about summary refs log tree commit diff
path: root/elf
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2020-03-02 14:24:27 +0100
committerFlorian Weimer <fweimer@redhat.com>2020-03-02 14:25:20 +0100
commit0499a353a6e196f468e7ec554cb13c82011f0e36 (patch)
tree581108932370bf01836d379db99bafc4330e3cf7 /elf
parentb5b7fb76e15c0db545aa11a3ce88f836e5d01a19 (diff)
downloadglibc-0499a353a6e196f468e7ec554cb13c82011f0e36.tar.gz
glibc-0499a353a6e196f468e7ec554cb13c82011f0e36.tar.xz
glibc-0499a353a6e196f468e7ec554cb13c82011f0e36.zip
elf: Add elf/check-wx-segment, a test for the presence of WX segments
Writable, executable segments defeat security hardening.  The
existing check for DT_TEXTREL does not catch this.

hppa and SPARC currently keep the PLT in an RWX load segment.
Diffstat (limited to 'elf')
-rw-r--r--elf/Makefile7
1 files changed, 7 insertions, 0 deletions
diff --git a/elf/Makefile b/elf/Makefile
index a137143db7..da689a2c7b 100644
--- a/elf/Makefile
+++ b/elf/Makefile
@@ -402,6 +402,7 @@ tests-special += $(objpfx)tst-pathopt.out $(objpfx)tst-rtld-load-self.out \
 		 $(objpfx)tst-rtld-preload.out
 endif
 tests-special += $(objpfx)check-textrel.out $(objpfx)check-execstack.out \
+		 $(objpfx)check-wx-segment.out \
 		 $(objpfx)check-localplt.out $(objpfx)check-initfini.out
 endif
 
@@ -1180,6 +1181,12 @@ $(objpfx)check-execstack.out: $(..)scripts/check-execstack.awk \
 	$(evaluate-test)
 generated += check-execstack.out
 
+$(objpfx)check-wx-segment.out: $(..)scripts/check-wx-segment.py \
+			      $(all-built-dso:=.phdr)
+	$(PYTHON) $^ --xfail="$(check-wx-segment-xfail)" > $@; \
+	$(evaluate-test)
+generated += check-wx-segment.out
+
 $(objpfx)tst-dlmodcount: $(libdl)
 $(objpfx)tst-dlmodcount.out: $(test-modules)