diff options
author | Roland McGrath <roland@hack.frob.com> | 2012-04-30 15:41:15 -0700 |
---|---|---|
committer | Roland McGrath <roland@hack.frob.com> | 2012-05-01 13:27:52 -0700 |
commit | 82397ed6eab79f3f17f66efae5ccfa19fa0e03d0 (patch) | |
tree | cac18c3bcd914ae38850bdbee3266b9281aa41b1 /scripts/check-execstack.awk | |
parent | 82a79e7d1843f9d90075a0bf2f04557040829bb0 (diff) | |
download | glibc-82397ed6eab79f3f17f66efae5ccfa19fa0e03d0.zip glibc-82397ed6eab79f3f17f66efae5ccfa19fa0e03d0.tar.gz glibc-82397ed6eab79f3f17f66efae5ccfa19fa0e03d0.tar.bz2 |
Do check-execstack test using readelf rather than a build-time C program.
Diffstat (limited to 'scripts/check-execstack.awk')
-rw-r--r-- | scripts/check-execstack.awk | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/scripts/check-execstack.awk b/scripts/check-execstack.awk new file mode 100644 index 0000000..21d37e9 --- /dev/null +++ b/scripts/check-execstack.awk @@ -0,0 +1,52 @@ +# This awk script expects to get command-line files that are each +# the output of 'readelf -l' on a single shared object. +# But the first file should contain just "execstack-no" or "execstack-yes", +# indicating what the default is in the absence of PT_GNU_STACK. +# It exits successfully (0) if none indicated executable stack. +# It fails (1) if any did indicate executable stack. +# It fails (2) if the input did not take the expected form. + +BEGIN { result = sanity = 0; default_exec = -1 } + +/^execstack-no$/ { default_exec = 0; next } +/^execstack-yes$/ { default_exec = 1; next } + +function check_one(name) { + if (default_exec == -1) { + print "*** missing execstack-default file?"; + result = 2; + } + + if (!sanity) { + print name ": *** input did not look like readelf -l output"; + result = 2; + } else if (stack_line) { + if (stack_line ~ /^.*RW .*$/) { + print name ": OK"; + } else if (stack_line ~ /^.*E.*$/) { + print name ": *** executable stack signaled"; + result = result ? result : 1; + } + } else if (default_exec) { + print name ": *** no PT_GNU_STACK entry"; + result = result ? result : 1; + } else { + print name ": no PT_GNU_STACK but default is OK"; + } + + sanity = 0; +} + +FILENAME != lastfile { + if (lastfile) + check_one(lastfile); + lastfile = FILENAME; +} + +$1 == "Type" && $7 == "Flg" { sanity = 1; stack_line = "" } +$1 == "GNU_STACK" { stack_line = $0 } + +END { + check_one(lastfile); + exit(result); +} |