source-git / glibc

Clone
Source Code
GIT

Blame scripts/check-execstack.awk

c8 c8s master
  1.   2d67e460aeba8be6a1b51c4e7d24236390d0f59a
  2.   scripts
  3.   check-execstack.awk
Blob History Raw
Packit 6c4009 
# This awk script expects to get command-line files that are each
Packit 6c4009 
# the output of 'readelf -l' on a single shared object.
Packit 6c4009 
# But the first file should contain just "execstack-no" or "execstack-yes",
Packit 6c4009 
# indicating what the default is in the absence of PT_GNU_STACK.
Packit 6c4009 
# It exits successfully (0) if none indicated executable stack.
Packit 6c4009 
# It fails (1) if any did indicate executable stack.
Packit 6c4009 
# It fails (2) if the input did not take the expected form.
Packit 6c4009
Packit 6c4009 
BEGIN {
Packit 6c4009 
  result = sanity = 0; default_exec = -1;
Packit 6c4009 
  split(xfail, xfails, " ");
Packit 6c4009 
  for (x in xfails)
Packit 6c4009 
    expected_fails[xfails[x] ".phdr"] = 1;
Packit 6c4009 
}
Packit 6c4009
Packit 6c4009 
/^execstack-no$/ { default_exec = 0; next }
Packit 6c4009 
/^execstack-yes$/ { default_exec = 1; next }
Packit 6c4009
Packit 6c4009 
function check_one(name) {
Packit 6c4009 
  if (default_exec == -1) {
Packit 6c4009 
    print "*** missing execstack-default file?";
Packit 6c4009 
    result = 2;
Packit 6c4009 
  }
Packit 6c4009
Packit 6c4009 
  n = split(name, parts, "/");
Packit 6c4009 
  basename = parts[n];
Packit 6c4009 
  expected_fail = basename in expected_fails;
Packit 6c4009
Packit 6c4009 
  if (!sanity) {
Packit 6c4009 
    print name ": *** input did not look like readelf -l output";
Packit 6c4009 
    result = 2;
Packit 6c4009 
  } else if (stack_line) {
Packit 6c4009 
    if (stack_line ~ /^.*RW .*$/) {
Packit 6c4009 
      print name ": OK";
Packit 6c4009 
    } else if (stack_line ~ /^.*E.*$/) {
Packit 6c4009 
      if (expected_fail) {
Packit 6c4009 
	print name ": *** executable stack signaled, expected";
Packit 6c4009 
      } else {
Packit 6c4009 
	print name ": *** executable stack signaled";
Packit 6c4009 
	result = result ? result : 1;
Packit 6c4009 
      }
Packit 6c4009 
    }
Packit 6c4009 
  } else if (default_exec) {
Packit 6c4009 
    if (expected_fail) {
Packit 6c4009 
      print name ": *** no PT_GNU_STACK entry, expected";
Packit 6c4009 
    } else {
Packit 6c4009 
      print name ": *** no PT_GNU_STACK entry";
Packit 6c4009 
      result = result ? result : 1;
Packit 6c4009 
    }
Packit 6c4009 
  } else {
Packit 6c4009 
    print name ": no PT_GNU_STACK but default is OK";
Packit 6c4009 
  }
Packit 6c4009
Packit 6c4009 
  sanity = 0;
Packit 6c4009 
}
Packit 6c4009
Packit 6c4009 
FILENAME != lastfile {
Packit 6c4009 
  if (lastfile)
Packit 6c4009 
    check_one(lastfile);
Packit 6c4009 
  lastfile = FILENAME;
Packit 6c4009 
}
Packit 6c4009
Packit 6c4009 
$1 == "Type" && $7 == "Flg" { sanity = 1; stack_line = "" }
Packit 6c4009 
$1 == "GNU_STACK" { stack_line = $0 }
Packit 6c4009
Packit 6c4009 
END {
Packit 6c4009 
  check_one(lastfile);
Packit 6c4009 
  exit(result);
Packit 6c4009 
}

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation