ChangeLog README \ + $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/paxctl/paxctl.info b/system/paxctl/paxctl.info new file mode 100644 index 0000000000000..f1c2cbcfc5172 --- /dev/null +++ b/system/paxctl/paxctl.info @@ -0,0 +1,10 @@ +PRGNAM="paxctl" +VERSION="0.7" +HOMEPAGE="http://pax.grsecurity.net/" +DOWNLOAD="http://pax.grsecurity.net/paxctl-0.7.tar.bz2" +MD5SUM="25bf9df751976e87be20243e75291263" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="pyllyukko" +EMAIL="pyllyukko AT maimed dot org" diff --git a/system/paxctl/slack-desc b/system/paxctl/slack-desc new file mode 100644 index 0000000000000..c65eb0bf04c99 --- /dev/null +++ b/system/paxctl/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +paxctl: paxctl (PaX control program) +paxctl: +paxctl: This is paxctl for controlling PaX flags on a per binary basis. PaX +paxctl: is an intrusion prevention system that provides the best protection +paxctl: mechanisms against memory corruption bugs. Some applications are not +paxctl: compatible with certain features (due to design or bad engineering) +paxctl: and therefore they have to be exempted from certain enforcements. +paxctl: +paxctl: +paxctl: Homepage: http://pax.grsecurity.net/ +paxctl: |