commit 14fddefae2cdb1255279465f2f9fcff5f3da222e
author Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com> Fri Jul 13 23:55:56 2018 +0530
committer Brad Bishop <bradleyb@fuzziesquirrel.com> Fri Jul 27 03:12:32 2018 +0000
tree c741979d99c5cd5e7477483611a0003f44790b49
parent c6ed65665d5392d677c63b836ce6ac358a9db7f7

Squashed 'import-layers/meta-security/' content from commit 4d139b9

Subtree from git://git.yoctoproject.org/meta-security

Change-Id: I14bb13faa3f2b2dc1f5d81b339dd48ffedf8562f
git-subtree-dir: import-layers/meta-security
git-subtree-split: 4d139b95c4f152d132592f515c5151f4dd6269c1
Signed-off-by: Richard Marian Thomaiyar <richard.marian.thomaiyar@linux.intel.com>

import-layers/meta-security/recipes-security/redhat-security/files/find-execstack.sh

diff --git a/import-layers/meta-security/recipes-security/redhat-security/files/find-execstack.sh b/import-layers/meta-security/recipes-security/redhat-security/files/find-execstack.sh
new file mode 100644
index 0000000..85f16de
--- /dev/null
+++ b/import-layers/meta-security/recipes-security/redhat-security/files/find-execstack.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# find-execstack utility
+# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
+# sgrubb@redhat.com
+#
+# This software may be freely redistributed under the terms of the GNU
+# public license.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# This program looks for executable stacks
+#
+
+libdirs="/lib /lib64 /usr/lib /usr/lib64"
+progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
+FOUND=0
+
+# First param is which list to use, second is search pattern
+scan () {
+if [ "$1" = "1" ] ; then
+	dirs=$libdirs
+elif [ "$1" = "2" ] ; then
+	dirs=$progdirs
+fi
+
+for d in $dirs ; do
+	if [ ! -d $d ] ; then
+		continue
+	fi
+	files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
+	for f in $files
+	do
+		FOUND_ONE=0
+		stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
+		if [ x"$stacks" != "x" ] ; then
+			perms=`echo $stacks | /bin/awk '{ print $7 }'`
+			if [ x"$perms" != x -a "$perms" != "RW" ] ; then
+				FOUND_ONE=1
+			fi
+		fi
+		old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
+		if [ x"$old_stacks" != "x" ] ; then
+			FOUND_ONE=1
+		fi
+		heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
+		if [ x"$heaps" != "x" ] ; then
+			FOUND_ONE=1
+		fi
+		if [ $FOUND_ONE = 1 ] ; then
+			printf "%-42s" $f
+			rpm -qf --queryformat "%{SOURCERPM}" $f
+			echo
+			FOUND=1
+		fi
+	done
+done
+}
+
+scan 1 '*.so'
+scan 2 '*'
+
+if [ $FOUND -eq 0 ] ; then
+        # Nothing to report, just exit
+        echo "No problems found" 1>&2
+        exit 0
+fi
+exit 1
+
+