1#!/bin/sh 2 3# shellcheck disable=SC2039 4if ! type scanelf > /dev/null 2>&1; then 5 echo "scanelf (from pax-utils) is required for these checks." >&2 6 exit 3 7fi 8 9RET=0 10 11# check for exec stacks 12OUT=$(scanelf -qyRAF '%e %p' "$1") 13 14if [ x"${OUT}" != x ]; then 15 RET=2 16 echo "The following files contain writable and executable sections" 17 echo " Files with such sections will not work properly (or at all!) on some" 18 echo " architectures/operating systems." 19 echo " For more information, see:" 20 echo " https://wiki.gentoo.org/wiki/Hardened/GNU_stack_quickstart" 21 echo 22 echo "${OUT}" 23 echo 24fi 25 26 27# check for TEXTRELS 28OUT=$(scanelf -qyRAF '%T %p' "$1") 29 30if [ x"${OUT}" != x ]; then 31 RET=2 32 echo "The following files contain runtime text relocations" 33 echo " Text relocations force the dynamic linker to perform extra" 34 echo " work at startup, waste system resources, and may pose a security" 35 echo " risk. On some architectures, the code may not even function" 36 echo " properly, if at all." 37 echo " For more information, see:" 38 echo " https://wiki.gentoo.org/wiki/Hardened/HOWTO_locate_and_fix_textrels" 39 echo 40 echo "${OUT}" 41 echo 42fi 43 44exit $RET 45