Changeset View
Changeset View
Standalone View
Standalone View
contrib/devtools/security-check.py
Show First 20 Lines • Show All 87 Lines • ▼ Show 20 Lines | def check_ELF_RELRO(executable): | ||||
Dynamic section must have BIND_NOW flag | Dynamic section must have BIND_NOW flag | ||||
''' | ''' | ||||
have_gnu_relro = False | have_gnu_relro = False | ||||
for (typ, flags) in get_ELF_program_headers(executable): | for (typ, flags) in get_ELF_program_headers(executable): | ||||
# Note: not checking flags == 'R': here as linkers set the permission differently | # Note: not checking flags == 'R': here as linkers set the permission differently | ||||
# This does not affect security: the permission flags of the GNU_RELRO program header are ignored, the PT_LOAD header determines the effective permissions. | # This does not affect security: the permission flags of the GNU_RELRO program header are ignored, the PT_LOAD header determines the effective permissions. | ||||
# However, the dynamic linker need to write to this area so these are RW. | # However, the dynamic linker need to write to this area so these are RW. | ||||
# Glibc itself takes care of mprotecting this area R after relocations are finished. | # Glibc itself takes care of mprotecting this area R after relocations are finished. | ||||
# See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347 | # See also https://marc.info/?l=binutils&m=1498883354122353 | ||||
if typ == 'GNU_RELRO': | if typ == 'GNU_RELRO': | ||||
have_gnu_relro = True | have_gnu_relro = True | ||||
have_bindnow = False | have_bindnow = False | ||||
p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, | p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, | ||||
stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | ||||
(stdout, stderr) = p.communicate() | (stdout, stderr) = p.communicate() | ||||
if p.returncode: | if p.returncode: | ||||
▲ Show 20 Lines • Show All 132 Lines • Show Last 20 Lines |