summaryrefslogtreecommitdiff
path: root/meta-security/recipes-security/redhat-security/files/find-execstack.sh
blob: 85f16de6dccf31a92cd6f2daa81177f9fb23817f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/sh
#
# find-execstack utility
# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
# sgrubb@redhat.com
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for executable stacks
#

libdirs="/lib /lib64 /usr/lib /usr/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
FOUND=0

# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
	dirs=$libdirs
elif [ "$1" = "2" ] ; then
	dirs=$progdirs
fi

for d in $dirs ; do
	if [ ! -d $d ] ; then
		continue
	fi
	files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
	for f in $files
	do
		FOUND_ONE=0
		stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
		if [ x"$stacks" != "x" ] ; then
			perms=`echo $stacks | /bin/awk '{ print $7 }'`
			if [ x"$perms" != x -a "$perms" != "RW" ] ; then
				FOUND_ONE=1
			fi
		fi
		old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
		if [ x"$old_stacks" != "x" ] ; then
			FOUND_ONE=1
		fi
		heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
		if [ x"$heaps" != "x" ] ; then
			FOUND_ONE=1
		fi
		if [ $FOUND_ONE = 1 ] ; then
			printf "%-42s" $f
			rpm -qf --queryformat "%{SOURCERPM}" $f
			echo
			FOUND=1
		fi
	done
done
}

scan 1 '*.so'
scan 2 '*'

if [ $FOUND -eq 0 ] ; then
        # Nothing to report, just exit
        echo "No problems found" 1>&2
        exit 0
fi
exit 1