[arch-projects] [PATCH][namcap] use pure python for exec stack check
Dave Reisner
d at falconindy.com
Sat Feb 4 14:57:30 EST 2012
Instead of pulling prelink as a dependency, use a pure python library,
pyelftools, for reading the program headers. This could be useful
elsewhere to replace parsing of things such as readelf.
---
This relies on a pure python ELF parsing lib I found, pyelftools, to do
the job of prelink's execstack. I sort of pieced this together from
example code in pyelftools, so I'm not sure it's all that wonderful, but
imo it's better than relying on prelink it does seem to get the job done.
Namcap/rules/elffiles.py | 23 +++++++++++++++--------
1 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
index 135b6d5..f8f16ac 100644
--- a/Namcap/rules/elffiles.py
+++ b/Namcap/rules/elffiles.py
@@ -22,6 +22,8 @@ import os
import tempfile
import subprocess
+from elftools.elf.elffile import ELFFile
+
from Namcap.util import is_elf, clean_filename
from Namcap.ruleclass import *
@@ -107,8 +109,9 @@ class ELFExecStackRule(TarballRule):
"""
Check for executable stacks in ELF files.
- Introduced by FS#26458. This uses the execstack utility from
- the prelink package.
+ Introduced by FS#26458. Uses pyelftools to read the GNU_STACK
+ program header and ensure it does not have the executable bit
+ set.
"""
name = "elfexecstack"
@@ -123,12 +126,16 @@ class ELFExecStackRule(TarballRule):
continue
try:
- proc = subprocess.Popen(["execstack", tmpname],
- stdout=subprocess.PIPE,
- stderr=subprocess.PIPE)
- out, err = proc.communicate()
- if out.startswith(b'X'):
- exec_stacks.append(entry.name)
+ fp = open(tmpname, 'rb')
+ elffile = ELFFile(fp)
+
+ for segment in elffile.iter_segments():
+ if segment['p_type'] != 'PT_GNU_STACK': continue
+
+ mode = segment['p_flags']
+ if mode & 1: exec_stacks.append(entry.name)
+
+ fp.close()
finally:
os.unlink(tmpname)
--
1.7.9
More information about the arch-projects
mailing list