1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
|
#!/usr/bin/make -f
include ../hardening.make
BUILD_TREE:=../build-tree
SYMLINKED_LD?=
WRAPPERS?=
SYNTAX_STAMP?=
BUILD_EXTRA?=
CFLAGS += -O2
LDFLAGS?=
HELLO=hello.c
TEST_REQS=$(HELLO) $(WRAPPERS) $(SYMLINKED_LD)
TESTS=\
$(SYNTAX_STAMP) \
$(BUILD_TREE)/$(NAME)-test-stock \
$(BUILD_TREE)/$(NAME)-test-compiled \
$(SYMLINKED_LD) \
$(BUILD_TREE)/$(NAME)-test-linked \
$(BUILD_TREE)/$(NAME)-test-fPIC-direct \
$(BUILD_TREE)/$(NAME)-test-fPIC \
$(BUILD_TREE)/$(NAME)-test-format-security \
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-size-protect \
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-type-protect \
$(BUILD_TREE)/$(NAME)-test-all.o \
$(BUILD_TREE)/$(NAME)-test-all.a \
$(BUILD_TREE)/$(NAME)-test-none.o \
$(BUILD_TREE)/$(NAME)-test-none.a \
$(BUILD_EXTRA)
TESTS_DISABLED=\
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-size-skip
check: $(TESTS)
clean:
rm -f $(TESTS)
##########
# Compilation and linking results tests
$(BUILD_TREE)/$(NAME)-test-stock: $(HELLO) $(WRAPPERS)
# Compiler and linker options disabled.
DEB_BUILD_HARDENING=0 $(CC) -o $@ $<
readelf -ldrsW $@
$@
$(BUILD_TREE)/$(NAME)-test-compiled: $(HELLO) $(WRAPPERS)
# Compiler options enabled. (linker is not wrapper)
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
readelf -ldrsW $@
# Run twice to show off PIE, if available in kernel
$@
$@
# Figure out how to call "hardening-check" for this architecture
HARDENING_CHECK_ARGS:=
ifneq (1,$(DEB_BUILD_HARDENING_PIE))
HARDENING_CHECK_ARGS+=-p
endif
ifneq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
HARDENING_CHECK_ARGS+=-s
endif
ifneq (1,$(DEB_BUILD_HARDENING_FORTIFY))
HARDENING_CHECK_ARGS+=-f
endif
ifneq (1,$(DEB_BUILD_HARDENING_RELRO))
HARDENING_CHECK_ARGS+=-r
endif
$(BUILD_TREE)/$(NAME)-test-linked: $(TEST_REQS)
# Compiler and linker options enabled.
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
readelf -ldrsW $@
# Run twice to show off PIE, if available in kernel
$@
$@
# Check state of hardening features via check script
perl $(BUILD_TREE)/hardening-check $(HARDENING_CHECK_ARGS) $@
# Manually check state of hardening features
ifeq (1,$(DEB_BUILD_HARDENING_PIE))
# Test PIE
readelf -lW $@ | grep '^Elf file type is DYN'
else
# Skipped PIE test
endif
ifeq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
# Test Stack Protector
nm $@ | egrep '__stack_chk_fail($$|@@GLIBC)'
else
# Skipped Stack Protector test
endif
ifeq (1,$(DEB_BUILD_HARDENING_FORTIFY))
# Test Fortify
nm $@ | egrep '__(sn)?printf_chk($$|@@GLIBC)'
else
# Skipped Fortify test
endif
ifeq (1,$(DEB_BUILD_HARDENING_FORMAT))
# Test Format (no-op currently)
else
# Skipped Format test
endif
ifeq (1,$(DEB_BUILD_HARDENING_RELRO))
# Test for RELRO
readelf -lW $@ | grep GNU_RELRO
else
# Skipping RELRO test
endif
ifeq (1,$(DEB_BUILD_HARDENING_BINDNOW))
# Test for BIND_NOW
readelf -dW $@ | grep BIND_NOW
else
# Skipping BINDNOW test
endif
##########
# Compiler arg calling style tests
# cmake likes to pass -fPIC to everything, which broke pre-1.10 wrappers
$(BUILD_TREE)/$(NAME)-test-fPIC-direct: $(TEST_REQS)
# Build directly with -fPIC already defined
$(CC) -fPIC $(CFLAGS) $(LDFLAGS) -o $@ $<
$@
$(BUILD_TREE)/$(NAME)-test-fPIC.o: $(TEST_REQS)
# Build .o with -fPIC already defined
$(CC) -fPIC $(CFLAGS) $(LDFLAGS) -o $@ -c $<
$(BUILD_TREE)/$(NAME)-test-fPIC: $(BUILD_TREE)/$(NAME)-test-fPIC.o $(TEST_REQS)
# Link .o with -fPIC already defined
$(CC) -fPIC $(CFLAGS) $(LDFLAGS) -o $@ $<
$@
$(BUILD_TREE)/$(NAME)-test-format-security: format.c $(TEST_REQS)
# Make sure build fails due to -Werror=format-security
! $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
# Make sure build succeeds with -Wno-format-security
$(CC) $(CFLAGS) -Wno-format-security $(LDFLAGS) -o $@ $<
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-size-protect: ssp-buffer-size-protect.c $(TEST_REQS)
ifeq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
# Make sure build stack-protects a small ssp buffer
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
# Test Stack Protector
nm $@ | egrep '__stack_chk_fail($$|@@GLIBC)'
else
# Skipped SSP buffer size test
endif
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-type-protect: ssp-buffer-type-protect.c $(TEST_REQS)
ifeq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
# Make sure build stack-protects a non-char array
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
# Test Stack Protector
nm $@ | egrep '__stack_chk_fail($$|@@GLIBC)'
else
# Skipped SSP buffer size test
endif
$(BUILD_TREE)/$(NAME)-test-ssp-buffer-size-skip: ssp-buffer-size-skip.c $(TEST_REQS)
ifeq (1,$(DEB_BUILD_HARDENING_STACKPROTECTOR))
# Make sure build does not stack-protects a tiny ssp buffer
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $<
# Test Stack Protector is correctly skipped
! nm $@ | egrep '__stack_chk_fail($$|@@GLIBC)'
else
# Skipped SSP buffer size test
endif
$(BUILD_TREE)/$(NAME)-test-all.o: $(TEST_REQS)
$(CC) $(CFLAGS) $(LDFLAGS) -c -o $@ $<
$(BUILD_TREE)/$(NAME)-test-all.a: $(BUILD_TREE)/$(NAME)-test-all.o
$(AR) r $@ $<
readelf -ldrsW $@
perl $(BUILD_TREE)/hardening-check $(HARDENING_CHECK_ARGS) $@
$(BUILD_TREE)/$(NAME)-test-none.o: $(TEST_REQS)
DEB_BUILD_HARDENING=0 $(CC) -c -o $@ $<
$(BUILD_TREE)/$(NAME)-test-none.a: $(BUILD_TREE)/$(NAME)-test-none.o
$(AR) r $@ $<
readelf -ldrsW $@
if perl $(BUILD_TREE)/hardening-check $(HARDENING_CHECK_ARGS) $@; then exit 1; fi
|
