Merge pull request tj#305 from chrootsu/copy-xattr-when-activate

Added the disabling PaX's mprotect() during an activation.
dprior · Sep 16, 2015 · 1388dd0 · 1388dd0
2 parents 40b5a83 + cefebb2
commit 1388dd0
Showing 1 changed file with 27 additions and 14 deletions.
diff --git a/bin/n b/bin/n
@@ -401,6 +401,31 @@ tarball_url() {
 
 }
 
+#
+# Disable PaX mprotect for <binary>
+#
+
+disable_pax_mprotect() {
+  test -z $1 && abort "binary required"
+  local binary=$1
+
+  # try to disable mprotect via XATTR_PAX header
+  local PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl-ng 2>&1)
+  local PAXCTL_ERROR=1
+  if [ -x "$PAXCTL" ]; then
+    $PAXCTL -l && $PAXCTL -m "$binary" >/dev/null 2>&1
+    PAXCTL_ERROR="$?"
+  fi
+
+  # try to disable mprotect via PT_PAX header
+  if [ $PAXCTL_ERROR != 0 ]; then
+    PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl 2>&1)
+    if [ -x "$PAXCTL" ]; then
+      $PAXCTL -Cm "$binary" >/dev/null 2>&1
+    fi
+  fi
+}
+
 #
 # Activate <version>
 #
@@ -417,6 +442,7 @@ activate() {
         cp -fR "$dir/$subdir" $N_PREFIX
       fi
     done
+    disable_pax_mprotect "$N_PREFIX/bin/node"
   fi
 }
 
@@ -490,20 +516,7 @@ install() {
   [ $QUIET == false ] && erase_line
   rm -f $dir/n.lock
 
-  # try to disable mprotect via XATTR_PAX header
-  local PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl-ng 2>&1)
-  local PAXCTL_ERROR=1
-  if [ -x "$PAXCTL" ]; then
-    $PAXCTL -l && $PAXCTL -m bin/node >/dev/null 2>&1
-    PAXCTL_ERROR="$?"
-  fi
-  # try to disable mprotect via PT_PAX header
-  if [ $PAXCTL_ERROR != 0 ]; then
-    PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl 2>&1)
-    if [ -x "$PAXCTL" ]; then
-      $PAXCTL -Cm bin/node >/dev/null 2>&1
-    fi
-  fi
+  disable_pax_mprotect bin/node
 
   if $ACTIVATE ; then
     activate ${BINS[$DEFAULT]}/$version