[lintian] 04/08: c/binaries: Implement hardening-no-pie directly

To: debian-lint-maint@lists.debian.org
Subject: [lintian] 04/08: c/binaries: Implement hardening-no-pie directly
From: Niels Thykier <nthykier@moszumanska.debian.org>
Date: Sun, 18 Sep 2016 11:07:22 +0000
Message-id: <[🔎] E1blZwQ-0007Rx-0Y@moszumanska.debian.org>
Reply-to: Niels Thykier <niels@thykier.net>
In-reply-to: <[🔎] 20160918110718.28213.18043@moszumanska.debian.org>
References: <[🔎] 20160918110718.28213.18043@moszumanska.debian.org>

This is an automated email from the git hooks/post-receive script.

nthykier pushed a commit to branch master
in repository lintian.

commit df40bc7c353fb599875e269571b0f892f119ea10
Author: Niels Thykier <niels@thykier.net>
Date:   Sat Sep 17 19:50:14 2016 +0000

    c/binaries: Implement hardening-no-pie directly
    
    Signed-off-by: Niels Thykier <niels@thykier.net>
---
 checks/binaries.pm               | 7 ++++++-
 helpers/coll/objdump-info-helper | 3 +++
 lib/Lintian/Collect/Binary.pm    | 1 +
 3 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/checks/binaries.pm b/checks/binaries.pm
index e9d1d5d..a9ba42f 100644
--- a/checks/binaries.pm
+++ b/checks/binaries.pm
@@ -565,6 +565,11 @@ sub run {
                 tag 'hardening-no-bindnow', $file;
             }
 
+            if ($arch_hardening->{'hardening-no-pie'}
+                and $objdump->{'ELF-TYPE'} eq 'EXEC') {
+                tag 'hardening-no-pie', $file;
+            }
+
             # Check for missing hardening characteristics. This currently
             # handles the following checks:
             # no-relro no-fortify-functions no-stackprotector no-bindnow no-pie
@@ -573,7 +578,7 @@ sub run {
                     foreach my $t (@{$info->hardening_info->{$fname}}) {
                         my $tag = "hardening-$t";
                         # Implemented elsewhere
-                        next if $t eq 'no-relro' or $t eq 'no-bindnow';
+                        next if $t eq 'no-relro' or $t eq 'no-bindnow' or $t eq 'no-pie';
                         # Binaries built by the Go compiler do not support all
                         # hardening measures.
                         next
diff --git a/helpers/coll/objdump-info-helper b/helpers/coll/objdump-info-helper
index 4f8a24a..e66a834 100755
--- a/helpers/coll/objdump-info-helper
+++ b/helpers/coll/objdump-info-helper
@@ -103,6 +103,9 @@ while (my $line = <$readelf>) {
         # Possibly a reference to afl...
         $static_lib_issues++ if $bin =~ m{\([^/\\)]++\)$};
         next;
+    } elsif ($line =~ m/^Elf file type is (\S+)/) {
+        print "Elf-Type: $1\n";
+        next;
     } elsif ($line =~ m/^Program Headers:/) {
         $section = 'PH';
         print "Program-Headers:\n";
diff --git a/lib/Lintian/Collect/Binary.pm b/lib/Lintian/Collect/Binary.pm
index 50aba9d..a351575 100644
--- a/lib/Lintian/Collect/Binary.pm
+++ b/lib/Lintian/Collect/Binary.pm
@@ -382,6 +382,7 @@ sub objdump_info {
         if (lc($pg->{'bad-dynamic-table'}//'no') eq 'yes') {
             $info{'BAD-DYNAMIC-TABLE'} = 1;
         }
+        $info{'ELF-TYPE'} = $pg->{'elf-type'} if $pg->{'elf-type'};
         foreach my $symd (split m/\s*\n\s*/, $pg->{'dynamic-symbols'}//'') {
             next unless $symd;
             if ($symd =~ m/^\s*(\S+)\s+(?:(\S+)\s+)?(\S+)$/){

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git

Reply to:

References:
- [lintian] branch master updated (35cc8d4 -> 800702f)
  - From: Niels Thykier <nthykier@moszumanska.debian.org>

Prev by Date: [lintian] 04/04: Fix typos
Next by Date: [lintian] 02/08: c/binaries: Implemented hardening-no-relro directly
Previous by thread: [lintian] branch master updated (35cc8d4 -> 800702f)
Next by thread: [lintian] 02/08: c/binaries: Implemented hardening-no-relro directly
Index(es):
- Date
- Thread