pentoo-system: add new toggle_hardened script and desktop file to allow people to toggle pax_softmode at will

2026-04-21 14:21:02 +02:00 · 2014-09-07 04:13:06 +00:00 · 2014-09-07 04:13:06 +00:00 · 4323ac545f
commit 4323ac545f
parent 49dd2570e7
5 changed files with 55 additions and 3 deletions
--- a/pentoo/pentoo-system/Manifest
+++ b/pentoo/pentoo-system/Manifest
@ -6,6 +6,8 @@ AUX b43-commercial-2012.1 305 SHA256 b9a147fc4a41f4d45e5bd8dd790154293bb3a59fd8e
 AUX dokeybindings-2012.1 265 SHA256 ea323401cfaf10a37f04771541390b1c037a255c5583a5030ea6acbce5b5a409 SHA512 0765034bdb44fea5833be31f41bf1791866221c5f4148e639c172cbfb937a8090ada0c4fa62b5e96dded7501285a8a2f758d59397468d339782652ca18770aac WHIRLPOOL b0b272f7a7ece9930241c89bbe1fe7a3999baf853f547ef4f35770e42f0f49c2e12318ca8ab3fb001ddbbbb87b099e9f6545d897205464d245b5d057c287a431
 AUX layman-sync 56 SHA256 3d8376566a509d4cfdcee8df55bdaf48fcdaf62c4dd46649c8bf3341b1c522aa SHA512 c7a49c4e0025958800a05d8c06ce1a01621d30358bdce829ea1187bde0d8a41c6d44c284037ee3c5bcc1bca3b319cd28b2350005eb1a2bbcfa0a1534eaaceb84 WHIRLPOOL 819df69d22ff0c82924b1d765ca4b3bf6a70be3243d5a4deea45b0d069e6abddd514cdca35ba91f3de54e15b16afb3a267153c6908b714ce281e781db1790379
 AUX local.conf 524 SHA256 f0854a36ace98318a20772448aae5e5d465eba5d1f1517292a86a5f2b46c55d8 SHA512 b3f4f7590b532e8db7db5586dad6c54cd5ce2e040b16bbfa8a3fa74445028b3411cf087b254b71866ea12d42c7f8740cfbfe64e269a8675a729315b9415546d9 WHIRLPOOL 8a7322d2593e3f3a4cfeea2af1ed9f0a226af5e8037808b49e195fe2210d35f8a314a962215507f0bde303d601afb917a3f0fc7fd181be2d7a34f958de9bd3c2
-AUX motd-2014.3-r5 2659 SHA256 0925b3c1328dffcb05f0effce5faea0d99a0c7cd9568155ac2ce3a72f55de0d6 SHA512 deac4dd215c086ec3acccba880bfbcdaefab0cf578f0e4bee722b9b62ee2772b37c01d786d0a90aac47e6446042953d472c5684a3beb49124755594d895f201d WHIRLPOOL af6a5114864e786838b55bf81e68ea9db83a9de55c67c53d3e62ae8e3fc0a1a4acd3580f64c94665c8055c764ebd577a285494cea9da4828d2f5b46a71b723bf
+AUX motd-2014.3-r6 2659 SHA256 1190f599562d06d3b3f24f7a9ca865b18d279d428620753544c9d39928aa9f07 SHA512 5e15c3ecd4756774b1e0b283e564bb1d00338261cf7c8374112a940a091c73879df7c35f8b5fd03c8464dc58739c0d2735e007208e95c77ddedbe9f115ecc5b3 WHIRLPOOL 9d2992d9e207b5699b9b8027d938dce9a6c4cc4f6085f0ceb8bbe91999351cb8601cff5339b3a0fb249655ebc048339473f590168353ce193cd8cb18e39c1b14
 AUX pentoo.xpm.gz 59047 SHA256 4adb6d0d305b599e35bed9a835b6aa3531cce71c0b05e293adb3197cac4c09e0 SHA512 a6a2f152861e63c33afdda9997b9be25bd735f0624c946d61d0088210264743f842f103026eeb7cf63ef94b873131b072b61c55fba1922e9830318bcacd7a074 WHIRLPOOL a3b937b810f02f1fa6ebcdc58cada7a71e778f370b3355a08670a7f524d8e370ba29bdaf408d0bdd14753a129734d80a952937f3e009a69e87bed90995a2aaaf
-EBUILD pentoo-system-2014.3-r5.ebuild 5659 SHA256 8e3d0f7f37c8464d8ebb25b7f50b25e722eaab8f9eea1ca10833dfdb31e1cbdd SHA512 747086a661b943926c173a4c7a99005fbb8d56f3a8485c95a357cb8354c3defc36c9e1e8c84d2e441d2225083a45247c94d8db6ac4d2415a553533177149f9ed WHIRLPOOL b61c65ef17be911adc1408617ffd3f4e3afb7a20310929294abbf948eb34dad213145150380bd1fd8b9bfa728941dae875fb16a238f656597778163034f47dd2
+AUX toggle_hardened 1186 SHA256 898784edf3a3439820bd8f7a8e08f1d085406cfa56440d32bb1b2002c9e5ed4f SHA512 db8a375ad4e2f42b427f76536d1e2bee5770cc47c31dbaa0d2645fde660fec81ab6120ba0151eb039ab8fb25c56fce1793aaf3a9246c90a5df9973b1fc588f86 WHIRLPOOL 6d9248c3319ebea3cee7211a4fe2b70c8eaab86b62dc120c30e5da99d7b08c6503e5322c0ea83c5e5cae90f86c863976ee08871f3660f852952ab46cb8774272
+AUX toggle_hardened.desktop 195 SHA256 6f210f31e26e30509c1bfe1b3fb2c5a5ddc208298f40649a3e1b98fd8cbbaaa0 SHA512 d92bfcc736e44ed41eb12d7698a6acb7bd1a7cf8369fbcd9a0eba256bcf4eeb3b6a05f0a7a765ca10c39d7feaf115dfd8a7d8aba3dd097a9a9b450016d236add WHIRLPOOL fceeb44da7b225ef17b578474d7860398fe4c5a5e21bba200f6e7814b71c716dc55a43a062ebaf2f842993de2f2fa52e7904062eef5d2eca281151fecba310f5
+EBUILD pentoo-system-2014.3-r6.ebuild 5767 SHA256 ce16fc4f01272e6473c32e9e6aedc79e99a40adefe222ec31c695cbeb4f076ed SHA512 c1e7ab8fe6250d3394e57a0ec4a8d904f33486b29f0417f85ec69dc3920b6a04f99d9bec31e607c538a5ec1e9bea040286e0f4f208d4a2750158487cc1cf955f WHIRLPOOL 0f9e510b98c0bcbdc38e3a4e4486db24ee03a35a84e9ce1f330ecde2ff4dbc8640228829258f060624348dbec1c43980024184676be5044fb468fe1d1675ec8b
--- a/pentoo/pentoo-system/files/motd-2014.3-r6
+++ b/pentoo/pentoo-system/files/motd-2014.3-r6
@ -18,7 +18,7 @@ Welcome to Pentoo powered by Gentoo linux...
 * [1;31;37m You can type dhcpcd ethX to setup your network interface.               [1;31;30m*
 * [1;31;37m If you have a broadcom wifi card it is currently using b43-openfwwf.    [1;31;30m*
 * [1;31;37m If this is undesirable or non-functional type "./b43-commercial"        [1;31;30m*
-* [1;31;37m You can disable PaX with "echo 1 >/proc/sys/kernel/pax/softmode."       [1;31;30m*
+* [1;31;37m You can toggle PaX hardening on and off with "toggle_hardened"          [1;31;30m*
 *                                                                          *
 * [1;31;37m If you are running live usb there are many ways to save changes:        [1;31;30m*
 * [1;31;37m You can run "flushchanges" to automatically save any current changes.   [1;31;30m*
--- a/pentoo/pentoo-system/files/toggle_hardened
+++ b/pentoo/pentoo-system/files/toggle_hardened
@ -0,0 +1,36 @@
+#!/bin/sh
+
+if [ -x "$(command -v Xdialog 2>&1)" ]; then
+    if [ -z "${DISPLAY}" ]; then
+        dialog=dialog
+    else
+        dialog=Xdialog
+    fi
+else
+    dialog=dialog
+fi
+
+
+if [ "$(cat /proc/sys/kernel/pax/softmode)" = "1" ]; then
+	${dialog} --aspect 15 --yesno "PaX softmode is currently on, would you like to re-enable hardening?" 0 0 \
+		&& ANSWER="yes"
+	if [ "${ANSWER}" = "yes" ]; then
+		echo 0 > /proc/sys/kernel/pax/softmode
+		${dialog} --aspect 15 --msgbox "PaX hardening has been re-enabled." 0 0
+	else
+		${dialog} --aspect 15 --msgbox "PaX hardening remains disabled." 0 0
+	fi
+elif [ "$(cat /proc/sys/kernel/pax/softmode)" = "0" ]; then
+	${dialog} --aspect 15 --defaultno --yesno "PaX hardening is currently on, would you like disable it and enable softmode?" 0 0 \
+		&& ANSWER=yes
+	if [ "${ANSWER}" = "yes" ]; then
+		echo 1 > /proc/sys/kernel/pax/softmode
+		${dialog} --aspect 15 --msgbox "PaX hardening has been disabled." 0 0
+	else
+		${dialog} --aspect 15 --msgbox "PaX hardening remains enabled." 0 0
+
+	fi
+else
+	${dialog} --aspect 15 --msgbox "Failed to detect current PaX softmode state. Either PaX softmode is not allowed, or this isn't a hardened kernel." 0 0
+fi
+
--- a/pentoo/pentoo-system/files/toggle_hardened.desktop
+++ b/pentoo/pentoo-system/files/toggle_hardened.desktop
@ -0,0 +1,10 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=toggle_hardened
+Comment={En,Dis}able PaX softmode
+Exec=/usr/sbin/toggle_hardened
+Icon=changes-allow
+Path=/tmp
+Terminal=false
+StartupNotify=false
--- a/pentoo/pentoo-system/pentoo-system-2014.3-r6.ebuild
+++ b/pentoo/pentoo-system/pentoo-system-2014.3-r6.ebuild
@ -110,6 +110,10 @@ PDEPEND="${PDEPEND}
 src_install() {
 	#we don't currently install pentoo.xpm.gz (grubsplash), should we?

+	dosbin "${FILESDIR}"/toggle_hardened
+	exeinto /root/Desktop/
+	doexe "${FILESDIR}"/toggle_hardened.desktop
+
 	##here is where we merge in things from root_overlay which make sense
 	exeinto /root
 	newexe "${FILESDIR}"/b43-commercial-2012.1 b43-commercial