Changeset View
Changeset View
Standalone View
Standalone View
contrib/devtools/security-check.py
| Show All 9 Lines | |||||
| ''' | ''' | ||||
| import subprocess | import subprocess | ||||
| import sys | import sys | ||||
| import os | import os | ||||
| READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') | READELF_CMD = os.getenv('READELF', '/usr/bin/readelf') | ||||
| OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') | OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') | ||||
| # checks which are non-fatal for now but only generate a warning | # checks which are non-fatal for now but only generate a warning | ||||
| NONFATAL = {'HIGH_ENTROPY_VA'} | NONFATAL = {} | ||||
| def check_ELF_PIE(executable): | def check_ELF_PIE(executable): | ||||
| ''' | ''' | ||||
| Check for position independent executable (PIE), allowing for address space randomization. | Check for position independent executable (PIE), allowing for address space randomization. | ||||
| ''' | ''' | ||||
| p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, | p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, | ||||
| stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) | ||||
| ▲ Show 20 Lines • Show All 210 Lines • Show Last 20 Lines | |||||