freebsd-dev/scripts/paxcheck.sh

#!/bin/sh

if ! type scanelf > /dev/null 2>&1; then
    echo "scanelf (from pax-utils) is required for these checks." >&2
    exit 3
fi

RET=0

# check for exec stacks
OUT="$(scanelf -qyRAF '%e %p' $1)"

if [ x"${OUT}" != x ]; then
    RET=2
    echo "The following files contain writable and executable sections"
    echo " Files with such sections will not work properly (or at all!) on some"
    echo " architectures/operating systems."
    echo " For more information, see:"
    echo "   https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart"
    echo
    echo "${OUT}"
    echo
fi


# check for TEXTRELS
OUT="$(scanelf -qyRAF '%T %p' $1)"

if [ x"${OUT}" != x ]; then
    RET=2
    echo "The following files contain runtime text relocations"
    echo " Text relocations force the dynamic linker to perform extra"
    echo " work at startup, waste system resources, and may pose a security"
    echo " risk.  On some architectures, the code may not even function"
    echo " properly, if at all."
    echo " For more information, see:"
    echo "   https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels"
    echo
    echo "${OUT}"
    echo
fi

exit $RET
Add paxcheck make lint target This uses scanelf (from pax-utils) to check for any issues with the binaries. It currently checks for executable stacks and textrels. The checks are in a script so can be extended easily in the future for more checks. Executable stacks and textrels are frequently caused by issues in asm files and lead to security and perf problems. Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Signed-off-by: Jason Zaman <jason@perfinion.com> Closes #5338 2016-10-28 23:10:00 +00:00			`#!/bin/sh`

			`if ! type scanelf > /dev/null 2>&1; then`
			`echo "scanelf (from pax-utils) is required for these checks." >&2`
			`exit 3`
			`fi`

			`RET=0`

			`# check for exec stacks`
			`OUT="$(scanelf -qyRAF '%e %p' $1)"`

			`if [ x"${OUT}" != x ]; then`
			`RET=2`
			`echo "The following files contain writable and executable sections"`
			`echo " Files with such sections will not work properly (or at all!) on some"`
			`echo " architectures/operating systems."`
			`echo " For more information, see:"`
			`echo " https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart"`
			`echo`
			`echo "${OUT}"`
			`echo`
			`fi`


			`# check for TEXTRELS`
			`OUT="$(scanelf -qyRAF '%T %p' $1)"`

			`if [ x"${OUT}" != x ]; then`
			`RET=2`
			`echo "The following files contain runtime text relocations"`
			`echo " Text relocations force the dynamic linker to perform extra"`
			`echo " work at startup, waste system resources, and may pose a security"`
			`echo " risk. On some architectures, the code may not even function"`
			`echo " properly, if at all."`
			`echo " For more information, see:"`
			`echo " https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels"`
			`echo`
			`echo "${OUT}"`
			`echo`
			`fi`

			`exit $RET`