]> git.ipfire.org Git - pakfire.git/commitdiff
projects / pakfire.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 45d9ba4)
ELF: Move execstack check
authorMichael Tremer <michael.tremer@ipfire.org>
Wed, 1 Jan 2025 17:42:44 +0000 (17:42 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Wed, 1 Jan 2025 17:42:44 +0000 (17:42 +0000)
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/libpakfire/elf.c patch | blob | blame | history
src/libpakfire/include/pakfire/elf.h patch | blob | blame | history
src/libpakfire/linter-file.c patch | blob | blame | history

diff --git a/src/libpakfire/elf.c b/src/libpakfire/elf.c
index 27b78b319fc0ecef4e52fab8d94e24a257918304..9f69f6c573e52c48f05e83aec349e8b618975d25 100644 (file)
--- a/src/libpakfire/elf.c
+++ b/src/libpakfire/elf.c
@@ -356,6 +356,49 @@ int pakfire_elf_has_ssp(struct pakfire_elf* self) {
        return 0;
 }
 
+int pakfire_elf_has_execstack(struct pakfire_elf* self) {
+       GElf_Phdr phdr;
+       int r;
+
+       size_t phnum = 0;
+
+       // Fetch the total numbers of program headers
+       r = elf_getphdrnum(self->elf, &phnum);
+       if (r) {
+               ERROR(self->ctx,
+                       "Could not fetch number of program headers: %s\n", elf_errmsg(-1));
+               return -EINVAL;
+       }
+
+       // Walk through all program headers
+       for (unsigned int i = 0; i < phnum; i++) {
+               if (!gelf_getphdr(self->elf, i, &phdr)) {
+                       ERROR(self->ctx, "Could not parse program header: %s\n", elf_errmsg(-1));
+                       return -ENOTSUP;
+               }
+
+               switch (phdr.p_type) {
+                       case PT_GNU_STACK:
+                               DEBUG(self->ctx,
+                                       "%s: GNU_STACK flags: %c%c%c\n",
+                                       self->path,
+                                       (phdr.p_flags & PF_R) ? 'R' : '-',
+                                       (phdr.p_flags & PF_W) ? 'W' : '-',
+                                       (phdr.p_flags & PF_X) ? 'X' : '-'
+                               );
+
+                               // The stack cannot be writable and executable
+                               if ((phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
+                                       return 1;
+
+                       default:
+                               break;
+               }
+       }
+
+       return 0;
+}
+
 int pakfire_elf_is_stripped(struct pakfire_elf* self) {
        Elf_Scn* symtab = NULL;
 
diff --git a/src/libpakfire/include/pakfire/elf.h b/src/libpakfire/include/pakfire/elf.h
index 54f3713c7807b3a5cf3d202182acea7e853bcc96..f34e405e1cb964a98bbf950d6c733d9a1ec68b25 100644 (file)
--- a/src/libpakfire/include/pakfire/elf.h
+++ b/src/libpakfire/include/pakfire/elf.h
@@ -44,6 +44,7 @@ const char* pakfire_elf_debuglink(struct pakfire_elf* self);
 
 int pakfire_elf_is_pie(struct pakfire_elf* self);
 int pakfire_elf_has_ssp(struct pakfire_elf* self);
+int pakfire_elf_has_execstack(struct pakfire_elf* self);
 int pakfire_elf_is_stripped(struct pakfire_elf* self);
 
 #endif /* PAKFIRE_PRIVATE */
diff --git a/src/libpakfire/linter-file.c b/src/libpakfire/linter-file.c
index e8b6237013bd27b2c6594bf876dcd3a107470506..3f416433722cb995dab67b363bd4e1e276865610 100644 (file)
--- a/src/libpakfire/linter-file.c
+++ b/src/libpakfire/linter-file.c
@@ -482,44 +482,8 @@ static int pakfire_linter_file_check_ssp(struct pakfire_linter_file* lfile) {
 }
 
 static int pakfire_linter_file_check_execstack(struct pakfire_linter_file* lfile) {
-       GElf_Phdr phdr;
-       int r;
-
-       size_t phnum = 0;
-
-       // Fetch the total numbers of program headers
-       r = elf_getphdrnum(lfile->elf, &phnum);
-       if (r) {
-               ERROR(lfile->ctx,
-                       "Could not fetch number of program headers: %s\n", elf_errmsg(-1));
-               return -EINVAL;
-       }
-
-       // Walk through all program headers
-       for (unsigned int i = 0; i < phnum; i++) {
-               if (!gelf_getphdr(lfile->elf, i, &phdr)) {
-                       ERROR(lfile->ctx, "Could not parse program header: %s\n", elf_errmsg(-1));
-                       return -ENOTSUP;
-               }
-
-               switch (phdr.p_type) {
-                       case PT_GNU_STACK:
-                               DEBUG(lfile->ctx,
-                                       "%s: GNU_STACK flags: %c%c%c\n",
-                                       lfile->path,
-                                       (phdr.p_flags & PF_R) ? 'R' : '-',
-                                       (phdr.p_flags & PF_W) ? 'W' : '-',
-                                       (phdr.p_flags & PF_X) ? 'X' : '-'
-                               );
-
-                               // The stack cannot be writable and executable
-                               if ((phdr.p_flags & PF_W) && (phdr.p_flags & PF_X))
-                                       return pakfire_linter_file_error(lfile, "Executable Stack");
-
-                       default:
-                               break;
-               }
-       }
+       if (pakfire_elf_has_execstack(lfile->_elf))
+               return pakfire_linter_file_error(lfile, "Executable Stack");
 
        return 0;
 }
Pakfire is the package management and build system for IPFire 3.x.