AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-24 14:00:30 +00:00
Code Issues Packages Projects Releases Wiki Activity

Do check-execstack test using readelf rather than a build-time C program.

Browse Source
This commit is contained in:
Roland McGrath 2012-04-30 15:41:15 -07:00
parent 82a79e7d18
commit 82397ed6ea
4 changed files with 88 additions and 177 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ChangeLog
View File

@ -1,5 +1,15 @@
2012-05-01 Roland McGrath <roland@hack.frob.com>
* scripts/check-execstack.awk: New file.
* elf/Makefile ($(objpfx)check-execstack): Target removed.
(check-execstack-CFLAGS): Variable removed.
($(objpfx)check-execstack.h): Target removed.
($(objpfx)execstack-default): New target.
(generated): Add that instead of check-execstack.h.
($(all-built-dso:=.phdr)): New static pattern rule.
(generated): Add those targets.
* elf/check-execstack.c: File removed.
* scripts/check-textrel.awk: New file.
* elf/Makefile ($(objpfx)check-textrel): Target removed.
(check-textrel-CFLAGS): Variable removed.

41
elf/Makefile
View File

@ -872,18 +872,6 @@ CFLAGS-tst-pie1.c += $(pie-ccflag)
$(objpfx)tst-pie1: $(objpfx)tst-piemod1.so
check-execstack-CFLAGS = -O -Wall -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -std=gnu99 \
$(objpfx:%/=-I%)
$(objpfx)check-execstack: check-execstack.c $(objpfx)check-execstack.h
$(native-compile)
$(objpfx)check-execstack.h: $(first-word $(wildcard $(sysdirs:%=%/stackinfo.h)))
$(make-target-directory)
{ echo '#include <stackinfo.h>'; echo '@@@DEFAULT_STACK_PERMS@@@'; } | \
$(CC) $(CFLAGS) $(CPPFLAGS) -E -x c-header - | \
sed -n -e 's/^@@@\(.*\)@@@/#define DEFAULT_STACK_PERMS \1/p' > $@T
mv -f $@T $@
generated += check-execstack.h
check-localplt-CFLAGS = -O -Wall -D_GNU_SOURCE -std=gnu99
$(objpfx)check-localplt: check-localplt.c
$(native-compile)
@ -909,9 +897,32 @@ $(objpfx)check-textrel.out: $(..)scripts/check-textrel.awk \
LC_ALL=C $(AWK) -f $^ > $@
generated += check-textrel.out
$(objpfx)check-execstack.out: $(objpfx)check-execstack $(all-built-dso)
$(dir $<)$(notdir $<) $(filter-out $<, $^) > $@
generated += check-execstack check-execstack.out
$(objpfx)execstack-default: $(first-word $(wildcard $(sysdirs:%=%/stackinfo.h)))
$(make-target-directory)
{ echo '#include <elf.h>'; \
echo '#include <stackinfo.h>'; \
echo '#if (DEFAULT_STACK_PERMS & PF_X) == 0'; \
echo '@@@execstack-no@@@'; \
echo '#else'; \
echo '@@@execstack-yes@@@'; \
echo '#endif'; } | \
$(CC) $(CFLAGS) $(CPPFLAGS) -E -x c-header - | \
sed -n -e 's/^@@@\(.*\)@@@/\1/p' > $@T
mv -f $@T $@
generated += execstack-default
$(all-built-dso:=.phdr): %.phdr: %
@rm -f $@T
LC_ALL=C $(READELF) -W -l $< > $@T
test -s $@T
mv -f $@T $@
generated += $(all-built-dso:=.phdr)
$(objpfx)check-execstack.out: $(..)scripts/check-execstack.awk \
$(objpfx)execstack-default \
$(all-built-dso:=.phdr)
LC_ALL=C $(AWK) -f $^ > $@
generated += check-execstack.out
$(objpfx)tst-dlmodcount: $(libdl)
$(objpfx)tst-dlmodcount.out: $(test-modules)

162
elf/check-execstack.c
View File

@ -1,162 +0,0 @@
/* Check for executable stacks in DSOs.
Copyright (C) 2009, 2010 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contribute by Ulrich Drepper <drepper@redhat.com>. 2009.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<http://www.gnu.org/licenses/>. */
#include <byteswap.h>
#include <elf.h>
#include <endian.h>
#include <fcntl.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include "check-execstack.h"
#ifdef BITS
# define AB(name) _AB (name, BITS)
# define _AB(name, bits) __AB (name, bits)
# define __AB(name, bits) name##bits
# define E(name) _E (name, BITS)
# define _E(name, bits) __E (name, bits)
# define __E(name, bits) Elf##bits##_##name
# define SWAP(val) \
({ __typeof (val) __res; \
if (((ehdr.e_ident[EI_DATA] == ELFDATA2MSB \
&& BYTE_ORDER == LITTLE_ENDIAN) \
|| (ehdr.e_ident[EI_DATA] == ELFDATA2LSB \
&& BYTE_ORDER == BIG_ENDIAN)) \
&& sizeof (val) != 1) \
{ \
if (sizeof (val) == 2) \
__res = bswap_16 (val); \
else if (sizeof (val) == 4) \
__res = bswap_32 (val); \
else \
__res = bswap_64 (val); \
} \
else \
__res = (val); \
__res; })
static int
AB(handle_file) (const char *fname, int fd)
{
E(Ehdr) ehdr;
if (pread (fd, &ehdr, sizeof (ehdr), 0) != sizeof (ehdr))
{
read_error:
printf ("%s: read error: %m\n", fname);
return 1;
}
const size_t phnum = SWAP (ehdr.e_phnum);
const size_t phentsize = SWAP (ehdr.e_phentsize);
/* Read the program header. */
E(Phdr) *phdr = alloca (phentsize * phnum);
if (pread (fd, phdr, phentsize * phnum, SWAP (ehdr.e_phoff))
!= phentsize * phnum)
goto read_error;
/* Search for the PT_GNU_STACK entry. */
for (size_t cnt = 0; cnt < phnum; ++cnt)
if (SWAP (phdr[cnt].p_type) == PT_GNU_STACK)
{
unsigned int flags = SWAP(phdr[cnt].p_flags);
if (flags & PF_X)
{
printf ("%s: executable stack signaled\n", fname);
return 1;
}
return 0;
}
if (DEFAULT_STACK_PERMS & PF_X)
{
printf ("%s: no PT_GNU_STACK entry\n", fname);
return 1;
}
return 0;
}
# undef BITS
#else
# define BITS 32
# include "check-execstack.c"
# define BITS 64
# include "check-execstack.c"
static int
handle_file (const char *fname)
{
int fd = open (fname, O_RDONLY);
if (fd == -1)
{
printf ("cannot open %s: %m\n", fname);
return 1;
}
/* Read was is supposed to be the ELF header. Read the initial
bytes to determine whether this is a 32 or 64 bit file. */
char ident[EI_NIDENT];
if (read (fd, ident, EI_NIDENT) != EI_NIDENT)
{
printf ("%s: read error: %m\n", fname);
close (fd);
return 1;
}
if (memcmp (&ident[EI_MAG0], ELFMAG, SELFMAG) != 0)
{
printf ("%s: not an ELF file\n", fname);
close (fd);
return 1;
}
int result;
if (ident[EI_CLASS] == ELFCLASS64)
result = handle_file64 (fname, fd);
else
result = handle_file32 (fname, fd);
close (fd);
return result;
}
int
main (int argc, char *argv[])
{
int cnt;
int result = 0;
for (cnt = 1; cnt < argc; ++cnt)
result |= handle_file (argv[cnt]);
return result;
}
#endif

52
scripts/check-execstack.awk Normal file
View File

@ -0,0 +1,52 @@
# This awk script expects to get command-line files that are each
# the output of 'readelf -l' on a single shared object.
# But the first file should contain just "execstack-no" or "execstack-yes",
# indicating what the default is in the absence of PT_GNU_STACK.
# It exits successfully (0) if none indicated executable stack.
# It fails (1) if any did indicate executable stack.
# It fails (2) if the input did not take the expected form.
BEGIN { result = sanity = 0; default_exec = -1 }
/^execstack-no$/ { default_exec = 0; next }
/^execstack-yes$/ { default_exec = 1; next }
function check_one(name) {
if (default_exec == -1) {
print "*** missing execstack-default file?";
result = 2;
}
if (!sanity) {
print name ": *** input did not look like readelf -l output";
result = 2;
} else if (stack_line) {
if (stack_line ~ /^.*RW .*$/) {
print name ": OK";
} else if (stack_line ~ /^.*E.*$/) {
print name ": *** executable stack signaled";
result = result ? result : 1;
}
} else if (default_exec) {
print name ": *** no PT_GNU_STACK entry";
result = result ? result : 1;
} else {
print name ": no PT_GNU_STACK but default is OK";
}
sanity = 0;
}
FILENAME != lastfile {
if (lastfile)
check_one(lastfile);
lastfile = FILENAME;
}
$1 == "Type" && $7 == "Flg" { sanity = 1; stack_line = "" }
$1 == "GNU_STACK" { stack_line = $0 }
END {
check_one(lastfile);
exit(result);
}