mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
73 lines
1.6 KiB
Bash
73 lines
1.6 KiB
Bash
#!/bin/sh
|
|
#
|
|
# find-execstack utility
|
|
# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
|
|
# sgrubb@redhat.com
|
|
#
|
|
# This software may be freely redistributed under the terms of the GNU
|
|
# public license.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
#
|
|
# This program looks for executable stacks
|
|
#
|
|
|
|
libdirs="/lib /lib64 /usr/lib /usr/lib64"
|
|
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
|
|
FOUND=0
|
|
|
|
# First param is which list to use, second is search pattern
|
|
scan () {
|
|
if [ "$1" = "1" ] ; then
|
|
dirs=$libdirs
|
|
elif [ "$1" = "2" ] ; then
|
|
dirs=$progdirs
|
|
fi
|
|
|
|
for d in $dirs ; do
|
|
if [ ! -d $d ] ; then
|
|
continue
|
|
fi
|
|
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
|
|
for f in $files
|
|
do
|
|
FOUND_ONE=0
|
|
stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
|
|
if [ x"$stacks" != "x" ] ; then
|
|
perms=`echo $stacks | /bin/awk '{ print $7 }'`
|
|
if [ x"$perms" != x -a "$perms" != "RW" ] ; then
|
|
FOUND_ONE=1
|
|
fi
|
|
fi
|
|
old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
|
|
if [ x"$old_stacks" != "x" ] ; then
|
|
FOUND_ONE=1
|
|
fi
|
|
heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
|
|
if [ x"$heaps" != "x" ] ; then
|
|
FOUND_ONE=1
|
|
fi
|
|
if [ $FOUND_ONE = 1 ] ; then
|
|
printf "%-42s" $f
|
|
rpm -qf --queryformat "%{SOURCERPM}" $f
|
|
echo
|
|
FOUND=1
|
|
fi
|
|
done
|
|
done
|
|
}
|
|
|
|
scan 1 '*.so'
|
|
scan 2 '*'
|
|
|
|
if [ $FOUND -eq 0 ] ; then
|
|
# Nothing to report, just exit
|
|
echo "No problems found" 1>&2
|
|
exit 0
|
|
fi
|
|
exit 1
|
|
|
|
|