diff options
author | Ned Ludd <solar@gentoo.org> | 2003-06-16 18:37:12 +0000 |
---|---|---|
committer | Ned Ludd <solar@gentoo.org> | 2003-06-16 18:37:12 +0000 |
commit | 53db29c6a31d1e03d1c009f835d5871a9e18a294 (patch) | |
tree | 4947939a25d2ce80fe1ccff575b439caa9298921 /sys-apps/gradm | |
parent | version bump, removed old versions of gradm from portage and old chpax stuff ... (diff) | |
download | historical-53db29c6a31d1e03d1c009f835d5871a9e18a294.tar.gz historical-53db29c6a31d1e03d1c009f835d5871a9e18a294.tar.bz2 historical-53db29c6a31d1e03d1c009f835d5871a9e18a294.zip |
version bump, removed old versions of gradm from portage and old chpax stuff in files, started the proccess of unmasking gradm for other arches added ~ppc ~sparc as these are known to work
Diffstat (limited to 'sys-apps/gradm')
-rw-r--r-- | sys-apps/gradm/Manifest | 6 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.5a | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.6 | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.7b | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.9.10 | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.9.9g | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/digest-gradm-1.9.9h | 1 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm-1.5a-chpax.c | 244 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm-1.6-chpax.c | 335 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm-1.7b-chpax.c | 335 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm-chpax.c | 335 | ||||
-rw-r--r-- | sys-apps/gradm/files/gradm_parse.c-1.9.x.patch | 13 | ||||
-rw-r--r-- | sys-apps/gradm/files/grsecurity | 3 | ||||
-rw-r--r-- | sys-apps/gradm/files/grsecurity.rc | 38 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.5a.ebuild | 47 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.6.ebuild | 45 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.9.10.ebuild (renamed from sys-apps/gradm/gradm-1.7b.ebuild) | 22 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.9.9g.ebuild | 48 | ||||
-rw-r--r-- | sys-apps/gradm/gradm-1.9.9h.ebuild | 48 |
19 files changed, 47 insertions, 1478 deletions
diff --git a/sys-apps/gradm/Manifest b/sys-apps/gradm/Manifest index 7ed57329079c..a3ea17471676 100644 --- a/sys-apps/gradm/Manifest +++ b/sys-apps/gradm/Manifest @@ -1,9 +1,9 @@ -MD5 0e02116fa7c6eddb4dd89316bedc4370 ChangeLog 2544 +MD5 6b65f7124006a2ef31d83f0b7798902e ChangeLog 2543 MD5 3b3a771e0d6d0fb4eca5d1ab796ee6e7 gradm-1.9.9h-r1.ebuild 960 -MD5 0b1b31815330df9668182987a8b3bc43 gradm-1.9.10.ebuild 886 +MD5 06e2066b7db002613dcfd566bf15dd62 gradm-1.9.10.ebuild 982 MD5 9ed10401445937522700f59bc6bccdd2 files/digest-gradm-1.9.9h-r1 63 MD5 a6053e16d27a5e0fc626bc0a7b7356fa files/digest-gradm-1.9.10 63 MD5 c2618fc7963e008681dfd08db6886058 files/gradm_parse.c-1.9.x.patch 524 MD5 c2618fc7963e008681dfd08db6886058 files/gradm_parse.c-1.9.9h.patch 524 MD5 407eeba68c4cd90a492624f3be3f6367 files/grsecurity 1922 -MD5 94b109252d3730ee36cd751ae128738a files/grsecurity.rc 1742 +MD5 747a58a4e9af5abd23b672e8cf417c08 files/grsecurity.rc 1741 diff --git a/sys-apps/gradm/files/digest-gradm-1.5a b/sys-apps/gradm/files/digest-gradm-1.5a deleted file mode 100644 index 251d7c6f7f18..000000000000 --- a/sys-apps/gradm/files/digest-gradm-1.5a +++ /dev/null @@ -1 +0,0 @@ -MD5 fe58cba7cacdee4c0329914235d4e4ab gradm-1.5a.tar.gz 26954 diff --git a/sys-apps/gradm/files/digest-gradm-1.6 b/sys-apps/gradm/files/digest-gradm-1.6 deleted file mode 100644 index d5911cc297de..000000000000 --- a/sys-apps/gradm/files/digest-gradm-1.6 +++ /dev/null @@ -1 +0,0 @@ -MD5 7f1eacca4c0be8a1e5c088a38c249d32 gradm-1.6.tar.gz 29934 diff --git a/sys-apps/gradm/files/digest-gradm-1.7b b/sys-apps/gradm/files/digest-gradm-1.7b deleted file mode 100644 index 2ffc54039d04..000000000000 --- a/sys-apps/gradm/files/digest-gradm-1.7b +++ /dev/null @@ -1 +0,0 @@ -MD5 31d6516a43128fdcfcb977f4e9d461c2 gradm-1.7b.tar.gz 30844 diff --git a/sys-apps/gradm/files/digest-gradm-1.9.10 b/sys-apps/gradm/files/digest-gradm-1.9.10 new file mode 100644 index 000000000000..020c9e354be4 --- /dev/null +++ b/sys-apps/gradm/files/digest-gradm-1.9.10 @@ -0,0 +1 @@ +MD5 cec67e20d3c7780854318e8ed1945334 gradm-1.9.10.tar.gz 37945 diff --git a/sys-apps/gradm/files/digest-gradm-1.9.9g b/sys-apps/gradm/files/digest-gradm-1.9.9g deleted file mode 100644 index b16017ee8f51..000000000000 --- a/sys-apps/gradm/files/digest-gradm-1.9.9g +++ /dev/null @@ -1 +0,0 @@ -MD5 abbe738ad06dae1100c4a984cf9b8702 gradm-1.9.9g.tar.gz 36727 diff --git a/sys-apps/gradm/files/digest-gradm-1.9.9h b/sys-apps/gradm/files/digest-gradm-1.9.9h deleted file mode 100644 index d6b226712487..000000000000 --- a/sys-apps/gradm/files/digest-gradm-1.9.9h +++ /dev/null @@ -1 +0,0 @@ -MD5 7c5dce62271942dc932b2c08848d9163 gradm-1.9.9h.tar.gz 36878 diff --git a/sys-apps/gradm/files/gradm-1.5a-chpax.c b/sys-apps/gradm/files/gradm-1.5a-chpax.c deleted file mode 100644 index d5482d1c895c..000000000000 --- a/sys-apps/gradm/files/gradm-1.5a-chpax.c +++ /dev/null @@ -1,244 +0,0 @@ -/* - * This program manages various PaX related flags for ELF and a.out binaries. - * The flags only have effect when running the patched Linux kernel. - * - * Written by Solar Designer and placed in the public domain. - * - * Adapted to PaX by the PaX Team. - */ - -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> -#include <linux/elf.h> -#include <linux/a.out.h> - -#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-executable pages */ -#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */ -#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */ -#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ -#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */ -#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-executable pages */ - -static struct elf32_hdr header_elf; -static struct exec header_aout; -static void *header; -static int header_size; -static int fd; - -static unsigned long (*get_flags)(); -static void (*put_flags)(unsigned long); - -static unsigned long get_flags_elf() -{ - return header_elf.e_flags; -} - -static void put_flags_elf(unsigned long flags) -{ - header_elf.e_flags = flags; -} - -static unsigned long get_flags_aout() -{ - return N_FLAGS(header_aout); -} - -static void put_flags_aout(unsigned long flags) -{ - N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP); -} - -static int read_header(char *name, int mode) -{ - char *ptr; - int size, block; - - if ((fd = open(name, mode)) < 0) return 1; - - ptr = (char *)&header_elf; - size = sizeof(header_elf); - do { - block = read(fd, ptr, size); - if (block <= 0) { - close(fd); - return block ? 1 : 2; - } - ptr += block; size -= block; - } while (size > 0); - - memcpy(&header_aout, &header_elf, sizeof(header_aout)); - - if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) { - if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) return 2; - if (header_elf.e_machine != EM_386) return 3; - header = &header_elf; header_size = sizeof(header_elf); - get_flags = get_flags_elf; put_flags = put_flags_elf; - } else - if (N_MAGIC(header_aout) == NMAGIC || - N_MAGIC(header_aout) == ZMAGIC || - N_MAGIC(header_aout) == QMAGIC) { - if (N_MACHTYPE(header_aout) != M_386) return 3; - header = &header_aout; header_size = 4; - get_flags = get_flags_aout; put_flags = put_flags_aout; - } else return 2; - - return 0; -} - -int write_header() -{ - char *ptr; - int size, block; - - if (lseek(fd, 0, SEEK_SET)) return 1; - - ptr = (char *)header; - size = header_size; - do { - block = write(fd, ptr, size); - if (block <= 0) break; - ptr += block; size -= block; - } while (size > 0); - - return size; -} - -#define USAGE \ -"Usage: %s OPTIONS FILE...\n" \ -"Manage PaX flags for binaries\n\n" \ -" -P\tenforce paging based non-executable pages\n" \ -" -p\tdo not enforce paging based non-executable pages\n" \ -" -E\temulate trampolines\n" \ -" -e\tdo not emulate trampolines\n" \ -" -M\trestrict mprotect()\n" \ -" -m\tdo not restrict mprotect()\n" \ -" -R\trandomize mmap() base [ELF only]\n" \ -" -r\tdo not randomize mmap() base [ELF only]\n" \ -" -X\trandomize ET_EXEC base [ELF only]\n" \ -" -x\tdo not randomize ET_EXEC base [ELF only]\n" \ -" -S\tenforce segmentation based non-executable pages\n" \ -" -s\tdo not enforce segmentation based non-executable pages\n" \ -" -v\tview current flag state\n\n" \ -"The flags only have effect when running the patched Linux kernel.\n" - -void usage(char *name) -{ - printf(USAGE, name ? name : "chpax"); - exit(1); -} - -int main(int argc, char **argv) -{ - char **current; - unsigned long flags; - int error = 0; - int mode; - - if (argc < 3) usage(argv[0]); - if (strlen(argv[1]) != 2) usage(argv[0]); - if (argv[1][0] != '-' || !strchr("pPeEmMrRxXsSv", argv[1][1])) usage(argv[0]); - - current = &argv[2]; - do { - mode = argv[1][1] == 'v' ? O_RDONLY : O_RDWR; - switch (read_header(*current, mode)) { - case 1: - perror(*current); - error = 1; continue; - - case 2: - printf("%s: Unknown file type\n", *current); - error = 1; continue; - - case 3: - printf("%s: Wrong architecture\n", *current); - error = 1; continue; - } - - flags = get_flags(); - - switch (argv[1][1]) { - case 'p': - put_flags(flags | HF_PAX_PAGEEXEC); - break; - - case 'P': - put_flags((flags & ~HF_PAX_PAGEEXEC)|HF_PAX_SEGMEXEC); - break; - - case 'E': - put_flags(flags | HF_PAX_EMUTRAMP); - break; - - case 'e': - put_flags(flags & ~HF_PAX_EMUTRAMP); - break; - - case 'm': - put_flags(flags | HF_PAX_MPROTECT); - break; - - case 'M': - put_flags(flags & ~HF_PAX_MPROTECT); - break; - - case 'r': - put_flags(flags | HF_PAX_RANDMMAP); - break; - - case 'R': - put_flags(flags & ~HF_PAX_RANDMMAP); - break; - - case 'X': - put_flags(flags | HF_PAX_RANDEXEC); - break; - - case 'x': - put_flags(flags & ~HF_PAX_RANDEXEC); - break; - - case 's': - put_flags(flags | HF_PAX_SEGMEXEC); - break; - - case 'S': - put_flags((flags & ~HF_PAX_SEGMEXEC)|HF_PAX_PAGEEXEC); - break; - - default: - printf("%s: " - "paging based PAGE_EXEC is %s, " - "trampolines are %s, " - "mprotect() is %s, " - "mmap() base is %s, " - "ET_EXEC base is %s, " - "segmentation based PAGE_EXEC is %s\n", *current, - (flags & HF_PAX_PAGEEXEC) || !(flags & HF_PAX_SEGMEXEC) - ? "disabled" : "enabled", - flags & HF_PAX_EMUTRAMP - ? "emulated" : "not emulated", - flags & HF_PAX_MPROTECT - ? "not restricted" : "restricted", - flags & HF_PAX_RANDMMAP - ? "not randomized" : "randomized", - flags & HF_PAX_RANDEXEC - ? "randomized" : "not randomized", - flags & HF_PAX_SEGMEXEC - ? "disabled" : "enabled"); - } - - if (flags != get_flags()) - if (write_header()) { - perror(*current); - error = 1; - } - - close(fd); - } while (*++current); - - return error; -} diff --git a/sys-apps/gradm/files/gradm-1.6-chpax.c b/sys-apps/gradm/files/gradm-1.6-chpax.c deleted file mode 100644 index 9dd3dd880e36..000000000000 --- a/sys-apps/gradm/files/gradm-1.6-chpax.c +++ /dev/null @@ -1,335 +0,0 @@ -/* - * This program manages various PaX related flags for ELF and a.out binaries. - * The flags only have effect when running the patched Linux kernel. - * - * Written by Solar Designer and placed in the public domain. - * - * Adapted to PaX by the PaX Team - * - * Nov 10 2002 : Added multi{options,files} cmdline, zeroflag, nicer output - * (+ double output if flags are changed and -v is specified), more error - * handling. - * - * Dec 11 2002 : Explicit error messages and return value, even more - * error handling . (-jv) - * - */ -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> -#include <linux/elf.h> -#include <linux/a.out.h> - -#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-exec pages */ -#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */ -#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */ -#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ -#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */ -#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-exec pages */ - -#define XCLOSE(fd) \ -do \ -{ \ - if (close(fd)) \ - perror("close"); \ -} \ -while (0) - -static struct elf32_hdr header_elf; -static struct exec header_aout; -static void *header; -static int header_size; -static int fd; - -static unsigned long (*get_flags)(); -static void (*put_flags)(unsigned long); - - -static void print_flags(unsigned long flags) -{ - printf(" * Paging based PAGE_EXEC : %s \n" - " * Trampolines : %s \n" - " * mprotect() : %s \n" - " * mmap() base : %s \n" - " * ET_EXEC base : %s \n" - " * Segmentation based PAGE_EXEC : %s \n", - flags & HF_PAX_PAGEEXEC - ? "disabled" : flags & HF_PAX_SEGMEXEC ? "enabled" : "enabled (overridden)", - flags & HF_PAX_EMUTRAMP - ? "emulated" : "not emulated", - flags & HF_PAX_MPROTECT - ? "not restricted" : "restricted", - flags & HF_PAX_RANDMMAP - ? "not randomized" : "randomized", - flags & HF_PAX_RANDEXEC - ? "randomized" : "not randomized", - flags & HF_PAX_SEGMEXEC - ? "disabled" : "enabled"); -} - -static unsigned long get_flags_elf() -{ - return (header_elf.e_flags); -} - -static void put_flags_elf(unsigned long flags) -{ - header_elf.e_flags = flags; -} - -static unsigned long get_flags_aout() -{ - return (N_FLAGS(header_aout)); -} - -static void put_flags_aout(unsigned long flags) -{ - N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP); -} - -static int read_header(char *name, int mode) -{ - char *ptr; - int size; - int block; - - if ((fd = open(name, mode)) < 0) - return 1; - - ptr = (char *) &header_elf; - size = sizeof (header_elf); - - do - { - block = read(fd, ptr, size); - if (block <= 0) - return (block ? 1 : 2); - ptr += block; size -= block; - } - while (size > 0); - - memcpy(&header_aout, &header_elf, sizeof(header_aout)); - - if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) - { - if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) - return 2; - if (header_elf.e_machine != EM_386) - return 3; - header = &header_elf; - header_size = sizeof(header_elf); - get_flags = get_flags_elf; - put_flags = put_flags_elf; - } - - else if (N_MAGIC(header_aout) == NMAGIC || - N_MAGIC(header_aout) == ZMAGIC || - N_MAGIC(header_aout) == QMAGIC) - { - if (N_MACHTYPE(header_aout) != M_386) - return 3; - header = &header_aout; - header_size = 4; - get_flags = get_flags_aout; - put_flags = put_flags_aout; - } - - else - return (2); - - return (0); -} - -int write_header() -{ - char *ptr; - int size; - int block; - - if (lseek(fd, 0, SEEK_SET)) - return 1; - - ptr = (char *) header; - size = header_size; - - do - { - block = write(fd, ptr, size); - if (block <= 0) - break; - ptr += block; - size -= block; - } - while (size > 0); - - return size; -} - - -#define USAGE \ -"Usage: %s OPTIONS FILE1 FILE2 FILEN ...\n" \ -"Manage PaX flags for binaries\n\n" \ -" -P\tenforce paging based non-executable pages\n" \ -" -p\tdo not enforce paging based non-executable pages\n" \ -" -E\temulate trampolines\n" \ -" -e\tdo not emulate trampolines\n" \ -" -M\trestrict mprotect()\n" \ -" -m\tdo not restrict mprotect()\n" \ -" -R\trandomize mmap() base [ELF only]\n" \ -" -r\tdo not randomize mmap() base [ELF only]\n" \ -" -X\trandomize ET_EXEC base [ELF only]\n" \ -" -x\tdo not randomize ET_EXEC base [ELF only]\n" \ -" -S\tenforce segmentation based non-executable pages\n" \ -" -s\tdo not enforce segmentation based non-executable pages\n" \ -" -v\tview current flag mask \n" \ -" -z\tzero flag mask (next flags still apply)\n\n" \ -"The flags only have effect when running the patched Linux kernel.\n" - - -void usage(char *name) -{ - printf(USAGE, (name ? name : "chpax")); - exit(1); -} - -unsigned long scan_flags(unsigned long flags, char **argv, int *view) -{ - int index; - - for (index = 1; argv[1][index]; index++) - switch (argv[1][index]) - { - - case 'p': - flags |= HF_PAX_PAGEEXEC; - continue ; - - case 'P': - flags = (flags & ~HF_PAX_PAGEEXEC) | HF_PAX_SEGMEXEC; - continue ; - - case 'E': - flags |= HF_PAX_EMUTRAMP; - continue ; - - case 'e': - flags = (flags & ~HF_PAX_EMUTRAMP); - continue ; - - case 'm': - flags |= HF_PAX_MPROTECT; - continue ; - - case 'M': - flags = (flags & ~HF_PAX_MPROTECT); - continue ; - - case 'r': - flags |= HF_PAX_RANDMMAP; - continue ; - - case 'R': - flags = (flags & ~HF_PAX_RANDMMAP); - continue ; - - case 'X': - flags |= HF_PAX_RANDEXEC; - continue ; - - case 'x': - flags = (flags & ~HF_PAX_RANDEXEC); - continue ; - - case 's': - flags |= HF_PAX_SEGMEXEC; - continue ; - - case 'S': - flags = (flags & ~HF_PAX_SEGMEXEC) | HF_PAX_PAGEEXEC; - continue ; - - case 'v': - *view = 1; - continue ; - - case 'z': - flags = 0; - continue ; - - default: - fprintf(stderr, "Unknown option %c \n", argv[1][index]); - usage(argv[0]); - } - - return (flags); -} - - -int main(int argc, char **argv) -{ - unsigned long flags; - unsigned long aflags; - unsigned int index; - int mode; - char *current; - int error = 0; - int view = 0; - - if (argc < 3 || argv[1][0] != '-') - usage(argv[0]); - - for (index = 2, current = argv[index]; current; current = argv[++index]) - { - - mode = (argc == 3 && !strcmp(argv[1], "-v") ? O_RDONLY : O_RDWR); - - error = read_header(current, mode); - switch (error) - { - case 1: - perror(current); - continue ; - case 2: - fprintf(stderr, "%s: Unknown file type (passed) \n", current); - XCLOSE(fd); - continue ; - case 3: - fprintf(stderr, "%s: Wrong architecture (passed) \n", current); - XCLOSE(fd); - continue ; - } - - aflags = get_flags(); - flags = scan_flags(aflags, argv, &view); - - if (view) - { - printf("\n----[ Current flags for %s ]---- \n\n", current); - print_flags(aflags); - puts(""); - } - - put_flags(flags); - - if (flags != aflags && write_header()) - { - perror(current); - error = 4; - } - - if (error) - fprintf(stderr, "%s : Flags were not updated . \n", current); - else if (view && aflags != flags) - { - printf("\n----[ Updated flags for %s ]---- \n\n", current); - print_flags(flags); - puts(""); - } - - XCLOSE(fd); - } - - return (error); -} diff --git a/sys-apps/gradm/files/gradm-1.7b-chpax.c b/sys-apps/gradm/files/gradm-1.7b-chpax.c deleted file mode 100644 index 9dd3dd880e36..000000000000 --- a/sys-apps/gradm/files/gradm-1.7b-chpax.c +++ /dev/null @@ -1,335 +0,0 @@ -/* - * This program manages various PaX related flags for ELF and a.out binaries. - * The flags only have effect when running the patched Linux kernel. - * - * Written by Solar Designer and placed in the public domain. - * - * Adapted to PaX by the PaX Team - * - * Nov 10 2002 : Added multi{options,files} cmdline, zeroflag, nicer output - * (+ double output if flags are changed and -v is specified), more error - * handling. - * - * Dec 11 2002 : Explicit error messages and return value, even more - * error handling . (-jv) - * - */ -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> -#include <linux/elf.h> -#include <linux/a.out.h> - -#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-exec pages */ -#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */ -#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */ -#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ -#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */ -#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-exec pages */ - -#define XCLOSE(fd) \ -do \ -{ \ - if (close(fd)) \ - perror("close"); \ -} \ -while (0) - -static struct elf32_hdr header_elf; -static struct exec header_aout; -static void *header; -static int header_size; -static int fd; - -static unsigned long (*get_flags)(); -static void (*put_flags)(unsigned long); - - -static void print_flags(unsigned long flags) -{ - printf(" * Paging based PAGE_EXEC : %s \n" - " * Trampolines : %s \n" - " * mprotect() : %s \n" - " * mmap() base : %s \n" - " * ET_EXEC base : %s \n" - " * Segmentation based PAGE_EXEC : %s \n", - flags & HF_PAX_PAGEEXEC - ? "disabled" : flags & HF_PAX_SEGMEXEC ? "enabled" : "enabled (overridden)", - flags & HF_PAX_EMUTRAMP - ? "emulated" : "not emulated", - flags & HF_PAX_MPROTECT - ? "not restricted" : "restricted", - flags & HF_PAX_RANDMMAP - ? "not randomized" : "randomized", - flags & HF_PAX_RANDEXEC - ? "randomized" : "not randomized", - flags & HF_PAX_SEGMEXEC - ? "disabled" : "enabled"); -} - -static unsigned long get_flags_elf() -{ - return (header_elf.e_flags); -} - -static void put_flags_elf(unsigned long flags) -{ - header_elf.e_flags = flags; -} - -static unsigned long get_flags_aout() -{ - return (N_FLAGS(header_aout)); -} - -static void put_flags_aout(unsigned long flags) -{ - N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP); -} - -static int read_header(char *name, int mode) -{ - char *ptr; - int size; - int block; - - if ((fd = open(name, mode)) < 0) - return 1; - - ptr = (char *) &header_elf; - size = sizeof (header_elf); - - do - { - block = read(fd, ptr, size); - if (block <= 0) - return (block ? 1 : 2); - ptr += block; size -= block; - } - while (size > 0); - - memcpy(&header_aout, &header_elf, sizeof(header_aout)); - - if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) - { - if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) - return 2; - if (header_elf.e_machine != EM_386) - return 3; - header = &header_elf; - header_size = sizeof(header_elf); - get_flags = get_flags_elf; - put_flags = put_flags_elf; - } - - else if (N_MAGIC(header_aout) == NMAGIC || - N_MAGIC(header_aout) == ZMAGIC || - N_MAGIC(header_aout) == QMAGIC) - { - if (N_MACHTYPE(header_aout) != M_386) - return 3; - header = &header_aout; - header_size = 4; - get_flags = get_flags_aout; - put_flags = put_flags_aout; - } - - else - return (2); - - return (0); -} - -int write_header() -{ - char *ptr; - int size; - int block; - - if (lseek(fd, 0, SEEK_SET)) - return 1; - - ptr = (char *) header; - size = header_size; - - do - { - block = write(fd, ptr, size); - if (block <= 0) - break; - ptr += block; - size -= block; - } - while (size > 0); - - return size; -} - - -#define USAGE \ -"Usage: %s OPTIONS FILE1 FILE2 FILEN ...\n" \ -"Manage PaX flags for binaries\n\n" \ -" -P\tenforce paging based non-executable pages\n" \ -" -p\tdo not enforce paging based non-executable pages\n" \ -" -E\temulate trampolines\n" \ -" -e\tdo not emulate trampolines\n" \ -" -M\trestrict mprotect()\n" \ -" -m\tdo not restrict mprotect()\n" \ -" -R\trandomize mmap() base [ELF only]\n" \ -" -r\tdo not randomize mmap() base [ELF only]\n" \ -" -X\trandomize ET_EXEC base [ELF only]\n" \ -" -x\tdo not randomize ET_EXEC base [ELF only]\n" \ -" -S\tenforce segmentation based non-executable pages\n" \ -" -s\tdo not enforce segmentation based non-executable pages\n" \ -" -v\tview current flag mask \n" \ -" -z\tzero flag mask (next flags still apply)\n\n" \ -"The flags only have effect when running the patched Linux kernel.\n" - - -void usage(char *name) -{ - printf(USAGE, (name ? name : "chpax")); - exit(1); -} - -unsigned long scan_flags(unsigned long flags, char **argv, int *view) -{ - int index; - - for (index = 1; argv[1][index]; index++) - switch (argv[1][index]) - { - - case 'p': - flags |= HF_PAX_PAGEEXEC; - continue ; - - case 'P': - flags = (flags & ~HF_PAX_PAGEEXEC) | HF_PAX_SEGMEXEC; - continue ; - - case 'E': - flags |= HF_PAX_EMUTRAMP; - continue ; - - case 'e': - flags = (flags & ~HF_PAX_EMUTRAMP); - continue ; - - case 'm': - flags |= HF_PAX_MPROTECT; - continue ; - - case 'M': - flags = (flags & ~HF_PAX_MPROTECT); - continue ; - - case 'r': - flags |= HF_PAX_RANDMMAP; - continue ; - - case 'R': - flags = (flags & ~HF_PAX_RANDMMAP); - continue ; - - case 'X': - flags |= HF_PAX_RANDEXEC; - continue ; - - case 'x': - flags = (flags & ~HF_PAX_RANDEXEC); - continue ; - - case 's': - flags |= HF_PAX_SEGMEXEC; - continue ; - - case 'S': - flags = (flags & ~HF_PAX_SEGMEXEC) | HF_PAX_PAGEEXEC; - continue ; - - case 'v': - *view = 1; - continue ; - - case 'z': - flags = 0; - continue ; - - default: - fprintf(stderr, "Unknown option %c \n", argv[1][index]); - usage(argv[0]); - } - - return (flags); -} - - -int main(int argc, char **argv) -{ - unsigned long flags; - unsigned long aflags; - unsigned int index; - int mode; - char *current; - int error = 0; - int view = 0; - - if (argc < 3 || argv[1][0] != '-') - usage(argv[0]); - - for (index = 2, current = argv[index]; current; current = argv[++index]) - { - - mode = (argc == 3 && !strcmp(argv[1], "-v") ? O_RDONLY : O_RDWR); - - error = read_header(current, mode); - switch (error) - { - case 1: - perror(current); - continue ; - case 2: - fprintf(stderr, "%s: Unknown file type (passed) \n", current); - XCLOSE(fd); - continue ; - case 3: - fprintf(stderr, "%s: Wrong architecture (passed) \n", current); - XCLOSE(fd); - continue ; - } - - aflags = get_flags(); - flags = scan_flags(aflags, argv, &view); - - if (view) - { - printf("\n----[ Current flags for %s ]---- \n\n", current); - print_flags(aflags); - puts(""); - } - - put_flags(flags); - - if (flags != aflags && write_header()) - { - perror(current); - error = 4; - } - - if (error) - fprintf(stderr, "%s : Flags were not updated . \n", current); - else if (view && aflags != flags) - { - printf("\n----[ Updated flags for %s ]---- \n\n", current); - print_flags(flags); - puts(""); - } - - XCLOSE(fd); - } - - return (error); -} diff --git a/sys-apps/gradm/files/gradm-chpax.c b/sys-apps/gradm/files/gradm-chpax.c deleted file mode 100644 index 9dd3dd880e36..000000000000 --- a/sys-apps/gradm/files/gradm-chpax.c +++ /dev/null @@ -1,335 +0,0 @@ -/* - * This program manages various PaX related flags for ELF and a.out binaries. - * The flags only have effect when running the patched Linux kernel. - * - * Written by Solar Designer and placed in the public domain. - * - * Adapted to PaX by the PaX Team - * - * Nov 10 2002 : Added multi{options,files} cmdline, zeroflag, nicer output - * (+ double output if flags are changed and -v is specified), more error - * handling. - * - * Dec 11 2002 : Explicit error messages and return value, even more - * error handling . (-jv) - * - */ -#include <stdio.h> -#include <string.h> -#include <sys/types.h> -#include <fcntl.h> -#include <unistd.h> -#include <linux/elf.h> -#include <linux/a.out.h> - -#define HF_PAX_PAGEEXEC 1 /* 0: Paging based non-exec pages */ -#define HF_PAX_EMUTRAMP 2 /* 0: Emulate trampolines */ -#define HF_PAX_MPROTECT 4 /* 0: Restrict mprotect() */ -#define HF_PAX_RANDMMAP 8 /* 0: Randomize mmap() base */ -#define HF_PAX_RANDEXEC 16 /* 1: Randomize ET_EXEC base */ -#define HF_PAX_SEGMEXEC 32 /* 0: Segmentation based non-exec pages */ - -#define XCLOSE(fd) \ -do \ -{ \ - if (close(fd)) \ - perror("close"); \ -} \ -while (0) - -static struct elf32_hdr header_elf; -static struct exec header_aout; -static void *header; -static int header_size; -static int fd; - -static unsigned long (*get_flags)(); -static void (*put_flags)(unsigned long); - - -static void print_flags(unsigned long flags) -{ - printf(" * Paging based PAGE_EXEC : %s \n" - " * Trampolines : %s \n" - " * mprotect() : %s \n" - " * mmap() base : %s \n" - " * ET_EXEC base : %s \n" - " * Segmentation based PAGE_EXEC : %s \n", - flags & HF_PAX_PAGEEXEC - ? "disabled" : flags & HF_PAX_SEGMEXEC ? "enabled" : "enabled (overridden)", - flags & HF_PAX_EMUTRAMP - ? "emulated" : "not emulated", - flags & HF_PAX_MPROTECT - ? "not restricted" : "restricted", - flags & HF_PAX_RANDMMAP - ? "not randomized" : "randomized", - flags & HF_PAX_RANDEXEC - ? "randomized" : "not randomized", - flags & HF_PAX_SEGMEXEC - ? "disabled" : "enabled"); -} - -static unsigned long get_flags_elf() -{ - return (header_elf.e_flags); -} - -static void put_flags_elf(unsigned long flags) -{ - header_elf.e_flags = flags; -} - -static unsigned long get_flags_aout() -{ - return (N_FLAGS(header_aout)); -} - -static void put_flags_aout(unsigned long flags) -{ - N_SET_FLAGS(header_aout, flags & ~HF_PAX_RANDMMAP); -} - -static int read_header(char *name, int mode) -{ - char *ptr; - int size; - int block; - - if ((fd = open(name, mode)) < 0) - return 1; - - ptr = (char *) &header_elf; - size = sizeof (header_elf); - - do - { - block = read(fd, ptr, size); - if (block <= 0) - return (block ? 1 : 2); - ptr += block; size -= block; - } - while (size > 0); - - memcpy(&header_aout, &header_elf, sizeof(header_aout)); - - if (!strncmp(header_elf.e_ident, ELFMAG, SELFMAG)) - { - if (header_elf.e_type != ET_EXEC && header_elf.e_type != ET_DYN) - return 2; - if (header_elf.e_machine != EM_386) - return 3; - header = &header_elf; - header_size = sizeof(header_elf); - get_flags = get_flags_elf; - put_flags = put_flags_elf; - } - - else if (N_MAGIC(header_aout) == NMAGIC || - N_MAGIC(header_aout) == ZMAGIC || - N_MAGIC(header_aout) == QMAGIC) - { - if (N_MACHTYPE(header_aout) != M_386) - return 3; - header = &header_aout; - header_size = 4; - get_flags = get_flags_aout; - put_flags = put_flags_aout; - } - - else - return (2); - - return (0); -} - -int write_header() -{ - char *ptr; - int size; - int block; - - if (lseek(fd, 0, SEEK_SET)) - return 1; - - ptr = (char *) header; - size = header_size; - - do - { - block = write(fd, ptr, size); - if (block <= 0) - break; - ptr += block; - size -= block; - } - while (size > 0); - - return size; -} - - -#define USAGE \ -"Usage: %s OPTIONS FILE1 FILE2 FILEN ...\n" \ -"Manage PaX flags for binaries\n\n" \ -" -P\tenforce paging based non-executable pages\n" \ -" -p\tdo not enforce paging based non-executable pages\n" \ -" -E\temulate trampolines\n" \ -" -e\tdo not emulate trampolines\n" \ -" -M\trestrict mprotect()\n" \ -" -m\tdo not restrict mprotect()\n" \ -" -R\trandomize mmap() base [ELF only]\n" \ -" -r\tdo not randomize mmap() base [ELF only]\n" \ -" -X\trandomize ET_EXEC base [ELF only]\n" \ -" -x\tdo not randomize ET_EXEC base [ELF only]\n" \ -" -S\tenforce segmentation based non-executable pages\n" \ -" -s\tdo not enforce segmentation based non-executable pages\n" \ -" -v\tview current flag mask \n" \ -" -z\tzero flag mask (next flags still apply)\n\n" \ -"The flags only have effect when running the patched Linux kernel.\n" - - -void usage(char *name) -{ - printf(USAGE, (name ? name : "chpax")); - exit(1); -} - -unsigned long scan_flags(unsigned long flags, char **argv, int *view) -{ - int index; - - for (index = 1; argv[1][index]; index++) - switch (argv[1][index]) - { - - case 'p': - flags |= HF_PAX_PAGEEXEC; - continue ; - - case 'P': - flags = (flags & ~HF_PAX_PAGEEXEC) | HF_PAX_SEGMEXEC; - continue ; - - case 'E': - flags |= HF_PAX_EMUTRAMP; - continue ; - - case 'e': - flags = (flags & ~HF_PAX_EMUTRAMP); - continue ; - - case 'm': - flags |= HF_PAX_MPROTECT; - continue ; - - case 'M': - flags = (flags & ~HF_PAX_MPROTECT); - continue ; - - case 'r': - flags |= HF_PAX_RANDMMAP; - continue ; - - case 'R': - flags = (flags & ~HF_PAX_RANDMMAP); - continue ; - - case 'X': - flags |= HF_PAX_RANDEXEC; - continue ; - - case 'x': - flags = (flags & ~HF_PAX_RANDEXEC); - continue ; - - case 's': - flags |= HF_PAX_SEGMEXEC; - continue ; - - case 'S': - flags = (flags & ~HF_PAX_SEGMEXEC) | HF_PAX_PAGEEXEC; - continue ; - - case 'v': - *view = 1; - continue ; - - case 'z': - flags = 0; - continue ; - - default: - fprintf(stderr, "Unknown option %c \n", argv[1][index]); - usage(argv[0]); - } - - return (flags); -} - - -int main(int argc, char **argv) -{ - unsigned long flags; - unsigned long aflags; - unsigned int index; - int mode; - char *current; - int error = 0; - int view = 0; - - if (argc < 3 || argv[1][0] != '-') - usage(argv[0]); - - for (index = 2, current = argv[index]; current; current = argv[++index]) - { - - mode = (argc == 3 && !strcmp(argv[1], "-v") ? O_RDONLY : O_RDWR); - - error = read_header(current, mode); - switch (error) - { - case 1: - perror(current); - continue ; - case 2: - fprintf(stderr, "%s: Unknown file type (passed) \n", current); - XCLOSE(fd); - continue ; - case 3: - fprintf(stderr, "%s: Wrong architecture (passed) \n", current); - XCLOSE(fd); - continue ; - } - - aflags = get_flags(); - flags = scan_flags(aflags, argv, &view); - - if (view) - { - printf("\n----[ Current flags for %s ]---- \n\n", current); - print_flags(aflags); - puts(""); - } - - put_flags(flags); - - if (flags != aflags && write_header()) - { - perror(current); - error = 4; - } - - if (error) - fprintf(stderr, "%s : Flags were not updated . \n", current); - else if (view && aflags != flags) - { - printf("\n----[ Updated flags for %s ]---- \n\n", current); - print_flags(flags); - puts(""); - } - - XCLOSE(fd); - } - - return (error); -} diff --git a/sys-apps/gradm/files/gradm_parse.c-1.9.x.patch b/sys-apps/gradm/files/gradm_parse.c-1.9.x.patch new file mode 100644 index 000000000000..7281e7b6c248 --- /dev/null +++ b/sys-apps/gradm/files/gradm_parse.c-1.9.x.patch @@ -0,0 +1,13 @@ +--- gradm_parse.c 2003-05-13 01:41:26.000000000 -0400 ++++ gradm_parse_gentoo.c 2003-05-13 01:51:17.000000000 -0400 +@@ -677,8 +677,8 @@ + n = scandir(dir, &namelist, 0, alphasort); + if (n >= 0) { + while (n--) { +- if (strcmp(namelist[n]->d_name, ".") +- && strcmp(namelist[n]->d_name, "..")) { ++ /* ignore files and directorys that start with . */ ++ if (namelist[n]->d_name[0] != '.') { + memset(&path, 0, sizeof (path)); + snprintf(path, PATH_MAX - 1, "%s/%s", + dir, namelist[n]->d_name); diff --git a/sys-apps/gradm/files/grsecurity b/sys-apps/gradm/files/grsecurity index 88858b57ba75..2352dfbe21bd 100644 --- a/sys-apps/gradm/files/grsecurity +++ b/sys-apps/gradm/files/grsecurity @@ -13,6 +13,9 @@ MPROTECT_EXEMPT="" # Files we should not randomize mmap for MMAP_EXEMPT="" +# Files not to enforce segmentation based non-executable pages +SEGMENTATION_EXEMPT="${PAGE_EXEC_EXEMPT}" + # # Check your running kernel for valid options. # "sysctl -a | grep kernel.grsecurity. | cut -d '.' -f 3 | awk '{print $1}'" diff --git a/sys-apps/gradm/files/grsecurity.rc b/sys-apps/gradm/files/grsecurity.rc index 0baee1e32644..b4a9ed4303ff 100644 --- a/sys-apps/gradm/files/grsecurity.rc +++ b/sys-apps/gradm/files/grsecurity.rc @@ -1,7 +1,7 @@ #!/sbin/runscript # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/files/grsecurity.rc,v 1.6 2003/05/17 02:33:34 method Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/files/grsecurity.rc,v 1.7 2003/06/16 18:37:01 solar Exp $ PROCDIR=/proc/sys/kernel/grsecurity @@ -21,13 +21,12 @@ start() { ebegin "Starting grsecurity" - for x in ${ENABLED} ; do - if [ -f ${PROCDIR}/${x} ]; then - echo 1 >${PROCDIR}/${x} - fi + for x in ${ENABLED}; do + # [ -f ${PROCDIR}/${x} ] && continue + # einfo "\tEnabling kernel.grsecurity.${x}" case "${x}" in allow_ptrace_group) - echo ${ptrace_gid} >${PROCDIR}/ptrace_gid + echo ${ptrace_gid} > ${PROCDIR}/ptrace_gid ;; fork_bomb_prot) echo ${fork_bomb_gid} >${PROCDIR}/fork_bomb_gid @@ -43,36 +42,33 @@ start() { socket_server) echo ${socket_server_gid} >${PROCDIR}/socket_server_gid ;; + *) + [ -f ${PROCDIR}/${x} ] && echo 1 >${PROCDIR}/${x} + ;; esac done for x in ${PAGE_EXEC_EXEMPT} ; do - if [ -f ${x} ]; then - /sbin/chpax -p ${x} - fi + [ -f ${x} ] && /sbin/chpax -p ${x} done for x in ${TRAMPOLINE_EXEMPT} ; do - if [ -f ${x} ]; then - /sbin/chpax -e ${x} - fi + [ -f ${x} ] && /sbin/chpax -e ${x} done for x in ${MPROTECT_EXEMPT} ; do - if [ -f ${x} ]; then - /sbin/chpax -m ${x} - fi + [ -f ${x} ] && /sbin/chpax -m ${x} done for x in ${MMAP_EXEMPT} ; do - if [ -f ${x} ]; then - /sbin/chpax -r ${x} - fi + [ -f ${x} ] && /sbin/chpax -r ${x} done - if [ -f ${PROCDIR}/grsec_lock ] ; then - echo ${LOCK} >${PROCDIR}/grsec_lock - fi + for x in ${SEGMENTATION_EXEMPT} ; do + [ -f ${x} ] && /sbin/chpax -s ${x} + done + + [ -f ${PROCDIR}/grsec_lock ] && echo ${LOCK} >${PROCDIR}/grsec_lock eend ${?} } diff --git a/sys-apps/gradm/gradm-1.5a.ebuild b/sys-apps/gradm/gradm-1.5a.ebuild deleted file mode 100644 index 482b7abe4a89..000000000000 --- a/sys-apps/gradm/gradm-1.5a.ebuild +++ /dev/null @@ -1,47 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.5a.ebuild,v 1.2 2003/02/13 15:57:42 vapier Exp $ - -DESCRIPTION="ACL administrative interface to grsecurity" -SRC_URI="http://www.grsecurity.net/${P}.tar.gz" -HOMEPAGE="http://www.grsecurity.net/" -LICENSE="GPL-2" -KEYWORDS="x86" -SLOT="0" - -DEPEND="sys-devel/bison - sys-devel/flex" -RDEPEND="" - -S="${WORKDIR}/${PN}" - -src_unpack() { - unpack ${A} - - cd ${S} - cp ${FILESDIR}/${P}-chpax.c chpax.c - - mv Makefile Makefile.orig - sed <Makefile.orig >Makefile \ - -e 's|YACC=/usr/bin/yacc|YACC=/usr/bin/bison|' \ - -e 's|$(YACC) -d|$(YACC) -y -d|' \ - -e "s|-O2|${CFLAGS}|" -} - -src_compile() { - emake || die "compile problem" - emake chpax || die "compile problem" -} - -src_install() { - doman gradm.8 - dodoc acl - exeinto /etc/init.d - newexe ${FILESDIR}/grsecurity.rc grsecurity - insinto /etc/conf.d - doins ${FILESDIR}/grsecurity - into / - dosbin gradm chpax - fperms 700 /sbin/gradm - fperms 700 /sbin/chpax -} diff --git a/sys-apps/gradm/gradm-1.6.ebuild b/sys-apps/gradm/gradm-1.6.ebuild deleted file mode 100644 index 0990ef0dcbe5..000000000000 --- a/sys-apps/gradm/gradm-1.6.ebuild +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.6.ebuild,v 1.2 2003/02/13 15:57:48 vapier Exp $ - -DESCRIPTION="ACL administrative interface to grsecurity" -SRC_URI="http://www.grsecurity.net/${P}.tar.gz" -HOMEPAGE="http://www.grsecurity.net/" - -LICENSE="GPL-2" -KEYWORDS="~x86" -SLOT="0" - -DEPEND="sys-devel/bison - sys-devel/flex" -RDEPEND="" - -S="${WORKDIR}/${PN}" - -src_unpack() { - unpack ${A} - - cd ${S} - cp ${FILESDIR}/${P}-chpax.c chpax.c - - mv Makefile{,.orig} - sed -e "s|-O2|${CFLAGS}|" Makefile.orig > Makefile -} - -src_compile() { - emake CC="${CC}" || die "compile problem" - emake CC="${CC}" chpax || die "compile problem" -} - -src_install() { - doman gradm.8 - dodoc acl - exeinto /etc/init.d - newexe ${FILESDIR}/grsecurity.rc grsecurity - insinto /etc/conf.d - doins ${FILESDIR}/grsecurity - into / - dosbin gradm chpax - fperms 700 /sbin/gradm - fperms 700 /sbin/chpax -} diff --git a/sys-apps/gradm/gradm-1.7b.ebuild b/sys-apps/gradm/gradm-1.9.10.ebuild index a08246c4bbd9..36b6b709065c 100644 --- a/sys-apps/gradm/gradm-1.7b.ebuild +++ b/sys-apps/gradm/gradm-1.9.10.ebuild @@ -1,34 +1,33 @@ # Copyright 1999-2003 Gentoo Technologies, Inc. # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.7b.ebuild,v 1.1 2003/03/09 19:23:53 aliz Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.9.10.ebuild,v 1.1 2003/06/16 18:37:01 solar Exp $ -DESCRIPTION="ACL administrative interface to grsecurity" +DESCRIPTION="Administrative interface for grsecurity ${PV} access control lists" SRC_URI="http://www.grsecurity.net/${P}.tar.gz" HOMEPAGE="http://www.grsecurity.net/" LICENSE="GPL-2" -KEYWORDS="~x86" +KEYWORDS="x86 ~x86 ~sparc ~ppc" SLOT="0" -DEPEND="sys-devel/bison - sys-devel/flex" -RDEPEND="" +IUSE="" +DEPEND="virtual/glibc + sys-devel/bison + sys-devel/flex + sys-apps/chpax" S="${WORKDIR}/${PN}" src_unpack() { unpack ${A} - cd ${S} - cp ${FILESDIR}/${P}-chpax.c chpax.c - + epatch ${FILESDIR}/gradm_parse.c-1.9.x.patch mv Makefile{,.orig} sed -e "s|-O2|${CFLAGS}|" Makefile.orig > Makefile } src_compile() { emake CC="${CC}" || die "compile problem" - emake CC="${CC}" chpax || die "compile problem" } src_install() { @@ -39,7 +38,6 @@ src_install() { insinto /etc/conf.d doins ${FILESDIR}/grsecurity into / - dosbin gradm chpax + dosbin gradm fperms 700 /sbin/gradm - fperms 700 /sbin/chpax } diff --git a/sys-apps/gradm/gradm-1.9.9g.ebuild b/sys-apps/gradm/gradm-1.9.9g.ebuild deleted file mode 100644 index 41c0d9ded946..000000000000 --- a/sys-apps/gradm/gradm-1.9.9g.ebuild +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.9.9g.ebuild,v 1.1 2003/04/20 18:21:14 method Exp $ - -DESCRIPTION="ACL administrative interface to grsecurity including gentoo policies" -SRC_URI="http://www.grsecurity.net/${P}.tar.gz" -HOMEPAGE="http://www.grsecurity.net/" - -LICENSE="GPL-2" -KEYWORDS="~x86" -SLOT="0" - -DEPEND="sys-devel/bison - sys-devel/flex" -RDEPEND="" - -S="${WORKDIR}/${PN}" - -src_unpack() { - unpack ${A} - - cd ${S} - cp ${FILESDIR}/${PN}-chpax.c chpax.c - - mv Makefile{,.orig} - sed -e "s|-O2|${CFLAGS}|" Makefile.orig > Makefile -} - -src_compile() { - emake CC="${CC}" || die "compile problem" - emake CC="${CC}" chpax || die "compile problem" -} - -src_install() { - doman gradm.8 - dodoc acl - exeinto /etc/init.d - newexe ${FILESDIR}/grsecurity.rc grsecurity - insinto /etc/conf.d - doins ${FILESDIR}/grsecurity - insinto /etc/grsec/gentoo_secure_acls - doins ${S}/gentoo_secure_acls/* - echo "include </etc/grsec/gentoo_secure_acls>" > ${D}/etc/grsec/acl - into / - dosbin gradm chpax - fperms 700 /sbin/gradm - fperms 700 /sbin/chpax -} diff --git a/sys-apps/gradm/gradm-1.9.9h.ebuild b/sys-apps/gradm/gradm-1.9.9h.ebuild deleted file mode 100644 index 784f07b13427..000000000000 --- a/sys-apps/gradm/gradm-1.9.9h.ebuild +++ /dev/null @@ -1,48 +0,0 @@ -# Copyright 1999-2003 Gentoo Technologies, Inc. -# Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/gradm/gradm-1.9.9h.ebuild,v 1.1 2003/05/11 14:56:34 method Exp $ - -DESCRIPTION="ACL administrative interface to grsecurity including gentoo policies" -SRC_URI="http://www.grsecurity.net/${P}.tar.gz" -HOMEPAGE="http://www.grsecurity.net/" - -LICENSE="GPL-2" -KEYWORDS="~x86" -SLOT="0" - -DEPEND="sys-devel/bison - sys-devel/flex" -RDEPEND="" - -S="${WORKDIR}/${PN}" - -src_unpack() { - unpack ${A} - - cd ${S} - cp ${FILESDIR}/${PN}-chpax.c chpax.c - - mv Makefile{,.orig} - sed -e "s|-O2|${CFLAGS}|" Makefile.orig > Makefile -} - -src_compile() { - emake CC="${CC}" || die "compile problem" - emake CC="${CC}" chpax || die "compile problem" -} - -src_install() { - doman gradm.8 - dodoc acl - exeinto /etc/init.d - newexe ${FILESDIR}/grsecurity.rc grsecurity - insinto /etc/conf.d - doins ${FILESDIR}/grsecurity - insinto /etc/grsec/gentoo_secure_acls - doins ${S}/gentoo_secure_acls/* - echo "include </etc/grsec/gentoo_secure_acls>" > ${D}/etc/grsec/acl - into / - dosbin gradm chpax - fperms 700 /sbin/gradm - fperms 700 /sbin/chpax -} |