INFO(build->pakfire, "%s\n", description);
// Show all files which will be removed
- pakfire_filelist_dump(removees, PAKFIRE_FILE_DUMP_FULL|PAKFIRE_FILE_DUMP_HARDENING);
+ pakfire_filelist_dump(removees, PAKFIRE_FILE_DUMP_FULL|PAKFIRE_FILE_DUMP_ISSUES);
// Remove all files on the removee list
if (flags & PAKFIRE_BUILD_CLEANUP_FILES) {
}
/*
- Hardening
+ File Issues
*/
-static int __pakfire_build_post_check_hardening(
+static int __pakfire_build_post_check_files(
struct pakfire* pakfire, struct pakfire_file* file, void* data) {
struct pakfire_filelist* broken = (struct pakfire_filelist*)data;
int issues = 0;
int r;
- // Check hardening
- r = pakfire_file_check_hardening(file, &issues);
+ // Check file for issues
+ r = pakfire_file_check(file, &issues);
if (r) {
- ERROR(pakfire, "%s: Hardening Check failed: %m\n",
- pakfire_file_get_path(file));
+ ERROR(pakfire, "%s: File Check failed: %m\n", pakfire_file_get_path(file));
return r;
}
return 0;
}
-static int pakfire_build_post_check_hardening(
+static int pakfire_build_post_check_files(
struct pakfire_build* build, struct pakfire_filelist* filelist) {
return pakfire_build_post_process_files(
build,
filelist,
- "Hardening Issues:",
- __pakfire_build_post_check_hardening,
+ "File Issues:",
+ __pakfire_build_post_check_files,
PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY);
}
if (r)
goto ERROR;
- // Check hardening
- r = pakfire_build_post_check_hardening(build, filelist);
+ // Check files
+ r = pakfire_build_post_check_files(build, filelist);
if (r)
goto ERROR;
// Verification Status
int verify_status;
- // Hardening Issues
- int hardening_issues;
- int hardening_check_done:1;
+ // File Issues
+ int issues;
+ int check_done:1;
#warning TODO capabilities, data
// capabilities
}
}
- // Hardning Status
- if (flags & PAKFIRE_FILE_DUMP_HARDENING) {
- if (file->hardening_issues & PAKFIRE_FILE_FHS_ERROR) {
+ // Dump Issues
+ if (flags & PAKFIRE_FILE_DUMP_ISSUES) {
+ if (file->issues & PAKFIRE_FILE_FHS_ERROR) {
r = asprintf(&buffer, "%s [FHS-ERROR]", buffer);
if (r < 0)
goto ERROR;
if (pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) {
// Stack-smashing Protection
- if (file->hardening_issues & PAKFIRE_FILE_NO_SSP) {
+ if (file->issues & PAKFIRE_FILE_NO_SSP) {
r = asprintf(&buffer, "%s [NO-SSP]", buffer);
if (r < 0)
goto ERROR;
}
// Position-independent Executable
- if (file->hardening_issues & PAKFIRE_FILE_NO_PIE) {
+ if (file->issues & PAKFIRE_FILE_NO_PIE) {
r = asprintf(&buffer, "%s [NO-PIE]", buffer);
if (r < 0)
goto ERROR;
}
// Executable Stack
- if (file->hardening_issues & PAKFIRE_FILE_EXECSTACK) {
+ if (file->issues & PAKFIRE_FILE_EXECSTACK) {
r = asprintf(&buffer, "%s [EXECSTACK]", buffer);
if (r < 0)
goto ERROR;
}
// Not Partially RELRO
- if (file->hardening_issues & PAKFIRE_FILE_NO_PARTIALLY_RELRO) {
+ if (file->issues & PAKFIRE_FILE_NO_PARTIALLY_RELRO) {
r = asprintf(&buffer, "%s [NO-PART-RELRO]", buffer);
if (r < 0)
goto ERROR;
return pakfire_file_open_elf(file, __pakfire_file_is_stripped, NULL);
}
-static int __pakfire_file_hardening_check_ssp(
+static int __pakfire_file_check_ssp(
struct pakfire_file* file, Elf* elf, void* data) {
Elf_Scn* section = NULL;
GElf_Shdr section_header;
}
// The file does not seem to have SSP enabled
- file->hardening_issues |= PAKFIRE_FILE_NO_SSP;
+ file->issues |= PAKFIRE_FILE_NO_SSP;
return 0;
}
-static int pakfire_file_hardening_check_ssp(struct pakfire_file* file) {
+static int pakfire_file_check_ssp(struct pakfire_file* file) {
// Do not perform this check for runtime linkers
if (pakfire_file_matches_class(file, PAKFIRE_FILE_RUNTIME_LINKER))
return 0;
- return pakfire_file_open_elf(file, __pakfire_file_hardening_check_ssp, NULL);
+ return pakfire_file_open_elf(file, __pakfire_file_check_ssp, NULL);
}
-static int pakfire_file_hardening_check_pie(struct pakfire_file* file) {
+static int pakfire_file_check_pie(struct pakfire_file* file) {
switch (pakfire_file_get_elf_type(file)) {
// Shared Object files are good
case ET_DYN:
// Everything else is bad
default:
- file->hardening_issues |= PAKFIRE_FILE_NO_PIE;
+ file->issues |= PAKFIRE_FILE_NO_PIE;
break;
}
return 0;
}
-static int __pakfire_file_hardening_check_execstack(
+static int __pakfire_file_check_execstack(
struct pakfire_file* file, Elf* elf, void* data) {
GElf_Phdr phdr;
int r;
// The stack cannot be writable and executable
if ((phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
- file->hardening_issues |= PAKFIRE_FILE_EXECSTACK;
+ file->issues |= PAKFIRE_FILE_EXECSTACK;
// Done
return 0;
return 0;
}
-static int pakfire_file_hardening_check_execstack(struct pakfire_file* file) {
- return pakfire_file_open_elf(file, __pakfire_file_hardening_check_execstack, NULL);
+static int pakfire_file_check_execstack(struct pakfire_file* file) {
+ return pakfire_file_open_elf(file, __pakfire_file_check_execstack, NULL);
}
-static int __pakfire_file_hardening_check_partially_relro(
+static int __pakfire_file_check_partially_relro(
struct pakfire_file* file, Elf* elf, void* data) {
GElf_Phdr phdr;
int r;
}
// This file does not seem to have PT_GNU_RELRO set
- file->hardening_issues |= PAKFIRE_FILE_NO_PARTIALLY_RELRO;
+ file->issues |= PAKFIRE_FILE_NO_PARTIALLY_RELRO;
return 0;
}
-static int pakfire_file_hardening_check_relro(struct pakfire_file* file) {
- return pakfire_file_open_elf(file, __pakfire_file_hardening_check_partially_relro, NULL);
+static int pakfire_file_check_relro(struct pakfire_file* file) {
+ return pakfire_file_open_elf(file, __pakfire_file_check_partially_relro, NULL);
}
-int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) {
+int pakfire_file_check(struct pakfire_file* file, int* issues) {
int r;
// Return previous result if this has been run before
- if (!file->hardening_check_done) {
+ if (!file->check_done) {
// Perform FHS check
r = pakfire_fhs_check_file(file->pakfire, file);
if (r)
- file->hardening_issues |= PAKFIRE_FILE_FHS_ERROR;
+ file->issues |= PAKFIRE_FILE_FHS_ERROR;
// Do not perform the following checks on firmware
if (pakfire_file_matches_class(file, PAKFIRE_FILE_FIRMWARE))
}
// Check for SSP
- r = pakfire_file_hardening_check_ssp(file);
+ r = pakfire_file_check_ssp(file);
if (r)
return r;
// Check for PIE
- r = pakfire_file_hardening_check_pie(file);
+ r = pakfire_file_check_pie(file);
if (r)
return r;
// Check for executable stacks
- r = pakfire_file_hardening_check_execstack(file);
+ r = pakfire_file_check_execstack(file);
if (r)
return r;
// Check for RELRO
- r = pakfire_file_hardening_check_relro(file);
+ r = pakfire_file_check_relro(file);
if (r)
return r;
}
DONE:
// All checks done
- file->hardening_check_done = 1;
+ file->check_done = 1;
}
// Return any issues
if (issues)
- *issues = file->hardening_issues;
+ *issues = file->issues;
return 0;
}
projects / pakfire.git / commitdiff
