Changeset View
Changeset View
Standalone View
Standalone View
contrib/devtools/security-check.py
Show All 9 Lines | |||||
''' | ''' | ||||
import subprocess | import subprocess | ||||
import sys | import sys | ||||
import os | import os | ||||
READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') | READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') | ||||
OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') | OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') | ||||
# checks which are non-fatal for now but only generate a warning | # checks which are non-fatal for now but only generate a warning | ||||
NONFATAL = {'HIGH_ENTROPY_VA'} | NONFATAL = {} | ||||
def check_ELF_PIE(executable): | def check_ELF_PIE(executable): | ||||
''' | ''' | ||||
Check for position independent executable (PIE), allowing for address space randomization. | Check for position independent executable (PIE), allowing for address space randomization. | ||||
''' | ''' | ||||
p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, | p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, | ||||
stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | ||||
▲ Show 20 Lines • Show All 210 Lines • Show Last 20 Lines |