Gitiles
Code Review Sign In
gerrit.openbmc.org / mdmillerii / openbmc / b542dec15d5efd10eecb485af0629315876cebfc / . / meta-security / recipes-security / redhat-security / files / find-execstack.sh
blob: 85f16de6dccf31a92cd6f2daa81177f9fb23817f [file] [log] [blame]
Richard Marian Thomaiyar14fddef2018-07-13 23:55:56 +0530[diff] [blame]1#!/bin/sh
2#
3# find-execstack utility
4# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
5# sgrubb@redhat.com
6#
7# This software may be freely redistributed under the terms of the GNU
8# public license.
9#
10# You should have received a copy of the GNU General Public License
11# along with this program; if not, write to the Free Software
12# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
13#
14# This program looks for executable stacks
15#
16
17libdirs="/lib /lib64 /usr/lib /usr/lib64"
18progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
19FOUND=0
20
21# First param is which list to use, second is search pattern
22scan () {
23if [ "$1" = "1" ] ; then
24 dirs=$libdirs
25elif [ "$1" = "2" ] ; then
26 dirs=$progdirs
27fi
28
29for d in $dirs ; do
30 if [ ! -d $d ] ; then
31 continue
32 fi
33 files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
34 for f in $files
35 do
36 FOUND_ONE=0
37 stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
38 if [ x"$stacks" != "x" ] ; then
39 perms=`echo $stacks | /bin/awk '{ print $7 }'`
40 if [ x"$perms" != x -a "$perms" != "RW" ] ; then
41 FOUND_ONE=1
42 fi
43 fi
44 old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
45 if [ x"$old_stacks" != "x" ] ; then
46 FOUND_ONE=1
47 fi
48 heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
49 if [ x"$heaps" != "x" ] ; then
50 FOUND_ONE=1
51 fi
52 if [ $FOUND_ONE = 1 ] ; then
53 printf "%-42s" $f
54 rpm -qf --queryformat "%{SOURCERPM}" $f
55 echo
56 FOUND=1
57 fi
58 done
59done
60}
61
62scan 1 '*.so'
63scan 2 '*'
64
65if [ $FOUND -eq 0 ] ; then
66 # Nothing to report, just exit
67 echo "No problems found" 1>&2
68 exit 0
69fi
70exit 1
71
72