File: check-execstack.awk

package info (click to toggle)
glibc 2.19-18%2Bdeb8u7
  • links: PTS, VCS
  • area: main
  • in suites: jessie-backports
  • size: 204,748 kB
  • sloc: ansic: 970,427; asm: 241,207; sh: 10,069; makefile: 8,476; cpp: 3,595; perl: 2,077; pascal: 1,839; awk: 1,704; yacc: 317; sed: 73
file content (52 lines) | stat: -rw-r--r-- 1,460 bytes parent folder | download | duplicates (14)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
# This awk script expects to get command-line files that are each
# the output of 'readelf -l' on a single shared object.
# But the first file should contain just "execstack-no" or "execstack-yes",
# indicating what the default is in the absence of PT_GNU_STACK.
# It exits successfully (0) if none indicated executable stack.
# It fails (1) if any did indicate executable stack.
# It fails (2) if the input did not take the expected form.

BEGIN { result = sanity = 0; default_exec = -1 }

/^execstack-no$/ { default_exec = 0; next }
/^execstack-yes$/ { default_exec = 1; next }

function check_one(name) {
  if (default_exec == -1) {
    print "*** missing execstack-default file?";
    result = 2;
  }

  if (!sanity) {
    print name ": *** input did not look like readelf -l output";
    result = 2;
  } else if (stack_line) {
    if (stack_line ~ /^.*RW .*$/) {
      print name ": OK";
    } else if (stack_line ~ /^.*E.*$/) {
      print name ": *** executable stack signaled";
      result = result ? result : 1;
    }
  } else if (default_exec) {
    print name ": *** no PT_GNU_STACK entry";
    result = result ? result : 1;
  } else {
    print name ": no PT_GNU_STACK but default is OK";
  }

  sanity = 0;
}

FILENAME != lastfile {
  if (lastfile)
    check_one(lastfile);
  lastfile = FILENAME;
}

$1 == "Type" && $7 == "Flg" { sanity = 1; stack_line = "" }
$1 == "GNU_STACK" { stack_line = $0 }

END {
  check_one(lastfile);
  exit(result);
}