-
Notifications
You must be signed in to change notification settings - Fork 11
/
find-execstack
executable file
·85 lines (79 loc) · 2.3 KB
/
find-execstack
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
#!/bin/sh
#
# find-execstack utility
# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
#
# This software may be freely redistributed under the terms of the GNU
# public license.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
#
# This program looks for executable stacks. There are very few cases where
# an executable stack should exist, every positive this test hits should be
# inspected carefully.
#
if [ -h /bin ] ; then
libdirs="/usr/lib /usr/lib64 /usr/local/lib64"
progdirs="/usr/bin /usr/sbin /usr/libexec /usr/local/bin /usr/local/sbin"
else
libdirs="/lib /lib64 /usr/lib /usr/lib64 /usr/local/lib64"
progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec /usr/local/bin /usr/local/sbin"
fi
FOUND=0
# First param is which list to use, second is search pattern
scan () {
if [ "$1" = "1" ] ; then
dirs=$libdirs
elif [ "$1" = "2" ] ; then
dirs=$progdirs
fi
for d in $dirs ; do
if [ ! -d $d ] ; then
continue
fi
files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
for f in $files
do
FOUND_ONE=0
stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
# The below test checks the STACK for execute permissions. It
# should show 'RW' if things are OK, 'RWE" is bad.
if [ x"$stacks" != "x" ] ; then
perms=`echo $stacks | /bin/awk '{ print $7 }'`
if [ x"$perms" != x -a "$perms" != "RW" ] ; then
FOUND_ONE=1
fi
fi
old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
# The below test is looking for a symbol with STACK in it, but
# isn't GNU_STACK, this would suggest it's an old binary, before
# non executable stacks existed.
if [ x"$old_stacks" != "x" ] ; then
FOUND_ONE=1
fi
heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
# Executable heaps used to be a thing, if this symbol is present
# we're probably dealing with an old binary and an executable heap.
if [ x"$heaps" != "x" ] ; then
FOUND_ONE=1
fi
if [ $FOUND_ONE = 1 ] ; then
printf "%-42s" $f
rpm -qf --queryformat "%{SOURCERPM}" $f
echo
FOUND=1
fi
done
done
}
scan 1 '*.so'
scan 2 '*'
if [ $FOUND -eq 0 ] ; then
# Nothing to report, just exit
echo "No problems found" 1>&2
exit 0
fi
exit 1