[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH] Add a test for an executable stack in libguestfs.so



---
 capitests/Makefile.am           |    4 ++-
 capitests/check-noexec-stack.pl |   58 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 61 insertions(+), 1 deletions(-)
 create mode 100755 capitests/check-noexec-stack.pl

diff --git a/capitests/Makefile.am b/capitests/Makefile.am
index 71928ec..08466ac 100644
--- a/capitests/Makefile.am
+++ b/capitests/Makefile.am
@@ -22,13 +22,15 @@ EXTRA_DIST = \
 # in the generator.
 
 check_PROGRAMS = tests test-command
+check_SCRIPTS = check-noexec-stack.pl
 
 tests_SOURCES = tests.c
 tests_CFLAGS = -I$(top_srcdir)/src -I$(top_builddir)/src -Wall
 tests_LDADD = $(top_builddir)/src/libguestfs.la
 
-TESTS = tests
+TESTS = check-noexec-stack.pl tests
 TESTS_ENVIRONMENT = \
+	NOEXEC_CHECK=$(top_builddir)/src/.libs/libguestfs.so \
 	SKIP_TEST_COMMAND=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \
 	SKIP_TEST_COMMAND_LINES=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \
 	SKIP_TEST_ZEROFREE=$(shell test -x ../initramfs/usr/sbin/zerofree || echo 1) \
diff --git a/capitests/check-noexec-stack.pl b/capitests/check-noexec-stack.pl
new file mode 100755
index 0000000..7654c78
--- /dev/null
+++ b/capitests/check-noexec-stack.pl
@@ -0,0 +1,58 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+my $file = $ENV{NOEXEC_CHECK};
+die("NOEXEC_CHECK not set") unless(defined($file));
+
+my $output;
+open($output, '-|', "readelf -l $file") or die("Unable to execute readelf");
+
+my $offset;
+my $line = 1;
+
+# Find the offset of the Flags field
+while(<$output>) {
+    next unless(/^\s*Type\b/);
+
+    my @lines;
+    push(@lines, $_);
+
+    # Look for a Flg field on this line (32 bit)
+    $offset = index($_, 'Flg ');
+
+    if(-1 == $offset) {
+        # 64 bit is split over 2 lines. Look for a Flags field on the next line
+        $_ = <$output>;
+        $offset = index($_, 'Flags ');
+        $line = 2;
+        push(@lines, $_);
+    }
+
+    die("Unrecognised header: ".join("\n", @lines)) if(-1 == $offset);
+    last;
+}
+
+# Find the GNU_STACK entry
+while(<$output>) {
+    next unless(/^\s*GNU_STACK\b/);
+
+    # Skip over input lines according to the header
+    for(my $i = 1; $i < $line; $i++) {
+        $_ = <$output>;
+    }
+
+    my $flags = substr($_, $offset, 3);
+
+    $flags =~ /^[ R][ W]([ E])$/ or die("Unrecognised flags: $flags");
+
+    if('E' eq $1) {
+        print "***** $ARGV[0] has an executable stack *****\n";
+        exit(1);
+    }
+
+    exit(0);
+}
+
+die("Didn't find GNU_STACK entry");
-- 
1.6.2.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]