Get the sec-hard tests to run correctly.
This fixes the way arguments were passed to security-check, and also a typo in how BIND_NOW was being searched for in a list. Also fix how symbol-check is invoked although that script isn't currently used.
This commit is contained in:
parent
05207b865c
commit
2d342736dc
|
@ -94,7 +94,7 @@ def check_ELF_RELRO(executable):
|
|||
raise IOError('Error opening file')
|
||||
for line in stdout.split(b'\n'):
|
||||
tokens = line.split()
|
||||
if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]):
|
||||
if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2:]):
|
||||
have_bindnow = True
|
||||
return have_gnu_relro and have_bindnow
|
||||
|
||||
|
|
|
@ -573,13 +573,13 @@ clean-local:
|
|||
check-symbols: $(bin_PROGRAMS)
|
||||
if GLIBC_BACK_COMPAT
|
||||
@echo "Checking glibc back compat of [$(bin_PROGRAMS)]..."
|
||||
$(AM_V_at) READELF=$(READELF) CPPFILT=$(CPPFILT) $(top_srcdir)/contrib/devtools/symbol-check.py < $(bin_PROGRAMS)
|
||||
$(AM_V_at) READELF=$(READELF) CPPFILT=$(CPPFILT) $(top_srcdir)/contrib/devtools/symbol-check.py $(bin_PROGRAMS)
|
||||
endif
|
||||
|
||||
check-security: $(bin_PROGRAMS)
|
||||
if HARDEN
|
||||
@echo "Checking binary security of [$(bin_PROGRAMS)]..."
|
||||
$(AM_V_at) READELF=$(READELF) OBJDUMP=$(OBJDUMP) $(top_srcdir)/contrib/devtools/security-check.py < $(bin_PROGRAMS)
|
||||
$(AM_V_at) READELF=$(READELF) OBJDUMP=$(OBJDUMP) $(top_srcdir)/contrib/devtools/security-check.py $(bin_PROGRAMS)
|
||||
endif
|
||||
|
||||
%.pb.cc %.pb.h: %.proto
|
||||
|
|
Loading…
Reference in New Issue