aboutsummaryrefslogtreecommitdiff
path: root/elf
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2020-03-02 14:24:27 +0100
committerFlorian Weimer <fweimer@redhat.com>2020-03-02 14:25:20 +0100
commit0499a353a6e196f468e7ec554cb13c82011f0e36 (patch)
tree581108932370bf01836d379db99bafc4330e3cf7 /elf
parentb5b7fb76e15c0db545aa11a3ce88f836e5d01a19 (diff)
downloadglibc-0499a353a6e196f468e7ec554cb13c82011f0e36.zip
glibc-0499a353a6e196f468e7ec554cb13c82011f0e36.tar.gz
glibc-0499a353a6e196f468e7ec554cb13c82011f0e36.tar.bz2
elf: Add elf/check-wx-segment, a test for the presence of WX segments
Writable, executable segments defeat security hardening. The existing check for DT_TEXTREL does not catch this. hppa and SPARC currently keep the PLT in an RWX load segment.
Diffstat (limited to 'elf')
-rw-r--r--elf/Makefile7
1 files changed, 7 insertions, 0 deletions
diff --git a/elf/Makefile b/elf/Makefile
index a137143..da689a2 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -402,6 +402,7 @@ tests-special += $(objpfx)tst-pathopt.out $(objpfx)tst-rtld-load-self.out \
$(objpfx)tst-rtld-preload.out
endif
tests-special += $(objpfx)check-textrel.out $(objpfx)check-execstack.out \
+ $(objpfx)check-wx-segment.out \
$(objpfx)check-localplt.out $(objpfx)check-initfini.out
endif
@@ -1180,6 +1181,12 @@ $(objpfx)check-execstack.out: $(..)scripts/check-execstack.awk \
$(evaluate-test)
generated += check-execstack.out
+$(objpfx)check-wx-segment.out: $(..)scripts/check-wx-segment.py \
+ $(all-built-dso:=.phdr)
+ $(PYTHON) $^ --xfail="$(check-wx-segment-xfail)" > $@; \
+ $(evaluate-test)
+generated += check-wx-segment.out
+
$(objpfx)tst-dlmodcount: $(libdl)
$(objpfx)tst-dlmodcount.out: $(test-modules)