diff --git a/bin/n b/bin/n index d0dbff3..ad024dd 100755 --- a/bin/n +++ b/bin/n @@ -401,6 +401,31 @@ tarball_url() { } +# +# Disable PaX mprotect for +# + +disable_pax_mprotect() { + test -z $1 && abort "binary required" + local binary=$1 + + # try to disable mprotect via XATTR_PAX header + local PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl-ng 2>&1) + local PAXCTL_ERROR=1 + if [ -x "$PAXCTL" ]; then + $PAXCTL -l && $PAXCTL -m "$binary" >/dev/null 2>&1 + PAXCTL_ERROR="$?" + fi + + # try to disable mprotect via PT_PAX header + if [ $PAXCTL_ERROR != 0 ]; then + PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl 2>&1) + if [ -x "$PAXCTL" ]; then + $PAXCTL -Cm "$binary" >/dev/null 2>&1 + fi + fi +} + # # Activate # @@ -417,6 +442,7 @@ activate() { cp -fR "$dir/$subdir" $N_PREFIX fi done + disable_pax_mprotect "$N_PREFIX/bin/node" fi } @@ -490,20 +516,7 @@ install() { [ $QUIET == false ] && erase_line rm -f $dir/n.lock - # try to disable mprotect via XATTR_PAX header - local PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl-ng 2>&1) - local PAXCTL_ERROR=1 - if [ -x "$PAXCTL" ]; then - $PAXCTL -l && $PAXCTL -m bin/node >/dev/null 2>&1 - PAXCTL_ERROR="$?" - fi - # try to disable mprotect via PT_PAX header - if [ $PAXCTL_ERROR != 0 ]; then - PAXCTL=$(PATH="/sbin:/usr/sbin:$PATH" which paxctl 2>&1) - if [ -x "$PAXCTL" ]; then - $PAXCTL -Cm bin/node >/dev/null 2>&1 - fi - fi + disable_pax_mprotect bin/node if $ACTIVATE ; then activate ${BINS[$DEFAULT]}/$version