This is an automated email from the git hooks/post-receive script. nthykier pushed a commit to branch master in repository lintian.
commit df40bc7c353fb599875e269571b0f892f119ea10 Author: Niels Thykier <ni...@thykier.net> Date: Sat Sep 17 19:50:14 2016 +0000 c/binaries: Implement hardening-no-pie directly Signed-off-by: Niels Thykier <ni...@thykier.net> --- checks/binaries.pm | 7 ++++++- helpers/coll/objdump-info-helper | 3 +++ lib/Lintian/Collect/Binary.pm | 1 + 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/checks/binaries.pm b/checks/binaries.pm index e9d1d5d..a9ba42f 100644 --- a/checks/binaries.pm +++ b/checks/binaries.pm @@ -565,6 +565,11 @@ sub run { tag 'hardening-no-bindnow', $file; } + if ($arch_hardening->{'hardening-no-pie'} + and $objdump->{'ELF-TYPE'} eq 'EXEC') { + tag 'hardening-no-pie', $file; + } + # Check for missing hardening characteristics. This currently # handles the following checks: # no-relro no-fortify-functions no-stackprotector no-bindnow no-pie @@ -573,7 +578,7 @@ sub run { foreach my $t (@{$info->hardening_info->{$fname}}) { my $tag = "hardening-$t"; # Implemented elsewhere - next if $t eq 'no-relro' or $t eq 'no-bindnow'; + next if $t eq 'no-relro' or $t eq 'no-bindnow' or $t eq 'no-pie'; # Binaries built by the Go compiler do not support all # hardening measures. next diff --git a/helpers/coll/objdump-info-helper b/helpers/coll/objdump-info-helper index 4f8a24a..e66a834 100755 --- a/helpers/coll/objdump-info-helper +++ b/helpers/coll/objdump-info-helper @@ -103,6 +103,9 @@ while (my $line = <$readelf>) { # Possibly a reference to afl... $static_lib_issues++ if $bin =~ m{\([^/\\)]++\)$}; next; + } elsif ($line =~ m/^Elf file type is (\S+)/) { + print "Elf-Type: $1\n"; + next; } elsif ($line =~ m/^Program Headers:/) { $section = 'PH'; print "Program-Headers:\n"; diff --git a/lib/Lintian/Collect/Binary.pm b/lib/Lintian/Collect/Binary.pm index 50aba9d..a351575 100644 --- a/lib/Lintian/Collect/Binary.pm +++ b/lib/Lintian/Collect/Binary.pm @@ -382,6 +382,7 @@ sub objdump_info { if (lc($pg->{'bad-dynamic-table'}//'no') eq 'yes') { $info{'BAD-DYNAMIC-TABLE'} = 1; } + $info{'ELF-TYPE'} = $pg->{'elf-type'} if $pg->{'elf-type'}; foreach my $symd (split m/\s*\n\s*/, $pg->{'dynamic-symbols'}//'') { next unless $symd; if ($symd =~ m/^\s*(\S+)\s+(?:(\S+)\s+)?(\S+)$/){ -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git