Bug#321750: lintian - check for executable stack

To: submit@bugs.debian.org
Subject: Bug#321750: lintian - check for executable stack
From: Bastian Blank <waldi@debian.org>
Date: Sun, 7 Aug 2005 13:00:12 +0200
Message-id: <[🔎] 20050807110012.GA14599@wavehammer.waldi.eu.org>
Reply-to: Bastian Blank <waldi@debian.org>, 321750@bugs.debian.org

Package: lintian
Severity: wishlist
Version: 1.23.11

The attached patch adds checks for executable stack.

Bastian

-- 
Lots of people drink from the wrong bottle sometimes.
		-- Edith Keeler, "The City on the Edge of Forever",
		   stardate unknown

diff -urN lintian-1.23.11/checks/shared-libs lintian-1.23.11.execstack/checks/shared-libs
--- lintian-1.23.11/checks/shared-libs	2005-07-09 09:09:40.000000000 +0200
+++ lintian-1.23.11.execstack/checks/shared-libs	2005-08-07 12:53:52.000000000 +0200
@@ -46,6 +46,7 @@
 my $shlibs_control_file = "control/shlibs";
 my %SONAME;
 my %INTERP;
+my %STACK;
 my %objsomething;
 my %sharedobject;
 my %index_info;
@@ -75,8 +76,16 @@
 	tag "shlib-with-non-pic-code", "$file";
     } elsif (m/^\s*INTERP\s/) {
 	$INTERP{$file} = 1;
+    } elsif (m/^\s*STACK\s/) {
+	$STACK{$file} = 0;
     } else {
-        $objsomething{$file} = 1;
+        if (defined $STACK{$file} and $STACK{$file} eq 0) {
+	    m/\sflags\s+(\S+)/o;
+	    $STACK{$file} = $1;
+	}
+	else {
+	    $objsomething{$file} = 1;
+	}
     }
 }
 close(IN);
@@ -150,6 +159,15 @@
 	    # yes! so postinst must call ldconfig
 	    $must_call_ldconfig = $real_file;
 	}
+
+	# executable stack
+	if (exists $objsomething{$cur_file}) {
+	    if (not defined $STACK{$cur_file}) {
+		tag "shlib-without-PT_GNU_STACK-section", $cur_file;
+	    } elsif ($STACK{$cur_file} ne "rw-") {
+		tag "shlib-with-executable-stack", $cur_file;
+	    }
+	}
     } elsif (exists $objsomething{$cur_file} &&
 	     exists $ldso_dir{dirname($cur_file)} &&
 	     exists $sharedobject{$cur_file}) {
diff -urN lintian-1.23.11/checks/shared-libs.desc lintian-1.23.11.execstack/checks/shared-libs.desc
--- lintian-1.23.11/checks/shared-libs.desc	2005-01-14 22:11:13.000000000 +0100
+++ lintian-1.23.11.execstack/checks/shared-libs.desc	2005-08-07 12:25:25.000000000 +0200
@@ -167,3 +167,13 @@
  SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
  where 0 is the major version of the library. If your package uses libtool,
  then libtool invoked with the right options should be doing this.
+
+Tag: shlib-without-PT_GNU_STACK-section
+Type: error
+Info: The listed shared libraries lacks a PT_GNU_STACK section. This makes
+ the dynamic linker to make the stack executable.
+
+Tag: shlib-with-executable-stack
+Type: warning
+Info: The listed shared libraries declares the stack as executable.
+
diff -urN lintian-1.23.11/debian/changelog lintian-1.23.11.execstack/debian/changelog
--- lintian-1.23.11/debian/changelog	2005-08-03 15:05:57.000000000 +0200
+++ lintian-1.23.11.execstack/debian/changelog	2005-08-07 12:26:24.000000000 +0200
@@ -1,3 +1,10 @@
+lintian (1.23.11.0local.1) local; urgency=low
+
+  * check/shared-libs*:
+    - Add checks for executable stack.
+
+ -- Bastian Blank <waldi@debian.org>  Sun, 07 Aug 2005 12:26:01 +0200
+
 lintian (1.23.11) unstable; urgency=low
 
   * frontend/lintian:

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#321750: lintian - check for executable stack
  - From: Frank Lichtenheld <djpig@debian.org>

Prev by Date: Bug#321650: lintian: should not warn against 8bit chars on translated man pages
Next by Date: Bug#321750: lintian - check for executable stack
Previous by thread: Bug#321650: lintian: should not warn against 8bit chars on translated man pages
Next by thread: Bug#321750: lintian - check for executable stack
Index(es):
- Date
- Thread