diff options
Diffstat (limited to 'meta-security/recipes-security/redhat-security/files/find-execstack.sh')
-rw-r--r-- | meta-security/recipes-security/redhat-security/files/find-execstack.sh | 72 |
1 files changed, 72 insertions, 0 deletions
diff --git a/meta-security/recipes-security/redhat-security/files/find-execstack.sh b/meta-security/recipes-security/redhat-security/files/find-execstack.sh new file mode 100644 index 0000000000..85f16de6dc --- /dev/null +++ b/meta-security/recipes-security/redhat-security/files/find-execstack.sh @@ -0,0 +1,72 @@ +#!/bin/sh +# +# find-execstack utility +# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED. +# sgrubb@redhat.com +# +# This software may be freely redistributed under the terms of the GNU +# public license. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +# +# This program looks for executable stacks +# + +libdirs="/lib /lib64 /usr/lib /usr/lib64" +progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec" +FOUND=0 + +# First param is which list to use, second is search pattern +scan () { +if [ "$1" = "1" ] ; then + dirs=$libdirs +elif [ "$1" = "2" ] ; then + dirs=$progdirs +fi + +for d in $dirs ; do + if [ ! -d $d ] ; then + continue + fi + files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null` + for f in $files + do + FOUND_ONE=0 + stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK` + if [ x"$stacks" != "x" ] ; then + perms=`echo $stacks | /bin/awk '{ print $7 }'` + if [ x"$perms" != x -a "$perms" != "RW" ] ; then + FOUND_ONE=1 + fi + fi + old_stacks=`echo $stacks | /bin/grep -v GNU_STACK` + if [ x"$old_stacks" != "x" ] ; then + FOUND_ONE=1 + fi + heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP` + if [ x"$heaps" != "x" ] ; then + FOUND_ONE=1 + fi + if [ $FOUND_ONE = 1 ] ; then + printf "%-42s" $f + rpm -qf --queryformat "%{SOURCERPM}" $f + echo + FOUND=1 + fi + done +done +} + +scan 1 '*.so' +scan 2 '*' + +if [ $FOUND -eq 0 ] ; then + # Nothing to report, just exit + echo "No problems found" 1>&2 + exit 0 +fi +exit 1 + + |