1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
| #!/usr/bin/perl
#
#//===----------------------------------------------------------------------===//
#//
#// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
#// See https://llvm.org/LICENSE.txt for license information.
#// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
#//
#//===----------------------------------------------------------------------===//
#
use strict;
use warnings;
use FindBin;
use lib "$FindBin::Bin/lib";
use tools;
our $VERSION = "0.002";
my $target_arch;
sub execstack($) {
my ( $file ) = @_;
my @output;
my @stack;
my $tool;
if($target_arch eq "mic") {
$tool = "x86_64-k1om-linux-readelf";
} else {
$tool = "readelf";
}
execute( [ $tool, "-l", "-W", $file ], -stdout => \@output );
@stack = grep( $_ =~ m{\A\s*(?:GNU_)?STACK\s+}, @output );
if ( not @stack ) {
# Interpret missed "STACK" line as error.
runtime_error( "$file: No stack segment found; looks like stack would be executable." );
}; # if
if ( @stack > 1 ) {
runtime_error( "$file: More than one stack segment found.", "readelf output:", @output, "(eof)" );
}; # if
# Typical stack lines are:
# Linux* OS IA-32 architecture:
# GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
# Linux* OS Intel(R) 64:
# GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RWE 0x8
if ( $stack[ 0 ] !~ m{\A\s*(?:GNU_)?STACK(?:\s+0x[0-9a-f]+){5}\s+([R ][W ][E ])\s+0x[0-9a-f]+\s*\z} ) {
runtime_error( "$file: Cannot parse stack segment line:", ">>> $stack[ 0 ]" );
}; # if
my $attrs = $1;
if ( $attrs =~ m{E} ) {
runtime_error( "$file: Stack is executable" );
}; # if
}; # sub execstack
get_options(
"arch=s" => \$target_arch,
);
foreach my $file ( @ARGV ) {
execstack( $file );
}; # foreach $file
exit( 0 );
__END__
=pod
=head1 NAME
B<check-execstack.pl> -- Check whether stack is executable, issue an error if so.
=head1 SYNOPSIS
B<check-execstack.pl> I<optiion>... I<file>...
=head1 DESCRIPTION
The script checks whether stack of specified executable file, and issues error if stack is
executable. If stack is not executable, the script exits silently with zero exit code.
The script runs C<readelf> utility to get information about specified executable file. So, the
script fails if C<readelf> is not available. Effectively it means the script works only on Linux* OS
(and, probably, Intel(R) Many Integrated Core Architecture).
=head1 OPTIONS
=over
=item Standard Options
=over
=item B<--doc>
=item B<--manual>
Print full help message and exit.
=item B<--help>
Print short help message and exit.
=item B<--usage>
Print very short usage message and exit.
=item B<--verbose>
Do print informational messages.
=item B<--version>
Print program version and exit.
=item B<--quiet>
Work quiet, do not print informational messages.
=back
=back
=head1 ARGUMENTS
=over
=item I<file>
A name of executable or shared object to check. Multiple files may be specified.
=back
=head1 EXAMPLES
Check libomp.so library:
$ check-execstack.pl libomp.so
=cut
# end of file #
|