[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Libguestfs] [PATCH] Add a test for an executable stack in libguestfs.so



---
 regressions/Makefile.am          |    4 ++-
 regressions/test-noexec-stack.pl |   63 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+), 1 deletions(-)
 create mode 100755 regressions/test-noexec-stack.pl

diff --git a/regressions/Makefile.am b/regressions/Makefile.am
index 12c4e80..555efd4 100644
--- a/regressions/Makefile.am
+++ b/regressions/Makefile.am
@@ -22,6 +22,7 @@
 # See also capitests/
 
 TESTS = \
+	test-noexec-stack.pl \
 	rhbz503169c10.sh \
 	rhbz503169c13.sh \
 	test-cancellation-upload-daemoncancels.sh \
@@ -41,7 +42,8 @@ FAILING_TESTS = \
 
 TESTS_ENVIRONMENT = \
 	LD_LIBRARY_PATH=$(top_builddir)/src/.libs \
-	LIBGUESTFS_PATH=$(top_builddir)/appliance
+	LIBGUESTFS_PATH=$(top_builddir)/appliance \
+	NOEXEC_CHECK="$(top_builddir)/src/.libs/libguestfs.so $(top_builddir)/daemon/guestfsd"
 
 EXTRA_DIST = \
 	$(FAILING_TESTS) \
diff --git a/regressions/test-noexec-stack.pl b/regressions/test-noexec-stack.pl
new file mode 100755
index 0000000..9703066
--- /dev/null
+++ b/regressions/test-noexec-stack.pl
@@ -0,0 +1,63 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+die("NOEXEC_CHECK not set") unless(exists($ENV{NOEXEC_CHECK}));
+
+my @files = split(/ /, $ENV{NOEXEC_CHECK});
+
+FILES: foreach my $file (@files) {
+    my $output;
+    open($output, '-|', "readelf -l $file")
+        or die("\"readelf -l $file\" failed");
+
+    my $offset;
+    my $line = 1;
+
+    # Find the offset of the Flags field
+    while(<$output>) {
+        next unless(/^\s*Type\b/);
+
+        my @lines;
+        push(@lines, $_);
+
+        # Look for a Flg field on this line (32 bit)
+        $offset = index($_, 'Flg ');
+
+        if(-1 == $offset) {
+            # 64 bit is split over 2 lines. Look for a Flags field on the next
+            # line
+            $_ = <$output>;
+            $offset = index($_, 'Flags ');
+            $line = 2;
+            push(@lines, $_);
+        }
+
+        die("Unrecognised header: ".join("\n", @lines)) if(-1 == $offset);
+        last;
+    }
+
+    # Find the GNU_STACK entry
+    while(<$output>) {
+        next unless(/^\s*GNU_STACK\b/);
+
+        # Skip over input lines according to the header
+        for(my $i = 1; $i < $line; $i++) {
+            $_ = <$output>;
+        }
+
+        my $flags = substr($_, $offset, 3);
+
+        $flags =~ /^[ R][ W]([ E])$/ or die("Unrecognised flags: $flags");
+
+        if('E' eq $1) {
+            print "***** $ARGV[0] has an executable stack *****\n";
+            exit(1);
+        }
+
+        next FILES;
+    }
+
+    die("Didn't find GNU_STACK entry");
+}
-- 
1.6.2.5


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]