| 1 | /* |
1 | /* |
| 2 | * Copyright 2003-2005 Gentoo Foundation |
2 | * Copyright 2003-2005 Gentoo Foundation |
| 3 | * Distributed under the terms of the GNU General Public License v2 |
3 | * Distributed under the terms of the GNU General Public License v2 |
| 4 | * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.88 2005/09/30 03:30:54 vapier Exp $ |
4 | * $Header: /var/cvsroot/gentoo-projects/pax-utils/scanelf.c,v 1.89 2005/10/13 01:53:55 vapier Exp $ |
| 5 | * |
5 | * |
| 6 | * Copyright 2003-2005 Ned Ludd - <solar@gentoo.org> |
6 | * Copyright 2003-2005 Ned Ludd - <solar@gentoo.org> |
| 7 | * Copyright 2004-2005 Mike Frysinger - <vapier@gentoo.org> |
7 | * Copyright 2004-2005 Mike Frysinger - <vapier@gentoo.org> |
| 8 | */ |
8 | */ |
| 9 | |
9 | |
| … | |
… | |
| 18 | #include <unistd.h> |
18 | #include <unistd.h> |
| 19 | #include <sys/stat.h> |
19 | #include <sys/stat.h> |
| 20 | #include <dirent.h> |
20 | #include <dirent.h> |
| 21 | #include <getopt.h> |
21 | #include <getopt.h> |
| 22 | #include <assert.h> |
22 | #include <assert.h> |
| 23 | #include "paxelf.h" |
23 | #include "paxinc.h" |
| 24 | |
24 | |
| 25 | static const char *rcsid = "$Id: scanelf.c,v 1.88 2005/09/30 03:30:54 vapier Exp $"; |
25 | static const char *rcsid = "$Id: scanelf.c,v 1.89 2005/10/13 01:53:55 vapier Exp $"; |
| 26 | #define argv0 "scanelf" |
26 | #define argv0 "scanelf" |
| 27 | |
27 | |
| 28 | #define IS_MODIFIER(c) (c == '%' || c == '#') |
28 | #define IS_MODIFIER(c) (c == '%' || c == '#') |
| 29 | |
29 | |
| 30 | |
30 | |
| … | |
… | |
| 337 | |
337 | |
| 338 | static void rpath_security_checks(elfobj *, char *); |
338 | static void rpath_security_checks(elfobj *, char *); |
| 339 | static void rpath_security_checks(elfobj *elf, char *item) { |
339 | static void rpath_security_checks(elfobj *elf, char *item) { |
| 340 | struct stat st; |
340 | struct stat st; |
| 341 | switch (*item) { |
341 | switch (*item) { |
|
|
342 | case '/': break; |
|
|
343 | case '.': |
|
|
344 | warnf("Security problem with relative RPATH '%s' in %s", item, elf->filename); |
|
|
345 | break; |
| 342 | case 0: |
346 | case '\0': |
| 343 | warnf("Security problem NULL RPATH in %s", elf->filename); |
347 | warnf("Security problem NULL RPATH in %s", elf->filename); |
| 344 | break; |
348 | break; |
| 345 | case '/': break; |
|
|
| 346 | case '$': |
349 | case '$': |
| 347 | if (fstat(elf->fd, &st) != -1) |
350 | if (fstat(elf->fd, &st) != -1) |
| 348 | if ((st.st_mode & S_ISUID) || (st.st_mode & S_ISGID)) |
351 | if ((st.st_mode & S_ISUID) || (st.st_mode & S_ISGID)) |
| 349 | warnf("Security problem with RPATH='%s' in %s with mode set of %o", |
352 | warnf("Security problem with RPATH='%s' in %s with mode set of %o", |
| 350 | item, elf->filename, st.st_mode & 07777); |
353 | item, elf->filename, st.st_mode & 07777); |
Parent Directory
| 
Revision Log
| 
Patch