Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package checksec for openSUSE:Factory checked in at 2022-09-25 15:35:25 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/checksec (Old) and /work/SRC/openSUSE:Factory/.checksec.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "checksec" Sun Sep 25 15:35:25 2022 rev:5 rq:1005732 version:2.6.0 Changes: -------- --- /work/SRC/openSUSE:Factory/checksec/checksec.changes 2022-03-16 20:21:17.425005797 +0100 +++ /work/SRC/openSUSE:Factory/.checksec.new.2275/checksec.changes 2022-09-25 15:35:52.539705677 +0200 @@ -1,0 +2,8 @@ +Sat Sep 24 08:58:02 UTC 2022 - Dirk M??ller <[email protected]> + +- update to 2.6.0: + * fix missing sysctl on fedora + * remove extra parenthesis + * add missing libc on LoongArch-64 + +------------------------------------------------------------------- Old: ---- checksec-2.5.0.tar.gz New: ---- checksec-2.6.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ checksec.spec ++++++ --- /var/tmp/diff_new_pack.eKTWiZ/_old 2022-09-25 15:35:52.971706718 +0200 +++ /var/tmp/diff_new_pack.eKTWiZ/_new 2022-09-25 15:35:52.975706727 +0200 @@ -18,7 +18,7 @@ Name: checksec -Version: 2.5.0 +Version: 2.6.0 Release: 0 Summary: Utility to check binaries for system hardening License: BSD-3-Clause ++++++ checksec-2.5.0.tar.gz -> checksec-2.6.0.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.git-hooks/post-checkout new/checksec.sh-2.6.0/.git-hooks/post-checkout --- old/checksec.sh-2.5.0/.git-hooks/post-checkout 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/.git-hooks/post-checkout 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# The current repo root +CURRENT_REPO=$(git rev-parse --show-toplevel) +if [[ -f $CURRENT_REPO/.gitlfs ]]; then + command -v git-lfs > /dev/null 2>&1 || { + echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n" + exit 2 + } + git lfs post-checkout "$@" +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.git-hooks/post-commit new/checksec.sh-2.6.0/.git-hooks/post-commit --- old/checksec.sh-2.5.0/.git-hooks/post-commit 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/.git-hooks/post-commit 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,12 @@ +#!/usr/bin/env bash +# The current repo root +CURRENT_REPO=$(git rev-parse --show-toplevel) +if [[ -f ${CURRENT_REPO}/.gitlfs ]]; then + command -v git-lfs > /dev/null 2>&1 || { + echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n" + exit 2 + } + git lfs post-commit "$@" +fi + +"${CURRENT_REPO}"/hack/enable-git-hooks.sh diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.git-hooks/post-merge new/checksec.sh-2.6.0/.git-hooks/post-merge --- old/checksec.sh-2.5.0/.git-hooks/post-merge 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/.git-hooks/post-merge 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# The current repo root +CURRENT_REPO=$(git rev-parse --show-toplevel) +if [[ -f $CURRENT_REPO/.gitlfs ]]; then + command -v git-lfs > /dev/null 2>&1 || { + echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n" + exit 2 + } + git lfs post-merge "$@" +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.git-hooks/pre-commit new/checksec.sh-2.6.0/.git-hooks/pre-commit --- old/checksec.sh-2.5.0/.git-hooks/pre-commit 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/.git-hooks/pre-commit 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +# +# An example hook script to verify what is about to be committed. +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-commit". + +# The git hooks repo +DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)" +REPO_ROOT=$(cd "${DIR}" && git rev-parse --show-toplevel) +# The current repo root, in case the repo is different from the hooks (this allows using a single pre-commit across multiple repos) +CURRENT_REPO=$(git rev-parse --show-toplevel) + +# Redirect output to stderr. +exec 1>&2 + +# check to ensure all tools exist +tools=('pre-commit' 'checkov' 'shfmt') +for tool in "${tools[@]}"; do + if ! command -v "${tool}" > /dev/null 2>&1; then + cat << EOF + Error: ${tool} not found + Please install via brew or package manager + 'brew install ${tool}' + or + install required tools + ${tools[*]} +EOF + exit 2 + fi +done + +# run pre-commit checks +pre-commit hook-impl --config="${REPO_ROOT}"/.pre-commit-config.yaml --hook-type=pre-commit --hook-dir "${CURRENT_REPO}" -- "$@" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.git-hooks/pre-push new/checksec.sh-2.6.0/.git-hooks/pre-push --- old/checksec.sh-2.5.0/.git-hooks/pre-push 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/.git-hooks/pre-push 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +# The current repo root +CURRENT_REPO=$(git rev-parse --show-toplevel) +if [[ -f $CURRENT_REPO/.gitlfs ]]; then + command -v git-lfs > /dev/null 2>&1 || { + echo >&2 "\nThis repository is configured for Git LFS but 'git-lfs' was not found on your path. If you no longer wish to use Git LFS, remove this hook by deleting .git/hooks/post-commit.\n" + exit 2 + } + git lfs pre-push "$@" +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.github/workflows/pull_request.yml new/checksec.sh-2.6.0/.github/workflows/pull_request.yml --- old/checksec.sh-2.5.0/.github/workflows/pull_request.yml 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/.github/workflows/pull_request.yml 2022-05-27 23:35:00.000000000 +0200 @@ -12,7 +12,6 @@ curl -Lo ${HOME}/bin/shfmt https://github.com/mvdan/sh/releases/download/v3.4.0/shfmt_v3.4.0_linux_amd64 chmod +x ${HOME}/bin/shfmt export PATH=${PATH}:${HOME}/bin - ./build.sh pre-commit run --all-files git status if [[ ! -z $(git status --porcelain) ]]; then @@ -21,7 +20,5 @@ fi - name: ubuntu checksec run: docker-compose run checksec-ubuntu - - name: arch checksec - run: docker-compose run checksec-arch - name: photon checksec run: docker-compose run checksec-photon diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.github/workflows/push.yml new/checksec.sh-2.6.0/.github/workflows/push.yml --- old/checksec.sh-2.5.0/.github/workflows/push.yml 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/.github/workflows/push.yml 2022-05-27 23:35:00.000000000 +0200 @@ -8,19 +8,15 @@ runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - - name: shellcheck - run: docker-compose run shellcheck - - name: ubuntu checksec - run: docker-compose run checksec-ubuntu - - name: arch checksec - run: docker-compose run checksec-arch - - name: photon checksec - run: docker-compose run checksec-photon - name: docker build run: docker build -t slimm609/checksec:latest . - - name: Push to Docker Hub - uses: docker/build-push-action@v1 + - name: Login to DockerHub + uses: docker/login-action@v1 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - repository: slimm609/checksec:latest + - name: Push to Docker Hub + uses: docker/build-push-action@v2 + with: + push: true + tags: slimm609/checksec:latest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/.pre-commit-config.yaml new/checksec.sh-2.6.0/.pre-commit-config.yaml --- old/checksec.sh-2.5.0/.pre-commit-config.yaml 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/.pre-commit-config.yaml 2022-05-27 23:35:00.000000000 +0200 @@ -1,6 +1,18 @@ repos: +- repo: local + hooks: + - id: build_checksec + name: build checksec script + entry: bash ./hack/build.sh + language: system + pass_filenames: false + - id: enable_hooks + name: enable git hooks + entry: bash ./hack/enable-git-hooks.sh + language: system + pass_filenames: false - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.0.1 + rev: v4.2.0 hooks: - id: end-of-file-fixer - id: trailing-whitespace @@ -14,9 +26,9 @@ - id: shfmt args: ["-sr", "-i", "2", "-ci", "-w"] - id: shellcheck - args: ["-e", "SC2154,SC2164,SC2129"] + args: ["-e", "SC2154,SC2164,SC2129,SC2028"] - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: v1.1.10 + rev: v1.2.0 hooks: - id: forbid-crlf - id: remove-crlf diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/ChangeLog new/checksec.sh-2.6.0/ChangeLog --- old/checksec.sh-2.5.0/ChangeLog 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/ChangeLog 2022-05-27 23:35:00.000000000 +0200 @@ -1,233 +1,241 @@ +Rev-2022052701 Brian Davis <[email protected]> + * update to 2.6.0 + * fix missing sysctl on fedora + Thanks @spdfnet + * remove extra parenthesis + Thanks @koobs + * add missing libc on LoongArch-64 + Thanks @xiaoxiaoafeifei Rev-2021101001 Brian Davis <[email protected]> - * update to 2.5.0 - * split checksec into multiple files for easier maintenance and debugging - * remove space between options and only support `=` until refactor can happen - * Add pre-commit-checks - * update License.txt to include BSD license - Thanks @mr-segfault - * Move to new Arch Linux docker images - Thanks @Maryse47 - * Add photon support for tests - * Check journalctl -k for NX protection - Thanks @Tatsh - * improve debug formatting - Thanks @bmwiedemann - * Fix shellcheck warnings and style issues - Thanks @a1346054 - * Make --dir option follow symlinks + * update to 2.5.0 + * split checksec into multiple files for easier maintenance and debugging + * remove space between options and only support `=` until refactor can happen + * Add pre-commit-checks + * update License.txt to include BSD license + Thanks @mr-segfault + * Move to new Arch Linux docker images + Thanks @Maryse47 + * Add photon support for tests + * Check journalctl -k for NX protection + Thanks @Tatsh + * improve debug formatting + Thanks @bmwiedemann + * Fix shellcheck warnings and style issues + Thanks @a1346054 + * Make --dir option follow symlinks Rev-2020081501 Brian Davis <[email protected]> - * checksec.sh: Updated to 2.4.0 - * checksec.sh: checksec_automator.sh add check x-pie-executable - Thanks @ja-pa - * checksec.sh: Support for list file modifier - Thanks @dsuarezv - * checksec.sh: Update license - Thanks @mr-segfault + * checksec.sh: Updated to 2.4.0 + * checksec.sh: checksec_automator.sh add check x-pie-executable + Thanks @ja-pa + * checksec.sh: Support for list file modifier + Thanks @dsuarezv + * checksec.sh: Update license + Thanks @mr-segfault Rev-2020052701 Brian Davis <[email protected]> - * checksec.sh: Updated to 2.2.0 - * checksec.sh: fix several small issues - Thanks @cgzones - * checksec.sh: add selfrando checks - Thanks @Estella - * checksec.sh: fix json validation - * checksec.sh: added github actions validation tests - * checksec.sh: fix stack protector functions - Thanks @cgzones - * checksec.sh: improve core dump checks - Thanks @cgzones - * checksec.sh: Run readelf in wide mode - Thanks @cgzones + * checksec.sh: Updated to 2.2.0 + * checksec.sh: fix several small issues + Thanks @cgzones + * checksec.sh: add selfrando checks + Thanks @Estella + * checksec.sh: fix json validation + * checksec.sh: added github actions validation tests + * checksec.sh: fix stack protector functions + Thanks @cgzones + * checksec.sh: improve core dump checks + Thanks @cgzones + * checksec.sh: Run readelf in wide mode + Thanks @cgzones Rev-2019061301 Brian Davis <[email protected]> - * checksec.sh: Updated to 2.0.0 - Breaking changes in options, no longer support short options - * checksec.sh: Rewrite checksec to use getopts and move to all functions - * checksec.sh: add MUSL support - Thanks g3ngr33n - * checksec.sh: fixed coredumpcheck + * checksec.sh: Updated to 2.0.0 - Breaking changes in options, no longer support short options + * checksec.sh: Rewrite checksec to use getopts and move to all functions + * checksec.sh: add MUSL support + Thanks g3ngr33n + * checksec.sh: fixed coredumpcheck Rev-2019061301 Brian Davis <[email protected]> - * checksec.sh: adds Clang CFI and SafeStack checks - Thanks dobin - * checksec.sh: Proc-all proccheck() json fix - Thanks etke - * checksec.sh: Fix --proc-all json output - Thanks etke - * checksec.sh: Switch --proc to use pgrep and fix json output - Thanks etke - * checksec.sh: Fix --proc-libs json output - Thanks etke - * checksec.sh: Fixed some calls to readelf missing stderr redirection to /dev/null - Thanks areisbr - * checksec.sh: fixed several issues around json and xml formatting - * checksec.sh: fixed fortify source catching false positives + * checksec.sh: adds Clang CFI and SafeStack checks + Thanks dobin + * checksec.sh: Proc-all proccheck() json fix + Thanks etke + * checksec.sh: Fix --proc-all json output + Thanks etke + * checksec.sh: Switch --proc to use pgrep and fix json output + Thanks etke + * checksec.sh: Fix --proc-libs json output + Thanks etke + * checksec.sh: Fixed some calls to readelf missing stderr redirection to /dev/null + Thanks areisbr + * checksec.sh: fixed several issues around json and xml formatting + * checksec.sh: fixed fortify source catching false positives Rev-2019011901 Brian Davis <[email protected]> - * checksec.sh: Updated to 1.11.1 - * checksec.sh: resolved issues with readelf - * checksec.sh: Added docker images for testing - * checksec.sh: Added armhf and aarch64 libc locations - Thanks Avamander - * checksec.sh: Replace FS_COUNT with fgrep - Thanks Iraugusto - * checksec.sh: Fixed symbols count in csv - Thanks Iraugusto - * checksec.sh: Fixed RW-RPATH and RW-RUNPATH - Thanks Iraugusto - * checksec.sh: Added stack canaries generated by intel compiler - Thanks Xavier Brouckaert - * checksec.sh: Mute stat errors for non-existent directories - Thanks Iraugusto - * checksec.sh: Removed invalid json structures and duplicate kernel checks - * checksec.sh: fixed spaces in -d option - * checksec.sh: Added stack-protector-string check - Thanks scottellis - * checksec.sh: Add arm64 specific kernel checks - Thanks scottellis - * checksec.sh: Add REFCOUNT_FULL to kernel tests - Thanks scottellis - * checksec.sh: Remove OSX support + * checksec.sh: Updated to 1.11.1 + * checksec.sh: resolved issues with readelf + * checksec.sh: Added docker images for testing + * checksec.sh: Added armhf and aarch64 libc locations + Thanks Avamander + * checksec.sh: Replace FS_COUNT with fgrep + Thanks Iraugusto + * checksec.sh: Fixed symbols count in csv + Thanks Iraugusto + * checksec.sh: Fixed RW-RPATH and RW-RUNPATH + Thanks Iraugusto + * checksec.sh: Added stack canaries generated by intel compiler + Thanks Xavier Brouckaert + * checksec.sh: Mute stat errors for non-existent directories + Thanks Iraugusto + * checksec.sh: Removed invalid json structures and duplicate kernel checks + * checksec.sh: fixed spaces in -d option + * checksec.sh: Added stack-protector-string check + Thanks scottellis + * checksec.sh: Add arm64 specific kernel checks + Thanks scottellis + * checksec.sh: Add REFCOUNT_FULL to kernel tests + Thanks scottellis + * checksec.sh: Remove OSX support Rev-2018012401 Brian Davis <[email protected]> - * checksec.sh: Updated to 1.9.0 - * checksec.sh: made all kernel checks dependant on kernel version - * checksec.sh: moved man page to section 1 - * checksec.sh: fixed debug flag - * checksec.sh: resolved issue with -d - * checksec.sh: fixed stack protector on 4.18+ kernels - Thanks cheese - * checksec.sh: fixed runpath name in output - Thanks philipturnbull - * checksec.sh: updated readme for offline testing - Thanks matthew-l-weber + * checksec.sh: Updated to 1.9.0 + * checksec.sh: made all kernel checks dependant on kernel version + * checksec.sh: moved man page to section 1 + * checksec.sh: fixed debug flag + * checksec.sh: resolved issue with -d + * checksec.sh: fixed stack protector on 4.18+ kernels + Thanks cheese + * checksec.sh: fixed runpath name in output + Thanks philipturnbull + * checksec.sh: updated readme for offline testing + Thanks matthew-l-weber Rev-2018012401 Brian Davis <[email protected]> - * checksec.sh: Updated to 1.8.0 - * checksec.sh: resolved issue with eu-readelf debug - * checksec.sh: shellcheck cleanup + * checksec.sh: Updated to 1.8.0 + * checksec.sh: resolved issue with eu-readelf debug + * checksec.sh: shellcheck cleanup Rev-2017080801 Brian Davis <[email protected]> - * checksec.sh: Cleaned up if statements for proper bash expressions + * checksec.sh: Cleaned up if statements for proper bash expressions Rev-2016102701 Brian Davis <[email protected]> - * checksec.sh: updated to 1.7.5 - * checksec.sh: added OSX support - Thanks Ben Actis - * checksec.sh: added space and underscore support - Thanks brianmwaters - * checksec.sh: cleaned up code formatting + * checksec.sh: updated to 1.7.5 + * checksec.sh: added OSX support + Thanks Ben Actis + * checksec.sh: added space and underscore support + Thanks brianmwaters + * checksec.sh: cleaned up code formatting Rev-2016022002 Brian Davis <[email protected]> - * checksec.sh: updated to 1.7.4 - * checksec.sh: fixed man page - * checksec.sh: added pkg_release option to disable updates for packaged releases - * checksec.sh: cleanup up proc-libs + * checksec.sh: updated to 1.7.4 + * checksec.sh: fixed man page + * checksec.sh: added pkg_release option to disable updates for packaged releases + * checksec.sh: cleanup up proc-libs Rev-2016021501 Brian Davis <[email protected]> - * checksec.sh: merged in zsh completion - Thanks Vaeth - * checksec.sh: added man page for checksec - * checksec.sh: updated readme to reflect output in place of format option + * checksec.sh: merged in zsh completion + Thanks Vaeth + * checksec.sh: added man page for checksec + * checksec.sh: updated readme to reflect output in place of format option Rev-2016021501 Brian Davis <[email protected]> - * checksec.sh: updated to 1.7.3 - * checksec.sh: added xml and json validation tests - * checksec.sh: fixed xml and json errors from validation tests - * checksec.sh: expanded grsecurity checks and cleaned up formatting + * checksec.sh: updated to 1.7.3 + * checksec.sh: added xml and json validation tests + * checksec.sh: fixed xml and json errors from validation tests + * checksec.sh: expanded grsecurity checks and cleaned up formatting Rev-2016010502 Brian Davis <[email protected]> - * checksec.sh: Added some extra debug output and started cleanup. + * checksec.sh: Added some extra debug output and started cleanup. Rev-2016010501 Brian Davis <[email protected]> - * checksec.sh: Fixed sysctl path issue #20 - Thanks hartwork + * checksec.sh: Fixed sysctl path issue #20 + Thanks hartwork Rev-2015122201 Brian Davis <[email protected]> - * checksec.sh: Merged in json fixes. - Thanks jpouellet + * checksec.sh: Merged in json fixes. + Thanks jpouellet Rev-2015122101 Brian Davis <[email protected]> - * checksec.sh: Merged in passing in command line kernel config, x86 fix and optional tools. - Thanks philippedeswert - * checksec.sh: split off mandatory tool from optional tools. - * checksec.sh: Updated to 1.7.1 - * checksec.sh: Added Seccomp tests from olivierlemoal. + * checksec.sh: Merged in passing in command line kernel config, x86 fix and optional tools. + Thanks philippedeswert + * checksec.sh: split off mandatory tool from optional tools. + * checksec.sh: Updated to 1.7.1 + * checksec.sh: Added Seccomp tests from olivierlemoal. Rev-2015102001 Brian Davis <[email protected]> - * checksec.sh: Set static LC_ALL to resolve LANG errors. Resolves Ticket #13 - * checksec.sh: Merged in additional kernel options and arch specific options. Ticket #14 - Thanks philippedeswert - * checksec.sh: Updated to 1.7.0 to support revision releases. - * checksec.sh: put in checks to not display checks that are for different architectures. + * checksec.sh: Set static LC_ALL to resolve LANG errors. Resolves Ticket #13 + * checksec.sh: Merged in additional kernel options and arch specific options. Ticket #14 + Thanks philippedeswert + * checksec.sh: Updated to 1.7.0 to support revision releases. + * checksec.sh: put in checks to not display checks that are for different architectures. Rev-2015091505 Brian Davis <[email protected]> - * checksec.sh: added additional debug output for troubleshooting purposes + * checksec.sh: added additional debug output for troubleshooting purposes Rev-2015091401 Brian Davis <[email protected]> - * checksec.sh: added debug option for troubleshooting purposes + * checksec.sh: added debug option for troubleshooting purposes Rev-2015091301 Brian Davis <[email protected]> - * checksec.sh: merged in changes for fedora/epel compliance - Thanks Besser82 - * checksec.sh: updated check binaries on run - Thanks Roberto Martelloni + * checksec.sh: merged in changes for fedora/epel compliance + Thanks Besser82 + * checksec.sh: updated check binaries on run + Thanks Roberto Martelloni Rev-2015060201 Brian Davis <[email protected]> - * checksec.sh: merged in fortified/fortify-able stats on --file output changed - Thanks Roberto Martelloni + * checksec.sh: merged in fortified/fortify-able stats on --file output changed + Thanks Roberto Martelloni Rev-2015011201 Brian Davis <[email protected]> - * checksec.sh: moved checksec.sh to checksec + * checksec.sh: moved checksec.sh to checksec Rev-2014021802 Brian Davis <[email protected]> - * checksec.sh: merged in RODATA and STRICT_USER_COPY changes - Thanks N8Fear + * checksec.sh: merged in RODATA and STRICT_USER_COPY changes + Thanks N8Fear Rev-2014021801 Brian Davis <[email protected]> - * checksec.sh: merged in JIT and MODHARDEN changes - Thanks N8Fear + * checksec.sh: merged in JIT and MODHARDEN changes + Thanks N8Fear Rev-2014021605 Brian Davis <[email protected]> - * checksec.sh: Changed --update to verify signature of updates. - * checksec.sig: file added + * checksec.sh: Changed --update to verify signature of updates. + * checksec.sig: file added Rev-2014021601 Brian Davis <[email protected]> - * checksec.sh: Removed deprecated Kern Heap section - Thanks Unspawn + * checksec.sh: Removed deprecated Kern Heap section + Thanks Unspawn 2014-02-14 Brian Davis <[email protected]> - * checksec.sh: Updated to version 1.6 - * checksec.sh: Implemented rev numbers and --update option - * checksec.sh: Added SELinux checks as additional checks for kernel security. - * checksec.sh: Added update option to pull the latest release - * checksec.sh: Added fortify_source to proc-all output. - * checksec.sh: Added Json, strict XML and updated Grsecurity section. - * checksec.sh: Carried over Robin David's changes with XML and CSV. + * checksec.sh: Updated to version 1.6 + * checksec.sh: Implemented rev numbers and --update option + * checksec.sh: Added SELinux checks as additional checks for kernel security. + * checksec.sh: Added update option to pull the latest release + * checksec.sh: Added fortify_source to proc-all output. + * checksec.sh: Added Json, strict XML and updated Grsecurity section. + * checksec.sh: Carried over Robin David's changes with XML and CSV. 2013-10-06 Robin David <[email protected]> - * add machine-readable outputs like CSV and XML + * add machine-readable outputs like CSV and XML 2011-11-17 Tobias Klein <[email protected]> - * 1.5 - * New checks for rpath and runpath elements in the dynamic sections. - Thanks to Ollie Whitehouse. - * Other bugfixes and improvements - - checksec.sh now takes account of the KBUILD_OUTPUT - environment variable when checking the Linux kernel - protection mechanisms (--kernel). - Thanks to Martin Vaeth for the hint. - - Some minor changes and clean-ups. Thanks to Brian Davis. - - Ubuntu 11.10 support for --fortify-file and --fortify-proc. + * 1.5 + * New checks for rpath and runpath elements in the dynamic sections. + Thanks to Ollie Whitehouse. + * Other bugfixes and improvements + - checksec.sh now takes account of the KBUILD_OUTPUT + environment variable when checking the Linux kernel + protection mechanisms (--kernel). + Thanks to Martin Vaeth for the hint. + - Some minor changes and clean-ups. Thanks to Brian Davis. + - Ubuntu 11.10 support for --fortify-file and --fortify-proc. 2011-01-14 Tobias Klein <[email protected]> - * 1.4 + * 1.4 - * Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc) + * Support for FORTIFY_SOURCE (--fortify-file, --fortify-proc) - * Lots of other bugfixes and improvements - - Check if the readelf command is available - - readelf support for 64-bit ELF files - - Check if the requested files and directories do exist - - '--dir' is now case-sensitive and correctly deals with - trailing slashes - - Check user permissions - - Etc. + * Lots of other bugfixes and improvements + - Check if the readelf command is available + - readelf support for 64-bit ELF files + - Check if the requested files and directories do exist + - '--dir' is now case-sensitive and correctly deals with + trailing slashes + - Check user permissions + - Etc. 2010-06-15 Tobias Klein <[email protected]> - * 1.3.1 + * 1.3.1 - * New BSD License - (http://www.opensource.org/licenses/bsd-license.php) + * New BSD License + (http://www.opensource.org/licenses/bsd-license.php) 2010-05-04 Tobias Klein <[email protected]> - * 1.3 - * Additional checks for a number of Linux kernel - protection mechanisms. - Thanks to Jon Oberheide (jon.oberheide.org). + * 1.3 + * Additional checks for a number of Linux kernel + protection mechanisms. + Thanks to Jon Oberheide (jon.oberheide.org). 2010-01-02 Tobias Klein <[email protected]> - * 1.2 - * Additional PaX (http://pax.grsecurity.net/) checks. - Thanks to Brad Spengler (grsecurity.net) for the PaX - support. - * Some minor fixes (coloring adjusted, 'pidof' replacement) + * 1.2 + * Additional PaX (http://pax.grsecurity.net/) checks. + Thanks to Brad Spengler (grsecurity.net) for the PaX + support. + * Some minor fixes (coloring adjusted, 'pidof' replacement) 2009-12-27 Tobias Klein <[email protected]> - * 1.1 - * New '--proc-libs' option. This option instructs - checksec.sh to test the loaded libraries of a process. - * Additional information on ASLR results (--proc, - -proc-all, --proc-libs) - Thanks to Anthony G. Basile of the Tin Hat project - for the hint. - * Additional CPU NX check (--proc, --proc-all, --proc-libs) + * 1.1 + * New '--proc-libs' option. This option instructs + checksec.sh to test the loaded libraries of a process. + * Additional information on ASLR results (--proc, + -proc-all, --proc-libs) + Thanks to Anthony G. Basile of the Tin Hat project + for the hint. + * Additional CPU NX check (--proc, --proc-all, --proc-libs) 2009-01-28 Tobias Klein <[email protected]> - * 1.0 - * Initial release + * 1.0 + * Initial release diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/Dockerfile new/checksec.sh-2.6.0/Dockerfile --- old/checksec.sh-2.5.0/Dockerfile 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/Dockerfile 2022-05-27 23:35:00.000000000 +0200 @@ -1,6 +1,6 @@ FROM photon:3.0 COPY checksec /bin/ -RUN tdnf update && tdnf remove -y toybox && tdnf upgrade -y && \ +RUN tdnf clean all && tdnf remove -y toybox && tdnf upgrade -y && \ tdnf install -y coreutils util-linux sed tar texinfo procps-ng grep findutils gzip file which awk binutils && \ chmod +x /bin/checksec diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/Dockerfile.arch new/checksec.sh-2.6.0/Dockerfile.arch --- old/checksec.sh-2.5.0/Dockerfile.arch 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/Dockerfile.arch 1970-01-01 01:00:00.000000000 +0100 @@ -1,7 +0,0 @@ -FROM archlinux:latest - -# Install dependencies -RUN pacman -Syu --noconfirm vim base-devel python-pip jq && ln -s $(command -v vim) /bin/vi && pip install demjson - -COPY . /root -WORKDIR /root diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/Dockerfile.photon new/checksec.sh-2.6.0/Dockerfile.photon --- old/checksec.sh-2.5.0/Dockerfile.photon 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/Dockerfile.photon 2022-05-27 23:35:00.000000000 +0200 @@ -1,7 +1,7 @@ FROM photon:3.0 # Install dependencies -RUN tdnf update -y && tdnf upgrade -y && tdnf remove toybox -y && \ +RUN tdnf upgrade -y && tdnf remove toybox -y && \ tdnf install -y build-essential git rpm-build coreutils util-linux \ make autoconf automake gcc ncurses-devel sed tar texinfo procps-ng grep \ findutils gzip file which libxml2 python3 python3-pip jq && \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/LICENSE.txt new/checksec.sh-2.6.0/LICENSE.txt --- old/checksec.sh-2.5.0/LICENSE.txt 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/LICENSE.txt 2022-05-27 23:35:00.000000000 +0200 @@ -1,6 +1,6 @@ The BSD License (http://www.opensource.org/licenses/bsd-license.php) specifies the terms and conditions of use for checksec.sh: -Copyright (c) 2014-2015, Brian Davis +Copyright (c) 2014-2022, Brian Davis Copyright (c) 2013, Robin David Copyright (c) 2009-2011, Tobias Klein All rights reserved. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/README.md new/checksec.sh-2.6.0/README.md --- old/checksec.sh-2.5.0/README.md 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/README.md 2022-05-27 23:35:00.000000000 +0200 @@ -11,7 +11,7 @@ - All options now require `--$option=$value` instead of `--$option $value` - --extended option now includes clang CFI and safe stack checks - Last Update: 2021-10-10 + Last Update: 2022-05-27 For OSX ------- diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/build.sh new/checksec.sh-2.6.0/build.sh --- old/checksec.sh-2.5.0/build.sh 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/build.sh 1970-01-01 01:00:00.000000000 +0100 @@ -1,38 +0,0 @@ -#!/usr/bin/env bash -# generate the checksec file from the src directory - -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)" -generated_file="${SCRIPT_DIR}/checksec" - -# add shebang line and edit line -cat << 'EOF' > "${generated_file}" -#!/usr/bin/env bash -# Do not edit this file directly, this file is generated from the files -# in the src directory. Any updates to this file will be overwritten when generated - -# sanitize the environment before run -[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ] && exec -c "$0" "$@" -EOF - -# add the header -sed -e '1,3d' "${SCRIPT_DIR}"/src/header.sh >> "${generated_file}" - -# add the license -echo -ne "\n" >> "${generated_file}" -sed 's/^/# /' "${SCRIPT_DIR}"/LICENSE.txt >> "${generated_file}" - -# add the core file -sed -e '1,3d' "${SCRIPT_DIR}"/src/core.sh >> "${generated_file}" - -# join all function files together in the middle -while read -r file; do - # remove the first 3 lines of each source file - # shebang line is included to properly shellcheck and format - sed -e '1,3d' "${file}" >> "${generated_file}" -done < <(find "${SCRIPT_DIR}"/src/functions -type f -iname "*.sh" | sort) - -# add the footer -sed -e '1,3d' "${SCRIPT_DIR}"/src/footer.sh >> "${generated_file}" - -# make it executable -chmod 755 "${generated_file}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/checksec new/checksec.sh-2.6.0/checksec --- old/checksec.sh-2.5.0/checksec 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/checksec 2022-05-27 23:35:00.000000000 +0200 @@ -3,7 +3,7 @@ # in the src directory. Any updates to this file will be overwritten when generated # sanitize the environment before run -[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ] && exec -c "$0" "$@" +[[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ]] && exec -c "$0" "$@" # --- Modified Version --- # Name : checksec.sh @@ -29,7 +29,7 @@ # The BSD License (http://www.opensource.org/licenses/bsd-license.php) # specifies the terms and conditions of use for checksec.sh: -# Copyright (c) 2014-2015, Brian Davis +# Copyright (c) 2014-2022, Brian Davis # Copyright (c) 2013, Robin David # Copyright (c) 2009-2011, Tobias Klein # All rights reserved. @@ -62,9 +62,9 @@ export LC_ALL="C" # version -SCRIPT_VERSION=2021101001 +SCRIPT_VERSION=2022052701 SCRIPT_MAJOR=2 -SCRIPT_MINOR=5 +SCRIPT_MINOR=6 SCRIPT_REVISION=0 # global vars @@ -86,9 +86,7 @@ FS_cnt_unchecked=0 FS_libc=0 -if [[ $(id -u) != 0 ]]; then - export PATH=${PATH}:/sbin/:/usr/sbin/ -fi +PATH=${PATH}:/sbin/:/usr/sbin/ # check if directory exists dir_exists() { @@ -508,14 +506,18 @@ printf "\033[31mError: Please provide a valid process name.\033[m\n\n" exit 1 fi - if ! (isString "${CHK_PROC}"); then - printf "\033[31mError: Please provide a valid process name.\033[m\n\n" + cd /proc || exit + if (isString "${CHK_PROC}"); then + IFS=" " read -r -a fpids <<< "$(pgrep -d ' ' "${CHK_PROC}")" + elif (isNumeric "${CHK_PROC}"); then + fpids=("${CHK_PROC}") + else + printf "\033[31mError: Please provide a valid process name or pid.\033[m\n\n" exit 1 fi - cd /proc || exit - IFS=" " read -r -a fpids <<< "$(pgrep -d ' ' "${CHK_PROC}")" + if [[ ${#fpids} -eq 0 ]]; then - printf "\033[31mError: No process with the given name found.\033[m\n\n" + printf "\033[31mError: No process with the given name or pid found.\033[m\n\n" exit 1 fi echo_message "* System-wide ASLR" '' '' '' @@ -709,7 +711,7 @@ fi # check for stack canary support - if ${readelf} -s "${1}" 2> /dev/null | grep -Eq '__stack_chk_fail|__intel_security_cookie'; then + if ${readelf} -s "${1}" 2> /dev/null | grep -Eq '__stack_chk_fail|__stack_chk_guard|__intel_security_cookie'; then echo_message '\033[32mCanary found \033[m ' 'Canary found,' ' canary="yes"' '"canary":"yes",' else echo_message '\033[31mNo canary found\033[m ' 'No Canary found,' ' canary="no"' '"canary":"no",' @@ -796,7 +798,7 @@ fi # check for stripped symbols in the binary - IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1))" + IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1)" if ${readelf} --symbols "${1}" 2> /dev/null | grep -q '\.symtab'; then echo_message "\033[31m${SYM_cnt[0]} Symbols\t\033[m " 'Symbols,' ' symbols="yes"' '"symbols":"yes",' else @@ -822,6 +824,8 @@ FS_libc=/lib/aarch64-linux-gnu/libc.so.6 elif [[ -e /usr/x86_64-gentoo-linux-musl/bin/ld ]]; then FS_libc=/usr/x86_64-gentoo-linux-musl/bin/ld + elif [[ -e /usr/lib/loongarch64-linux-gnu/libc.so.6 ]]; then + FS_libc=/usr/lib/loongarch64-linux-gnu/libc.so.6 else printf "\033[31mError: libc not found.\033[m\n\n" exit 1 @@ -1500,7 +1504,7 @@ # check for stack canary support if ${readelf} -s "${1}/exe" 2> /dev/null | grep -q 'Symbol table'; then - if ${readelf} -s "${1}/exe" 2> /dev/null | grep -Eq '__stack_chk_fail|__intel_security_cookie'; then + if ${readelf} -s "${1}/exe" 2> /dev/null | grep -Eq '__stack_chk_fail|__stack_chk_guard|__intel_security_cookie'; then echo_message '\033[32mCanary found \033[m ' 'Canary found,' ' canary="yes"' '"canary":"yes",' else echo_message '\033[31mNo canary found \033[m ' 'No Canary found,' ' canary="no"' '"canary":"no",' Binary files old/checksec.sh-2.5.0/checksec.sig and new/checksec.sh-2.6.0/checksec.sig differ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/docker-compose.yml new/checksec.sh-2.6.0/docker-compose.yml --- old/checksec.sh-2.5.0/docker-compose.yml 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/docker-compose.yml 2022-05-27 23:35:00.000000000 +0200 @@ -8,13 +8,6 @@ image: checksec-ubuntu command: bash -c "./tests/test-checksec.sh" - checksec-arch: - build: - context: ./ - dockerfile: Dockerfile.arch - image: checksec-arch - command: bash -c "./tests/test-checksec.sh" - checksec-photon: build: context: ./ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/hack/build.sh new/checksec.sh-2.6.0/hack/build.sh --- old/checksec.sh-2.5.0/hack/build.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/hack/build.sh 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,43 @@ +#!/usr/bin/env bash +# generate the checksec file from the src directory + +SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" &> /dev/null && pwd)" +REPO_ROOT="$(cd "${SCRIPT_DIR}" && git rev-parse --show-toplevel)" +cd "${REPO_ROOT}" || { + echo "error: directory does not exist" + exit 1 +} +generated_file="${REPO_ROOT}/checksec" + +# add shebang line and edit line +cat << 'EOF' > "${generated_file}" +#!/usr/bin/env bash +# Do not edit this file directly, this file is generated from the files +# in the src directory. Any updates to this file will be overwritten when generated + +# sanitize the environment before run +[[ "$(env | /bin/sed -r -e '/^(PWD|SHLVL|_)=/d')" ]] && exec -c "$0" "$@" +EOF + +# add the header +sed -e '1,3d' "${REPO_ROOT}"/src/header.sh >> "${generated_file}" + +# add the license +echo -ne "\n" >> "${generated_file}" +sed 's/^/# /' "${REPO_ROOT}"/LICENSE.txt >> "${generated_file}" + +# add the core file +sed -e '1,3d' "${REPO_ROOT}"/src/core.sh >> "${generated_file}" + +# join all function files together in the middle +while read -r file; do + # remove the first 3 lines of each source file + # shebang line is included to properly shellcheck and format + sed -e '1,3d' "${file}" >> "${generated_file}" +done < <(find "${REPO_ROOT}"/src/functions -type f -iname "*.sh" | sort) + +# add the footer +sed -e '1,3d' "${REPO_ROOT}"/src/footer.sh >> "${generated_file}" + +# make it executable +chmod 755 "${generated_file}" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/hack/enable-git-hooks.sh new/checksec.sh-2.6.0/hack/enable-git-hooks.sh --- old/checksec.sh-2.5.0/hack/enable-git-hooks.sh 1970-01-01 01:00:00.000000000 +0100 +++ new/checksec.sh-2.6.0/hack/enable-git-hooks.sh 2022-05-27 23:35:00.000000000 +0200 @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +# enable git commit hooks + +LOCAL_REPO="$(git rev-parse --show-toplevel)" +if [[ -d ${LOCAL_REPO}/.git-hooks/ ]]; then + git config core.hooksPath "${LOCAL_REPO}/.git-hooks/" > /dev/null +fi diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/src/core.sh new/checksec.sh-2.6.0/src/core.sh --- old/checksec.sh-2.5.0/src/core.sh 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/src/core.sh 2022-05-27 23:35:00.000000000 +0200 @@ -6,9 +6,9 @@ export LC_ALL="C" # version -SCRIPT_VERSION=2021101001 +SCRIPT_VERSION=2022052701 SCRIPT_MAJOR=2 -SCRIPT_MINOR=5 +SCRIPT_MINOR=6 SCRIPT_REVISION=0 # global vars @@ -30,9 +30,7 @@ FS_cnt_unchecked=0 FS_libc=0 -if [[ $(id -u) != 0 ]]; then - export PATH=${PATH}:/sbin/:/usr/sbin/ -fi +PATH=${PATH}:/sbin/:/usr/sbin/ # check if directory exists dir_exists() { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/src/functions/chk_proc.sh new/checksec.sh-2.6.0/src/functions/chk_proc.sh --- old/checksec.sh-2.5.0/src/functions/chk_proc.sh 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/src/functions/chk_proc.sh 2022-05-27 23:35:00.000000000 +0200 @@ -58,14 +58,18 @@ printf "\033[31mError: Please provide a valid process name.\033[m\n\n" exit 1 fi - if ! (isString "${CHK_PROC}"); then - printf "\033[31mError: Please provide a valid process name.\033[m\n\n" + cd /proc || exit + if (isString "${CHK_PROC}"); then + IFS=" " read -r -a fpids <<< "$(pgrep -d ' ' "${CHK_PROC}")" + elif (isNumeric "${CHK_PROC}"); then + fpids=("${CHK_PROC}") + else + printf "\033[31mError: Please provide a valid process name or pid.\033[m\n\n" exit 1 fi - cd /proc || exit - IFS=" " read -r -a fpids <<< "$(pgrep -d ' ' "${CHK_PROC}")" + if [[ ${#fpids} -eq 0 ]]; then - printf "\033[31mError: No process with the given name found.\033[m\n\n" + printf "\033[31mError: No process with the given name or pid found.\033[m\n\n" exit 1 fi echo_message "* System-wide ASLR" '' '' '' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/src/functions/filecheck.sh new/checksec.sh-2.6.0/src/functions/filecheck.sh --- old/checksec.sh-2.5.0/src/functions/filecheck.sh 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/src/functions/filecheck.sh 2022-05-27 23:35:00.000000000 +0200 @@ -16,7 +16,7 @@ fi # check for stack canary support - if ${readelf} -s "${1}" 2> /dev/null | grep -Eq '__stack_chk_fail|__intel_security_cookie'; then + if ${readelf} -s "${1}" 2> /dev/null | grep -Eq '__stack_chk_fail|__stack_chk_guard|__intel_security_cookie'; then echo_message '\033[32mCanary found \033[m ' 'Canary found,' ' canary="yes"' '"canary":"yes",' else echo_message '\033[31mNo canary found\033[m ' 'No Canary found,' ' canary="no"' '"canary":"no",' @@ -103,7 +103,7 @@ fi # check for stripped symbols in the binary - IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1))" + IFS=" " read -r -a SYM_cnt <<< "$(${readelf} --symbols "${1}" 2> /dev/null | grep '\.symtab' | cut -d' ' -f5 | cut -d: -f1)" if ${readelf} --symbols "${1}" 2> /dev/null | grep -q '\.symtab'; then echo_message "\033[31m${SYM_cnt[0]} Symbols\t\033[m " 'Symbols,' ' symbols="yes"' '"symbols":"yes",' else @@ -129,6 +129,8 @@ FS_libc=/lib/aarch64-linux-gnu/libc.so.6 elif [[ -e /usr/x86_64-gentoo-linux-musl/bin/ld ]]; then FS_libc=/usr/x86_64-gentoo-linux-musl/bin/ld + elif [[ -e /usr/lib/loongarch64-linux-gnu/libc.so.6 ]]; then + FS_libc=/usr/lib/loongarch64-linux-gnu/libc.so.6 else printf "\033[31mError: libc not found.\033[m\n\n" exit 1 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/checksec.sh-2.5.0/src/functions/proccheck.sh new/checksec.sh-2.6.0/src/functions/proccheck.sh --- old/checksec.sh-2.5.0/src/functions/proccheck.sh 2021-10-13 02:20:56.000000000 +0200 +++ new/checksec.sh-2.6.0/src/functions/proccheck.sh 2022-05-27 23:35:00.000000000 +0200 @@ -22,7 +22,7 @@ # check for stack canary support if ${readelf} -s "${1}/exe" 2> /dev/null | grep -q 'Symbol table'; then - if ${readelf} -s "${1}/exe" 2> /dev/null | grep -Eq '__stack_chk_fail|__intel_security_cookie'; then + if ${readelf} -s "${1}/exe" 2> /dev/null | grep -Eq '__stack_chk_fail|__stack_chk_guard|__intel_security_cookie'; then echo_message '\033[32mCanary found \033[m ' 'Canary found,' ' canary="yes"' '"canary":"yes",' else echo_message '\033[31mNo canary found \033[m ' 'No Canary found,' ' canary="no"' '"canary":"no",'
