meta-security : initial commit

Signed-off-by: Andrei Dinu <andrei.adrianx.dinu@intel.com>
author: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-06-17 17:24:38 +0300
committer: Andrei Dinu <andrei.adrianx.dinu@intel.com> 2013-06-17 17:24:38 +0300
commit: 60d90b25631471e8193b3069c6a520ccf7c82008 (patch)
tree: e413ea3904059ff52a4539aeff358518fa0ae327 /recipes-security/redhat-security/files/find-execstack.sh
download: meta-security-60d90b25631471e8193b3069c6a520ccf7c82008.tar.gz
1 files changed, 72 insertions, 0 deletions
diff --git a/recipes-security/redhat-security/files/find-execstack.sh b/recipes-security/redhat-security/files/find-execstack.sh
new file mode 100644
index 0000000..85f16de
--- /dev/null
+++ b/recipes-security/redhat-security/files/find-execstack.sh
@@ -0,0 +1,72 @@
+#!/bin/sh
+#
+# find-execstack utility
+# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
+# sgrubb@redhat.com
+#
+# This software may be freely redistributed under the terms of the GNU
+# public license.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# This program looks for executable stacks
+#
+libdirs="/lib /lib64 /usr/lib /usr/lib64"
+progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
+FOUND=0
+# First param is which list to use, second is search pattern
+scan () {
+if [ "$1" = "1" ] ; then
+        dirs=$libdirs
+elif [ "$1" = "2" ] ; then
+        dirs=$progdirs
+fi
+for d in $dirs ; do
+        if [ ! -d $d ] ; then
+                continue
+        fi
+        files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
+        for f in $files
+        do
+                FOUND_ONE=0
+                stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep STACK`
+                if [ x"$stacks" != "x" ] ; then
+                        perms=`echo $stacks | /bin/awk '{ print $7 }'`
+                        if [ x"$perms" != x -a "$perms" != "RW" ] ; then
+                                FOUND_ONE=1
+                        fi
+                fi
+                old_stacks=`echo $stacks | /bin/grep -v GNU_STACK`
+                if [ x"$old_stacks" != "x" ] ; then
+                        FOUND_ONE=1
+                fi
+                heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null | grep GNU_HEAP`
+                if [ x"$heaps" != "x" ] ; then
+                        FOUND_ONE=1
+                fi
+                if [ $FOUND_ONE = 1 ] ; then
+                        printf "%-42s" $f
+                        rpm -qf --queryformat "%{SOURCERPM}" $f
+                        echo
+                        FOUND=1
+                fi
+        done
+done
+}
+scan 1 '*.so'
+scan 2 '*'
+if [ $FOUND -eq 0 ] ; then
+        # Nothing to report, just exit
+        echo "No problems found" 1>&2
+        exit 0
+fi
+exit 1
author	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-06-17 17:24:38 +0300
committer	Andrei Dinu <andrei.adrianx.dinu@intel.com>	2013-06-17 17:24:38 +0300
commit	60d90b25631471e8193b3069c6a520ccf7c82008 (patch)
tree	e413ea3904059ff52a4539aeff358518fa0ae327 /recipes-security/redhat-security/files/find-execstack.sh
download	meta-security-60d90b25631471e8193b3069c6a520ccf7c82008.tar.gz

diff --git a/recipes-security/redhat-security/files/find-execstack.sh b/recipes-security/redhat-security/files/find-execstack.sh new file mode 100644 index 0000000..85f16de --- /dev/null +++ b/recipes-security/redhat-security/files/find-execstack.sh
@@ -0,0 +1,72 @@
	1	#!/bin/sh
	2	#
	3	# find-execstack utility
	4	# Copyright (c) 2007 Steve Grubb. ALL RIGHTS RESERVED.
	5	# sgrubb@redhat.com
	6	#
	7	# This software may be freely redistributed under the terms of the GNU
	8	# public license.
	9	#
	10	# You should have received a copy of the GNU General Public License
	11	# along with this program; if not, write to the Free Software
	12	# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	13	#
	14	# This program looks for executable stacks
	15	#
	16
	17	libdirs="/lib /lib64 /usr/lib /usr/lib64"
	18	progdirs="/bin /sbin /usr/bin /usr/sbin /usr/libexec"
	19	FOUND=0
	20
	21	# First param is which list to use, second is search pattern
	22	scan () {
	23	if [ "$1" = "1" ] ; then
	24	dirs=$libdirs
	25	elif [ "$1" = "2" ] ; then
	26	dirs=$progdirs
	27	fi
	28
	29	for d in $dirs ; do
	30	if [ ! -d $d ] ; then
	31	continue
	32	fi
	33	files=`/usr/bin/find $d -name "$2" -type f 2>/dev/null`
	34	for f in $files
	35	do
	36	FOUND_ONE=0
	37	stacks=`/usr/bin/eu-readelf -l $f 2>/dev/null \| grep STACK`
	38	if [ x"$stacks" != "x" ] ; then
	39	perms=`echo $stacks \| /bin/awk '{ print $7 }'`
	40	if [ x"$perms" != x -a "$perms" != "RW" ] ; then
	41	FOUND_ONE=1
	42	fi
	43	fi
	44	old_stacks=`echo $stacks \| /bin/grep -v GNU_STACK`
	45	if [ x"$old_stacks" != "x" ] ; then
	46	FOUND_ONE=1
	47	fi
	48	heaps=`/usr/bin/eu-readelf -l $f 2>/dev/null \| grep GNU_HEAP`
	49	if [ x"$heaps" != "x" ] ; then
	50	FOUND_ONE=1
	51	fi
	52	if [ $FOUND_ONE = 1 ] ; then
	53	printf "%-42s" $f
	54	rpm -qf --queryformat "%{SOURCERPM}" $f
	55	echo
	56	FOUND=1
	57	fi
	58	done
	59	done
	60	}
	61
	62	scan 1 '*.so'
	63	scan 2 '*'
	64
	65	if [ $FOUND -eq 0 ] ; then
	66	# Nothing to report, just exit
	67	echo "No problems found" 1>&2
	68	exit 0
	69	fi
	70	exit 1
	71
	72