petervas
commented
2 months ago In case of aggressive stripping, symbol table is removed resulting in false negatives: checksec returns that FORTIFY and canary are disabled. To fix this issue, retrieve symbols from dynamic section instead of symbol table if needed.
@ffontaine : Do you have a simple example that shows the issue you described?
In my tests the regular readelf -s call will always show the dynamic section and (if avaiable) the symbol table.
Actually the only way i can produce the message "Dynamic symbol information is not available" that you check against to add --use-dynamic to the readelf call is if i try to check a file with readelf -s --use-dynamic that has no dynsym section.
ffontaine
In case of aggressive stripping, symbol table is removed resulting in false negatives: checksec returns that FORTIFY and canary are disabled. To fix this issue, retrieve symbols from dynamic section instead of symbol table if needed.
While at it, fix an indentation issue to align FORTIFY result