forked from pool/rpmlint
Accepting request 547583 from home:StefanBruens:branches:devel:openSUSE:Factory:rpmlint_submit
- add 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch OBS-URL: https://build.opensuse.org/request/show/547583 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory:rpmlint/rpmlint?expand=0&rev=554
This commit is contained in:
parent
a880f9c696
commit
a40e314d61
77
0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
Normal file
77
0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
Normal file
@ -0,0 +1,77 @@
|
||||
From 5237c197f56698d55fd1d18f8127f6e947350d80 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Stefan=20Br=C3=BCns?= <stefan.bruens@rwth-aachen.de>
|
||||
Date: Wed, 11 Oct 2017 16:29:21 +0200
|
||||
Subject: [PATCH] Binariescheck: Check for chroot/chdir on ARM, PPC
|
||||
|
||||
The assembly on ARM looks almost the same as the x86 assembly, but
|
||||
with a branch mnemonic (bl) instead of an explicit call.
|
||||
|
||||
On PPC, library function calls use jump tables, so the vicinity check does
|
||||
not work, but we can at least detect a sole chroot without chdir.
|
||||
---
|
||||
BinariesCheck.py | 28 +++++++++++++++++++---------
|
||||
1 file changed, 19 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/BinariesCheck.py b/BinariesCheck.py
|
||||
index bd75558..8d224a8 100644
|
||||
--- a/BinariesCheck.py
|
||||
+++ b/BinariesCheck.py
|
||||
@@ -54,8 +54,6 @@ class BinaryInfo(object):
|
||||
setuid_call_regex = create_regexp_call(r'set(?:res|e)?uid')
|
||||
setgroups_call_regex = create_regexp_call(r'(?:ini|se)tgroups')
|
||||
chroot_call_regex = create_regexp_call('chroot')
|
||||
- # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
|
||||
- objdump_call_regex = re.compile(br'callq?\s(.*)')
|
||||
debuginfo_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.debug_.*\s+')
|
||||
symtab_regex = re.compile(r'^\s+\[\s*\d+\]\s+\.symtab\s+')
|
||||
gethostbyname_call_regex = create_regexp_call(r'(gethostbyname|gethostbyname2|gethostbyaddr|gethostbyname_r|gethostbyname2_r|gethostbyaddr_r)')
|
||||
@@ -96,6 +94,16 @@ class BinaryInfo(object):
|
||||
self.mktemp = False
|
||||
|
||||
is_debug = path.endswith('.debug')
|
||||
+ # Currently this implementation works only on specific
|
||||
+ # architectures due to reliance on arch specific assembly.
|
||||
+ if pkg.arch in ['armv6hl', 'armv7hl', 'aarch64']:
|
||||
+ # 10450: ebffffec bl 10408 <chroot@plt>
|
||||
+ BinaryInfo.objdump_call_regex = re.compile(br'\sbl\s+(.*)')
|
||||
+ elif (pkg.arch.endswith('86') or pkg.arch == 'x86_64'):
|
||||
+ # 401eb8: e8 c3 f0 ff ff callq 400f80 <chdir@plt>
|
||||
+ BinaryInfo.objdump_call_regex = re.compile(br'callq?\s(.*)')
|
||||
+ else:
|
||||
+ BinaryInfo.objdump_call_regex = None
|
||||
|
||||
res = Pkg.getstatusoutput(
|
||||
('readelf', '-W', '-S', '-l', '-d', '-s', path))
|
||||
@@ -204,10 +212,13 @@ class BinaryInfo(object):
|
||||
|
||||
# check if chroot is near chdir (since otherwise, chroot is called
|
||||
# without chdir)
|
||||
- # Currently this implementation works only on x86_64 due to reliance
|
||||
- # on x86_64 specific assembly. Skip it on other architectures
|
||||
- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and
|
||||
- self.chroot and self.chdir):
|
||||
+ if not BinaryInfo.objdump_call_regex and self.chroot and self.chdir:
|
||||
+ # On some architectures, e.g. PPC, it is to difficult to
|
||||
+ # find the actual invocations of chroot/chdir, if both
|
||||
+ # exist assume chroot is fine
|
||||
+ self.chroot_near_chdir = True
|
||||
+
|
||||
+ elif self.chroot and self.chdir:
|
||||
p = subprocess.Popen(('objdump', '-d', path),
|
||||
stdout=subprocess.PIPE, bufsize=-1,
|
||||
env=dict(os.environ, LC_ALL="C"))
|
||||
@@ -537,9 +548,8 @@ class BinariesCheck(AbstractCheck.AbstractCheck):
|
||||
printError(pkg, 'missing-call-to-setgroups-before-setuid',
|
||||
fname)
|
||||
|
||||
- if ((pkg.arch.endswith('86') or pkg.arch == 'x86_64') and bin_info.chroot):
|
||||
- if not bin_info.chdir or not bin_info.chroot_near_chdir:
|
||||
- printError(pkg, 'missing-call-to-chdir-with-chroot', fname)
|
||||
+ if bin_info.chroot and not bin_info.chroot_near_chdir:
|
||||
+ printError(pkg, 'missing-call-to-chdir-with-chroot', fname)
|
||||
|
||||
if bin_info.mktemp:
|
||||
printError(pkg, 'call-to-mktemp', fname)
|
||||
--
|
||||
2.14.2
|
||||
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Dec 2 16:48:08 UTC 2017 - stefan.bruens@rwth-aachen.de
|
||||
|
||||
- add 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Nov 29 09:26:18 UTC 2017 - krahmer@suse.com
|
||||
|
||||
|
@ -89,6 +89,7 @@ Patch69: 0007-Validate-Appdata-also-when-appstream-util-is-unavail.patch
|
||||
Patch70: rpmlint-all-pie.patch
|
||||
Patch71: 0001-Avoid-calling-close-on-undefined-fd-variable.patch
|
||||
Patch72: rpmlint-slpp-NUM-NUM.patch
|
||||
Patch73: 0001-Binariescheck-Check-for-chroot-chdir-on-ARM-PPC.patch
|
||||
BuildRequires: obs-service-format_spec_file
|
||||
BuildRequires: python3-flake8
|
||||
BuildRequires: python3-pytest
|
||||
|
Loading…
Reference in New Issue
Block a user