Skip to content
Snippets Groups Projects

Check for shadow stack support.

Closed Check for shadow stack support.
(removed):SHSTK into master
All threads resolved!
Closed loqs requested to merge (removed):SHSTK into master
All threads resolved!
Compare
and
3 files
+ 94
1
Compare changes
  • Side-by-side
  • Inline
Files
3
Namcap/rules/elffiles.py
+ 45
1
@@ -3,7 +3,8 @@
from elftools.elf.elffile import ELFFile
from elftools.elf.dynamic import DynamicSection
from elftools.elf.sections import SymbolTableSection
from elftools.elf.enums import ENUM_GNU_PROPERTY_X86_FEATURE_1_FLAGS
from elftools.elf.sections import NoteSection, SymbolTableSection
from Namcap.util import is_elf
from Namcap.ruleclass import TarballRule
@@ -224,3 +225,46 @@ class NoPIERule(TarballRule):
if nopie_binaries:
self.warnings = [("elffile-nopie %s", i) for i in nopie_binaries]
class ELFSHSTKRule(TarballRule):
"""
Check shadow stack support in ELF files.
"""
name = "elfnoshstk"
description = "Check for shadow stack support in ELF files."
def analyze(self, pkginfo, tar):
noshstk_binaries = []
for entry in tar:
if not entry.isfile():
continue
if ".debug" in entry.name:
continue
fp = tar.extractfile(entry)
if not is_elf(fp):
continue
elffile = ELFFile(fp)
has_stk = False
for section in elffile.iter_sections():
if has_stk:
break
if not isinstance(section, NoteSection):
continue
for note in section.iter_notes():
if note["n_type"] == "NT_GNU_PROPERTY_TYPE_0":
for prop in note["n_desc"]:
if prop["pr_type"] == "GNU_PROPERTY_X86_FEATURE_1_AND":
if (
prop["pr_data"]
& ENUM_GNU_PROPERTY_X86_FEATURE_1_FLAGS["GNU_PROPERTY_X86_FEATURE_1_SHSTK"]
):
has_stk = True
+2
break
else:
noshstk_binaries.append(entry.name)
if noshstk_binaries:
self.warnings = [("elffile-noshstk %s", i) for i in noshstk_binaries]