Closed akiusmgm closed 1 year ago
The current stack canary check tries to check that the symbol address for the stack protection is "0000000000000000" but for 32 bit binaries it is "00000000". This check is not stable and should be removed. The " UND " check seems sufficient to prevent the wrongly detected stack canary in #161.
The current full RELRO check only passes if "BIND_NOW and no .got.plt" or "no .got.plt" only is found. The example libopencv_java4.so though shows that full RELRO can be active with .got.plt present.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
[...]
GNU_RELRO 0x15bad50 0x015bbd50 0x015bbd50 0x362b0 0x362b0 RW 0x10
The program header shows that the memory from 0x015bbd50 to 0x015bbd50+0x362b0 (0x015F2000) will be set to read only.
Section Headers:
[Nr] Name Type Addr Off Size ES Flg Lk Inf Al
[...]
[22] .got PROGBITS 015ef0d4 15ee0d4 0003d8 00 WA 0 0 4
[23] .got.plt PROGBITS 015ef4ac 15ee4ac 002b4c 00 WA 0 0 4
[24] .data PROGBITS 015f2000 15f1000 02bf28 00 WA 0 0 8
In the section headers we can see that .got.plt lies inside the range 0x015bbd50 - 0x015F2000. Apparently some compilers do not merge the .got.plt into .got when bind now is enabled but instead include .got.plt in the read only setting.
To fix full RELRO detection the old behavior should be restored for now to check if BIND_NOW is present or .got.plt is not present.
The modified binary that confuses full RELRO detection from #161 can only be detected by a similar calculation as above and might be out of scope for checksec.
Issue tracker
It seems that RELRO and STACK CANARY are incorrectly detected in the main repository at this time.
Issue
RELRO, STACK CANARY output is different from past versions in OpenCV-android-sdk/sdk/native/libs/x86/libopencv_java4.so etc. on https://github.com/opencv/opencv/releases/tag/4.7.0
Command run to produce the error
OS version and Kernel version