search

Wenzel / oswatcher

A framework to track the evolution of Operating Systems over time
GNU General Public License v3.0
58 stars 7 forks source link

Security: Checksec JSON output keys are not reliable #94

Open Wenzel opened 4 years ago

Wenzel commented 4 years ago

Checksec's JSON should contain a key which is the filepath:

~/Projets/oswatcher/tools/checksec/checksec --output=json --file=/usr/bin/xz | jq .

{
  "/usr/bin/xz": {
    "relro": "full",
    "canary": "yes",
    "nx": "yes",
    "pie": "yes",
    "rpath": "no",
    "runpath": "no",
    "symbols": "no",
    "fortify_source": "yes",
    "fortified": "5",
    "fortify-able": "8"
  }
}

However, some files are indexed by a file key, and not by their filepath:

~/Projets/oswatcher/tools/checksec/checksec --output=json --file=klibc-usBAintlt99f0TITo98H_trqH2c.so | jq .

{
  "file": {
    "relro": "no",
    "canary": "no",
    "nx": "no",
    "pie": "no",
    "rpath": "no",
    "runpath": "no",
    "symbols": "no",
    "fortify_source": "no",
    "fortified": "0",
    "fortify-able": "0"
  }
}