From 2d342736dcfd002966512788a419e6dabe899c61 Mon Sep 17 00:00:00 2001 From: syd Date: Mon, 20 Nov 2017 00:48:12 -0500 Subject: [PATCH] Get the sec-hard tests to run correctly. This fixes the way arguments were passed to security-check, and also a typo in how BIND_NOW was being searched for in a list. Also fix how symbol-check is invoked although that script isn't currently used. --- contrib/devtools/security-check.py | 2 +- src/Makefile.am | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py index 301fea85c..84e7fceea 100755 --- a/contrib/devtools/security-check.py +++ b/contrib/devtools/security-check.py @@ -94,7 +94,7 @@ def check_ELF_RELRO(executable): raise IOError('Error opening file') for line in stdout.split(b'\n'): tokens = line.split() - if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]): + if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2:]): have_bindnow = True return have_gnu_relro and have_bindnow diff --git a/src/Makefile.am b/src/Makefile.am index ea745a1f7..1c741d055 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -573,13 +573,13 @@ clean-local: check-symbols: $(bin_PROGRAMS) if GLIBC_BACK_COMPAT @echo "Checking glibc back compat of [$(bin_PROGRAMS)]..." - $(AM_V_at) READELF=$(READELF) CPPFILT=$(CPPFILT) $(top_srcdir)/contrib/devtools/symbol-check.py < $(bin_PROGRAMS) + $(AM_V_at) READELF=$(READELF) CPPFILT=$(CPPFILT) $(top_srcdir)/contrib/devtools/symbol-check.py $(bin_PROGRAMS) endif check-security: $(bin_PROGRAMS) if HARDEN @echo "Checking binary security of [$(bin_PROGRAMS)]..." - $(AM_V_at) READELF=$(READELF) OBJDUMP=$(OBJDUMP) $(top_srcdir)/contrib/devtools/security-check.py < $(bin_PROGRAMS) + $(AM_V_at) READELF=$(READELF) OBJDUMP=$(OBJDUMP) $(top_srcdir)/contrib/devtools/security-check.py $(bin_PROGRAMS) endif %.pb.cc %.pb.h: %.proto