From 8e8de3c1193510edb9dd4a98700481dff37497e3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 11 Mar 2023 14:07:09 +0000 Subject: [PATCH] build: Check if ELF files contain debug information Signed-off-by: Michael Tremer --- src/libpakfire/build.c | 38 ++++++++++++++++++++++++++- src/libpakfire/file.c | 36 +++++++++++++++++++++++++ src/libpakfire/include/pakfire/file.h | 1 + 3 files changed, 74 insertions(+), 1 deletion(-) diff --git a/src/libpakfire/build.c b/src/libpakfire/build.c index b2bfcfaf..5e28e5c4 100644 --- a/src/libpakfire/build.c +++ b/src/libpakfire/build.c @@ -1083,6 +1083,35 @@ static int pakfire_build_post_remove_static_libraries( PAKFIRE_BUILD_CLEANUP_FILES); } +static int __pakfire_build_post_check_stripped( + struct pakfire* pakfire, struct pakfire_file* file, void* data) { + struct pakfire_filelist* filelist = (struct pakfire_filelist*)data; + int r; + + // Skip anything that isn't an ELF file + if (!pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) + return 0; + + // Collect all stripped files + if (pakfire_file_is_stripped(file)) { + r = pakfire_filelist_add(filelist, file); + if (r) { + ERROR(pakfire, "Could not add file to filelist: %m\n"); + return r; + } + } + + return 0; +} + +static int pakfire_build_post_check_stripped( + struct pakfire_build* build, struct pakfire_filelist* filelist) { + return pakfire_build_post_process_files(build, filelist, + "Files lacking debugging information:", + __pakfire_build_post_check_stripped, + PAKFIRE_BUILD_ERROR_IF_NOT_EMPTY); +} + static int __pakfire_build_remove_libtool_archives( struct pakfire* pakfire, struct pakfire_file* file, void* data) { struct pakfire_filelist* removees = (struct pakfire_filelist*)data; @@ -1199,6 +1228,11 @@ static int pakfire_build_run_post_build_checks(struct pakfire_build* build) { goto ERROR; } + // Check if binaries have been stripped + r = pakfire_build_post_check_stripped(build, filelist); + if (r) + goto ERROR; + // Remove any static libraries r = pakfire_build_post_remove_static_libraries(build, filelist); if (r) @@ -1696,8 +1730,10 @@ static int pakfire_build_perform(struct pakfire_build* build, // Run post build checks r = pakfire_build_run_post_build_checks(build); - if (r) + if (r) { + ERROR(build->pakfire, "Post build checks failed\n"); goto ERROR; + } // Run post build scripts r = pakfire_build_run_post_build_scripts(build); diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index ef54fa56..a43ad616 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -1513,6 +1513,42 @@ ERROR: return r; } +static int __pakfire_file_is_stripped(struct pakfire_file* file, Elf* elf, void* data) { + Elf_Scn* section = NULL; + GElf_Shdr shdr; + + // Walk through all sections + for (;;) { + section = elf_nextscn(elf, section); + if (!section) + break; + + // Fetch the section header + gelf_getshdr(section, &shdr); + + switch (shdr.sh_type) { + // Break if we found the symbol table + case SHT_SYMTAB: + return 0; + } + } + + // Not found + DEBUG(file->pakfire, "%s has no debug sections\n", file->path); + + return 1; +} + +int pakfire_file_is_stripped(struct pakfire_file* file) { + // Don't run this for non-ELF files + if (!pakfire_file_matches_class(file, PAKFIRE_FILE_ELF)) { + errno = EINVAL; + return -1; + } + + return pakfire_file_open_elf(file, __pakfire_file_is_stripped, NULL); +} + static int __pakfire_file_hardening_check_ssp( struct pakfire_file* file, Elf* elf, void* data) { Elf_Scn* section = NULL; diff --git a/src/libpakfire/include/pakfire/file.h b/src/libpakfire/include/pakfire/file.h index dd69abb8..801ecb2f 100644 --- a/src/libpakfire/include/pakfire/file.h +++ b/src/libpakfire/include/pakfire/file.h @@ -161,6 +161,7 @@ enum pakfire_file_hardening_flags { PAKFIRE_FILE_NO_PARTIALLY_RELRO = (1 << 3), }; +int pakfire_file_is_stripped(struct pakfire_file* file); int pakfire_file_check_hardening(struct pakfire_file* file, int* issues); #endif -- 2.47.3