From: jin-gyu.kim Date: Fri, 31 Jan 2020 06:59:44 +0000 (+0900) Subject: Use readelf instead of execstack for DEP test X-Git-Tag: submit/tizen/20200203.014719^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=6ce4ff8e1b09f820cadcbfdbe9ea69c823b8aae0;p=platform%2Fcore%2Fsecurity%2Fsecurity-config.git Use readelf instead of execstack for DEP test - execstack can give a execute permission, so it may need to be removed. Change-Id: Idcc53b495b7797dbbf26004c98847c1676764d30 --- diff --git a/test/dep_test/scripts/run_dep_test.sh b/test/dep_test/scripts/run_dep_test.sh index 0240860..5eda3cf 100755 --- a/test/dep_test/scripts/run_dep_test.sh +++ b/test/dep_test/scripts/run_dep_test.sh @@ -1,4 +1,4 @@ -#!/bin/sh +#!/bin/bash #========================================================= # [Includes] #========================================================= @@ -16,24 +16,37 @@ tmp_file="$rw_base_dir/dep_tmpfile" result_file="$result_dir/dep_test.result" fail_cnt= exception_list="$dep_script_dir/exception.list" + function getExecstack { - $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file | grep "ELF" | cut -d ":" -f1 | xargs $utils_dir/execstack -q | grep "^X " | cut -d " " -f2 > $tmp_file + # To reduce a running time, need to use xargs with results of find cmd + # Then verify all lines which contains file name and GNU_STACK + $FIND /usr /etc /opt -perm +111 | $XARGS $utils_dir/file 2>/dev/null | $GREP "ELF" | $CUT -d ":" -f1 | $XARGS $utils_dir/readelf -W -l | tac | $GREP -e "GNU_STACK" -e "File:" > $tmp_file + dep_check_pass=true while read line do - CHECK_EXCEPTION $line - if [ "$?" == 0 ] + if [[ "$line" == *"File:"* ]] # If it is file... + then + if [ $dep_check_pass = false ] # Check DEP is applied + then + CHECK_EXCEPTION $(echo $line | $CUT -d " " -f2) + if [ "$?" == 0 ] + then + echo "$line" | $CUT -d " " -f2 >> $log_file + fi + fi + dep_check_pass=true + elif [[ "$line" == *"RWE"* ]] # Check GNU_STACK then - echo "$line" >> $log_file + dep_check_pass=false fi - done < $tmp_file - fail_cnt=`cat $log_file | wc -l` + fail_cnt=`$CAT $log_file | wc -l` rm $tmp_file } function CHECK_EXCEPTION { - temp=$(grep $1 <<< cat $exception_list) + temp=$(grep $1 <<< $CAT $exception_list) if [ -n "$temp" ] then return 1 @@ -48,41 +61,12 @@ $RM $log_file # Rename utils file_cmd=`$FIND $utils_dir -name file*` -execstack_cmd=`$FIND $utils_dir -name execstack*` +readelf_cmd=`$FIND $utils_dir -name readelf*` if [ "$file_cmd" != "" ]; then $MV $file_cmd $utils_dir/file fi - -#set required so -LIBELF="libelf-0.153.so" -LIBELF_LN="libelf.so.0" -lib_dir= -arch_info=`$utils_dir/file $utils_dir/file` -if [[ $arch_info == *"aarch64"* ]] -then - echo "aarch64!!" - arch="aarch64" - lib_dir="/usr/lib64" -elif [[ $arch_info == *"ARM"* ]] -then - echo "arm!!" - arch="arm" - lib_dir="/usr/lib" -elif [[ $arch_info == *"x86-64"* ]] -then - echo "x86_64!!" - arch="x86_64" - lib_dir="/usr/lib64" -elif [[ $arch_info == *"Intel"* ]] -then - echo "i386!!" - arch="i386" - lib_dir="/usr/lib" -fi - -if [ "$execstack_cmd" != "" ]; then - $MV $execstack_cmd $utils_dir/execstack - ln -s $lib_dir/$LIBELF $lib_dir/$LIBELF_LN +if [ "$readelf_cmd" != "" ]; then + $MV $readelf_cmd $utils_dir/readelf fi #========================================================= @@ -116,7 +100,4 @@ fi echo "================================================================" echo "" -if [ -e $lib_dir/$LIBELF_LN ]; then - rm $lib_dir/$LIBELF_LN -fi fnPrintSDone diff --git a/test/utils/aarch64/execstack b/test/utils/aarch64/execstack deleted file mode 100755 index f250025..0000000 Binary files a/test/utils/aarch64/execstack and /dev/null differ diff --git a/test/utils/arm/execstack b/test/utils/arm/execstack deleted file mode 100755 index 78c630f..0000000 Binary files a/test/utils/arm/execstack and /dev/null differ diff --git a/test/utils/i386/execstack b/test/utils/i386/execstack deleted file mode 100755 index 30ace6d..0000000 Binary files a/test/utils/i386/execstack and /dev/null differ diff --git a/test/utils/x86_64/execstack b/test/utils/x86_64/execstack deleted file mode 100755 index 05bc7bc..0000000 Binary files a/test/utils/x86_64/execstack and /dev/null differ