1#!/bin/sh 2 3if ! command -v scanelf > /dev/null; then 4 echo "scanelf (from pax-utils) is required for these checks." >&2 5 exit 3 6fi 7 8RET=0 9 10# check for exec stacks 11OUT=$(scanelf -qyRAF '%e %p' "$1") 12 13if [ x"${OUT}" != x ]; then 14 RET=2 15 echo "The following files contain writable and executable sections" 16 echo " Files with such sections will not work properly (or at all!) on some" 17 echo " architectures/operating systems." 18 echo " For more information, see:" 19 echo " https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart" 20 echo 21 echo "${OUT}" 22 echo 23fi 24 25 26# check for TEXTRELS 27OUT=$(scanelf -qyRAF '%T %p' "$1") 28 29if [ x"${OUT}" != x ]; then 30 RET=2 31 echo "The following files contain runtime text relocations" 32 echo " Text relocations force the dynamic linker to perform extra" 33 echo " work at startup, waste system resources, and may pose a security" 34 echo " risk. On some architectures, the code may not even function" 35 echo " properly, if at all." 36 echo " For more information, see:" 37 echo " https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels" 38 echo 39 echo "${OUT}" 40 echo 41fi 42 43exit "$RET" 44