Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Add paxcheck make lint target 

This uses scanelf (from pax-utils) to check for any issues with the
binaries. It currently checks for executable stacks and textrels.
The checks are in a script so can be extended easily in the future for
more checks.

Executable stacks and textrels are frequently caused by issues in asm
files and lead to security and perf problems.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Jason Zaman <jason@perfinion.com>
Closes #5338
This commit is contained in:
Jason Zaman 2016-10-29 07:10:00 +08:00 committed by Brian Behlendorf
parent c6a89b58a9
commit f26eb42862
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Makefile.am
View File

@ -55,13 +55,18 @@ shellcheck:
done; \ done; \
fi fi
lint: cppcheck lint: cppcheck paxcheck
cppcheck: cppcheck:
@if type cppcheck > /dev/null 2>&1; then \ @if type cppcheck > /dev/null 2>&1; then \
cppcheck --quiet --force --error-exitcode=2 ${top_srcdir}; \ cppcheck --quiet --force --error-exitcode=2 ${top_srcdir}; \
fi fi
paxcheck:
@if type scanelf > /dev/null 2>&1; then \
scripts/paxcheck.sh ${top_srcdir}; \
fi
flake8: flake8:
@if type flake8 > /dev/null 2>&1; then \ @if type flake8 > /dev/null 2>&1; then \
flake8 ${top_srcdir}; \ flake8 ${top_srcdir}; \

43
scripts/paxcheck.sh Executable file
View File

@ -0,0 +1,43 @@
#!/bin/sh
if ! type scanelf > /dev/null 2>&1; then
echo "scanelf (from pax-utils) is required for these checks." >&2
exit 3
fi
RET=0
# check for exec stacks
OUT="$(scanelf -qyRAF '%e %p' $1)"
if [ x"${OUT}" != x ]; then
RET=2
echo "The following files contain writable and executable sections"
echo " Files with such sections will not work properly (or at all!) on some"
echo " architectures/operating systems."
echo " For more information, see:"
echo " https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart"
echo
echo "${OUT}"
echo
fi
# check for TEXTRELS
OUT="$(scanelf -qyRAF '%T %p' $1)"
if [ x"${OUT}" != x ]; then
RET=2
echo "The following files contain runtime text relocations"
echo " Text relocations force the dynamic linker to perform extra"
echo " work at startup, waste system resources, and may pose a security"
echo " risk. On some architectures, the code may not even function"
echo " properly, if at all."
echo " For more information, see:"
echo " https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels"
echo
echo "${OUT}"
echo
fi
exit $RET