[Libguestfs] [PATCH] Add a test for an executable stack in libguestfs.so

--- capitests/Makefile.am | 4 ++- capitests/check-noexec-stack.pl | 58 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletions(-) create mode 100755 capitests/check-noexec-stack.pl diff --git a/capitests/Makefile.am b/capitests/Makefile.am index 71928ec..08466ac 100644 --- a/capitests/Makefile.am +++ b/capitests/Makefile.am @@ -22,13 +22,15 @@ EXTRA_DIST = \ # in the generator. check_PROGRAMS = tests test-command +check_SCRIPTS = check-noexec-stack.pl tests_SOURCES = tests.c tests_CFLAGS = -I$(top_srcdir)/src -I$(top_builddir)/src -Wall tests_LDADD = $(top_builddir)/src/libguestfs.la -TESTS = tests +TESTS = check-noexec-stack.pl tests TESTS_ENVIRONMENT = \ + NOEXEC_CHECK=$(top_builddir)/src/.libs/libguestfs.so \ SKIP_TEST_COMMAND=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \ SKIP_TEST_COMMAND_LINES=$(shell ldd test-command | grep -sq 'not a dynamic executable' || echo 1) \ SKIP_TEST_ZEROFREE=$(shell test -x ../initramfs/usr/sbin/zerofree || echo 1) \ diff --git a/capitests/check-noexec-stack.pl b/capitests/check-noexec-stack.pl new file mode 100755 index 0000000..7654c78 --- /dev/null +++ b/capitests/check-noexec-stack.pl @@ -0,0 +1,58 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +my $file = $ENV{NOEXEC_CHECK}; +die("NOEXEC_CHECK not set") unless(defined($file)); + +my $output; +open($output, '-|', "readelf -l $file") or die("Unable to execute readelf"); + +my $offset; +my $line = 1; + +# Find the offset of the Flags field +while(<$output>) { + next unless(/^\s*Type\b/); + + my @lines; + push(@lines, $_); + + # Look for a Flg field on this line (32 bit) + $offset = index($_, 'Flg '); + + if(-1 == $offset) { + # 64 bit is split over 2 lines. Look for a Flags field on the next line + $_ = <$output>; + $offset = index($_, 'Flags '); + $line = 2; + push(@lines, $_); + } + + die("Unrecognised header: ".join("\n", @lines)) if(-1 == $offset); + last; +} + +# Find the GNU_STACK entry +while(<$output>) { + next unless(/^\s*GNU_STACK\b/); + + # Skip over input lines according to the header + for(my $i = 1; $i < $line; $i++) { + $_ = <$output>; + } + + my $flags = substr($_, $offset, 3); + + $flags =~ /^[ R][ W]([ E])$/ or die("Unrecognised flags: $flags"); + + if('E' eq $1) { + print "***** $ARGV[0] has an executable stack *****\n"; + exit(1); + } + + exit(0); +} + +die("Didn't find GNU_STACK entry"); -- 1.6.2.5