-#!/bin/sh
+#!/bin/bash
#=========================================================
# [Includes]
#=========================================================
result_file="$result_dir/dep_test.result"
fail_cnt=
exception_list="$dep_script_dir/exception.list"
+
function getExecstack {
- $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file | grep "ELF" | cut -d ":" -f1 | xargs $utils_dir/execstack -q | grep "^X " | cut -d " " -f2 > $tmp_file
+ # To reduce a running time, need to use xargs with results of find cmd
+ # Then verify all lines which contains file name and GNU_STACK
+ $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file 2>/dev/null | $GREP "ELF" | $CUT -d ":" -f1 | $XARGS $utils_dir/readelf -W -l | tac | $GREP -e "GNU_STACK" -e "File:" > $tmp_file
+ dep_check_pass=true
while read line
do
- CHECK_EXCEPTION $line
- if [ "$?" == 0 ]
+ if [[ "$line" == *"File:"* ]] # If it is file...
+ then
+ if [ $dep_check_pass = false ] # Check DEP is applied
+ then
+ CHECK_EXCEPTION $(echo $line | $CUT -d " " -f2)
+ if [ "$?" == 0 ]
+ then
+ echo "$line" | $CUT -d " " -f2 >> $log_file
+ fi
+ fi
+ dep_check_pass=true
+ elif [[ "$line" == *"RWE"* ]] # Check GNU_STACK
then
- echo "$line" >> $log_file
+ dep_check_pass=false
fi
-
done < $tmp_file
- fail_cnt=`cat $log_file | wc -l`
+ fail_cnt=`$CAT $log_file | wc -l`
rm $tmp_file
}
function CHECK_EXCEPTION
{
- temp=$(grep $1 <<< cat $exception_list)
+ temp=$(grep $1 <<< $CAT $exception_list)
if [ -n "$temp" ]
then
return 1
# Rename utils
file_cmd=`$FIND $utils_dir -name file*`
-execstack_cmd=`$FIND $utils_dir -name execstack*`
+readelf_cmd=`$FIND $utils_dir -name readelf*`
if [ "$file_cmd" != "" ]; then
$MV $file_cmd $utils_dir/file
fi
-
-#set required so
-LIBELF="libelf-0.153.so"
-LIBELF_LN="libelf.so.0"
-lib_dir=
-arch_info=`$utils_dir/file $utils_dir/file`
-if [[ $arch_info == *"aarch64"* ]]
-then
- echo "aarch64!!"
- arch="aarch64"
- lib_dir="/usr/lib64"
-elif [[ $arch_info == *"ARM"* ]]
-then
- echo "arm!!"
- arch="arm"
- lib_dir="/usr/lib"
-elif [[ $arch_info == *"x86-64"* ]]
-then
- echo "x86_64!!"
- arch="x86_64"
- lib_dir="/usr/lib64"
-elif [[ $arch_info == *"Intel"* ]]
-then
- echo "i386!!"
- arch="i386"
- lib_dir="/usr/lib"
-fi
-
-if [ "$execstack_cmd" != "" ]; then
- $MV $execstack_cmd $utils_dir/execstack
- ln -s $lib_dir/$LIBELF $lib_dir/$LIBELF_LN
+if [ "$readelf_cmd" != "" ]; then
+ $MV $readelf_cmd $utils_dir/readelf
fi
#=========================================================
echo "================================================================"
echo ""
-if [ -e $lib_dir/$LIBELF_LN ]; then
- rm $lib_dir/$LIBELF_LN
-fi
fnPrintSDone
projects / platform / core / security / security-config.git / commitdiff