From 6eedb2e510533cb196f37803b78ca64c0d0a77d4 Mon Sep 17 00:00:00 2001 From: scop Date: Sun, 15 May 2011 09:05:04 +0000 Subject: [PATCH] Check for position independent executables (based on patch by Ludwig Nussel). git-svn-id: http://rpmlint.zarb.org/svn/trunk@1865 9bc8b190-ac0f-0410-8968-dc7d1f502856 --- BinariesCheck.py | 10 ++++++++++ config | 4 ++++ 2 files changed, 14 insertions(+), 0 deletions(-) Index: rpmlint-1.1/BinariesCheck.py =================================================================== --- rpmlint-1.1.orig/BinariesCheck.py +++ rpmlint-1.1/BinariesCheck.py @@ -189,6 +189,8 @@ so_regex = re.compile('/lib(64)?/[^/]+\. validso_regex = re.compile('(\.so\.\d+(\.\d+)*|\d\.so)$') sparc_regex = re.compile('SPARC32PLUS|SPARC V9|UltraSPARC') system_lib_paths = Config.getOption('SystemLibPaths', DEFAULT_SYSTEM_LIB_PATHS) +pie_exec_re = Config.getOption('PieExecutables') +if pie_exec_re: pie_exec_re = re.compile(pie_exec_re) usr_lib_regex = re.compile('^/usr/lib(64)?/') bin_regex = re.compile('^(/usr(/X11R6)?)?/s?bin/') soversion_regex = re.compile('.*?([0-9][.0-9]*)\\.so|.*\\.so\\.([0-9][.0-9]*).*') @@ -377,6 +379,11 @@ class BinariesCheck(AbstractCheck.Abstra if not is_exec and not is_shobj: continue + if is_shobj and not is_exec and '.so' not in fname and \ + bin_regex.search(fname): + # pkgfile.magic does not contain "executable" for PIEs + is_exec = True + if is_exec: if bin_regex.search(fname): @@ -385,6 +392,10 @@ class BinariesCheck(AbstractCheck.Abstra if ocaml_mixed_regex.search(bin_info.tail): printWarning(pkg, 'ocaml-mixed-executable', fname) + if not is_shobj and pie_exec_re and pie_exec_re.search(fname): + printError(pkg, 'non-position-independent-executable', + fname) + if bin_info.readelf_error: continue @@ -603,6 +614,10 @@ http://bugs.debian.org/cgi-bin/bugreport project settings. So there's normally no need to manually strip binaries. Left over unstripped binaries could therefore indicate a bug in the automatic stripping process.''', + +'non-position-independent-executable', +'''This executable must be position independent. Check that it is built with +-fPIE/-fpie in compiler flags and -pie in linker flags.''', ) # BinariesCheck.py ends here Index: rpmlint-1.1/config =================================================================== --- rpmlint-1.1.orig/config +++ rpmlint-1.1/config @@ -130,6 +130,10 @@ from Config import * # Type: tuple of strings, default: see DEFAULT_SYSTEM_LIB_PATHS in BinariesCheck #setOption("SystemLibPaths", ('/lib', '/lib64', '/usr/lib', '/usr/lib64')) +# Executables that must be compiled as position independent. +# Type: regex, default: None +#setOption("PieExecutables", '^/bin/(ping6?|su)$') + # Whether to want default start/stop runlevels specified in init scripts. # Type: boolean, default: True #setOption("UseDefaultRunlevels", True)