From: Michael Tremer <michael.tremer@ipfire.org>
Date: Mon, 13 Mar 2023 16:52:44 +0000 (+0000)
Subject: file: Disable all hardening checks for Relocatable Objects
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8a385eff059f8c61c390407700a0179c51060128;p=people%2Fstevee%2Fpakfire.git

file: Disable all hardening checks for Relocatable Objects

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c
index 20df1dc9..f917e7b9 100644
--- a/src/libpakfire/file.c
+++ b/src/libpakfire/file.c
@@ -1615,6 +1615,33 @@ ERROR:
 	return r;
 }
 
+static int __pakfire_file_get_elf_type(struct pakfire_file* file, Elf* elf, void* data) {
+	int* type = (int*)data;
+	GElf_Ehdr ehdr;
+
+	// Fetch the ELF header
+	if (!gelf_getehdr(elf, &ehdr)) {
+		ERROR(file->pakfire, "Could not parse ELF header: %s\n", elf_errmsg(-1));
+		return 1;
+	}
+
+	// Store the type
+	*type = ehdr.e_type;
+
+	return 0;
+}
+
+static int pakfire_file_get_elf_type(struct pakfire_file* file) {
+	int type = ET_NONE;
+	int r;
+
+	r = pakfire_file_open_elf(file, __pakfire_file_get_elf_type, &type);
+	if (r)
+		return -1;
+
+	return type;
+}
+
 static int __pakfire_file_is_stripped(struct pakfire_file* file, Elf* elf, void* data) {
 	Elf_Scn* section = NULL;
 	GElf_Shdr shdr;
@@ -1648,6 +1675,16 @@ int pakfire_file_is_stripped(struct pakfire_file* file) {
 		return -1;
 	}
 
+	switch (pakfire_file_get_elf_type(file)) {
+		// Do not check Relocatable Objects
+		case ET_REL:
+			return 0;
+
+		// Check everything else
+		default:
+			break;
+	}
+
 	return pakfire_file_open_elf(file, __pakfire_file_is_stripped, NULL);
 }
 
@@ -1719,33 +1756,16 @@ static int pakfire_file_hardening_check_ssp(struct pakfire_file* file) {
 	return pakfire_file_open_elf(file, __pakfire_file_hardening_check_ssp, NULL);
 }
 
-static int __pakfire_file_hardening_check_pie(
-		struct pakfire_file* file, Elf* elf, void* data) {
-	GElf_Ehdr eheader;
-
-	// Fetch the ELF header
-	if (!gelf_getehdr(elf, &eheader)) {
-		ERROR(file->pakfire, "Could not parse ELF header: %s\n", elf_errmsg(-1));
-		return 1;
-	}
-
-	// Check for the correct header type
-	switch (eheader.e_type) {
-		// Dynamic Objects are good
+static int pakfire_file_hardening_check_pie(struct pakfire_file* file) {
+	switch (pakfire_file_get_elf_type(file)) {
+		// Shared Object files are good
 		case ET_DYN:
-			break;
+			return 0;
 
-		// Anything else is bad
+		// Everything else is bad
 		default:
-			file->hardening_issues |= PAKFIRE_FILE_NO_PIE;
-			break;
+			return 1;
 	}
-
-	return 0;
-}
-
-static int pakfire_file_hardening_check_pie(struct pakfire_file* file) {
-	return pakfire_file_open_elf(file, __pakfire_file_hardening_check_pie, NULL);
 }
 
 static int __pakfire_file_hardening_check_execstack(
@@ -1846,6 +1866,16 @@ int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) {
 
 	// Return previous result if this has been run before
 	if (!file->hardening_check_done) {
+		switch (pakfire_file_get_elf_type(file)) {
+			// Do not check Relocatable Objects
+			case ET_REL:
+				goto DONE;
+
+			// Check everything else
+			default:
+				break;
+		}
+
 		// Check for SSP
 		r = pakfire_file_hardening_check_ssp(file);
 		if (r)
@@ -1866,6 +1896,7 @@ int pakfire_file_check_hardening(struct pakfire_file* file, int* issues) {
 		if (r)
 			return r;
 
+DONE:
 		// All checks done
 		file->hardening_check_done = 1;
 	}