#include <pakfire/constants.h>
#include <pakfire/digest.h>
+#include <pakfire/fhs.h>
#include <pakfire/file.h>
#include <pakfire/logging.h>
#include <pakfire/pakfire.h>
// Hardning Status
if (flags & PAKFIRE_FILE_DUMP_HARDENING) {
+ if (file->hardening_issues & PAKFIRE_FILE_FHS_ERROR) {
+ r = asprintf(&buffer, "%s [FHS-ERROR]", buffer);
+ if (r < 0)
+ goto ERROR;
+ }
+
if (pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) {
// Stack-smashing Protection
if (file->hardening_issues & PAKFIRE_FILE_NO_SSP) {
int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) {
int r;
- // Do not perform this check on firmware
- if (pakfire_file_matches_class(file, PAKFIRE_FILE_FIRMWARE))
- return 0;
-
// Return previous result if this has been run before
if (!file->hardening_check_done) {
- switch (pakfire_file_get_elf_type(file)) {
- // Do not check Relocatable Objects
- case ET_REL:
- goto DONE;
+ // Perform FHS check
+ r = pakfire_fhs_check_file(file->pakfire, file);
+ if (r)
+ file->hardening_issues |= PAKFIRE_FILE_FHS_ERROR;
- // Check everything else
- default:
- break;
- }
+ // Do not perform the following checks on firmware
+ if (pakfire_file_matches_class(file, PAKFIRE_FILE_FIRMWARE))
+ goto DONE;
- // Check for SSP
- r = pakfire_file_hardening_check_ssp(file);
- if (r)
- return r;
+ // Run these checks only for ELF files
+ if (pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) {
+ switch (pakfire_file_get_elf_type(file)) {
+ // Do not check Relocatable Objects
+ case ET_REL:
+ goto DONE;
+
+ // Check everything else
+ default:
+ break;
+ }
- // Check for PIE
- r = pakfire_file_hardening_check_pie(file);
- if (r)
- return r;
+ // Check for SSP
+ r = pakfire_file_hardening_check_ssp(file);
+ if (r)
+ return r;
- // Check for executable stacks
- r = pakfire_file_hardening_check_execstack(file);
- if (r)
- return r;
+ // Check for PIE
+ r = pakfire_file_hardening_check_pie(file);
+ if (r)
+ return r;
- // Check for RELRO
- r = pakfire_file_hardening_check_relro(file);
- if (r)
- return r;
+ // Check for executable stacks
+ r = pakfire_file_hardening_check_execstack(file);
+ if (r)
+ return r;
+
+ // Check for RELRO
+ r = pakfire_file_hardening_check_relro(file);
+ if (r)
+ return r;
+ }
DONE:
// All checks done