Closed peace-maker closed 10 months ago
Nice! Two ideas:
ibt
is just 3 letters, I'm afraid we should do proper parsing to avoid false positives),shellcraft.cat('/proc/self/maps')
for testing the ASLR ulimit trick, which won't work on new kernels (see #1871 and #1995).I've added ibt checks to ssh.checksec and refactored the property parsing to deduplicate code.
I'll change corefile parsing and cat2 separately.
Check if the binary was compiled with Control-flow Enforcement Technology (CET) and display if it supports shadowstack (SHSTK) and indirect branch tracking (IBT). Even though IBT hardware is rare (using those endbr instructions) it's useful to be futureproof here.
A binary compiled with
-fcf-protection=full
will now show both features in the checksec output:This requires bumping of the minimum pyelftools version, which shouldn't be a problem and is required anyways as shown in #2280.
Similarly, the target machine's cpuinfo features are checked for "user_shstk" capabilities in
ssh.checksec
to know if the cpu and kernel support userspace shadowstack as described in the shstk docs.Closes #2288