return pakfire_file_open_elf(file, __pakfire_file_hardening_check_execstack, NULL);
}
+static __pakfire_file_hardening_check_partially_relro(
+ struct pakfire_file* file, Elf* elf, void* data) {
+ GElf_Phdr phdr;
+ int r;
+
+ size_t phnum = 0;
+
+ // Fetch the total numbers of program headers
+ r = elf_getphdrnum(elf, &phnum);
+ if (r) {
+ ERROR(file->pakfire, "Could not fetch number of program headers: %s\n",
+ elf_errmsg(-1));
+ return 1;
+ }
+
+ // Walk through all program headers
+ for (unsigned int i = 0; i < phnum; i++) {
+ if (!gelf_getphdr(elf, i, &phdr)) {
+ ERROR(file->pakfire, "Could not parse program header: %s\n", elf_errmsg(-1));
+ return 1;
+ }
+
+ switch (phdr.p_type) {
+ case PT_GNU_RELRO:
+ return 0;
+
+ default:
+ break;
+ }
+ }
+
+ // This file does not seem to have PT_GNU_RELRO set
+ file->hardening_issues |= PAKFIRE_FILE_NO_PARTIALLY_RELRO;
+
+ return 0;
+}
+
+static int pakfire_file_hardening_check_relro(struct pakfire_file* file) {
+ return pakfire_file_open_elf(file, __pakfire_file_hardening_check_partially_relro, NULL);
+}
+
+
int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) {
int r;
if (r)
return r;
+ // Check for RELRO
+ r = pakfire_file_hardening_check_relro(file);
+ if (r)
+ return r;
+
// All checks done
file->hardening_check_done = 1;
}
Hardening Checks
*/
enum pakfire_file_hardening_flags {
- PAKFIRE_FILE_NO_SSP = (1 << 0),
- PAKFIRE_FILE_NO_PIE = (1 << 1),
- PAKFIRE_FILE_EXECSTACK = (1 << 2),
+ PAKFIRE_FILE_NO_SSP = (1 << 0),
+ PAKFIRE_FILE_NO_PIE = (1 << 1),
+ PAKFIRE_FILE_EXECSTACK = (1 << 2),
+ PAKFIRE_FILE_NO_PARTIALLY_RELRO = (1 << 3),
};
int pakfire_file_check_hardening(struct pakfire_file* file, int* issues);
projects / people / stevee / pakfire.git / commitdiff
