search

slimm609 / checksec

Checksec
https://slimm609.github.io/checksec
Other
2.05k stars 306 forks source link

fix: fix duplicate entries #238

Closed slimm609 closed 7 months ago

slimm609 commented 7 months ago
teoberi commented 7 months ago

The solution chosen to test the libc dependency: ldd "${1}" 2> /dev/null | grep 'libc\.so' | cut -d' ' -f3 differs a bit from the one I thought of, that is was: ${readelf} -d "${1}" 2> /dev/null | grep 'NEEDED' | grep 'libc\.so' or (maybe) ${readelf} -d "${1}" 2> /dev/null | grep 'NEEDED' | grep 'libc\.so' | awk '{print $5}

Source: https://www.baeldung.com/linux/show-shared-libraries-executables

3. Using the ldd Command ... The ldd command is pretty handy to list the shared libraries of a program. However, we should use it with caution, as the ldd utility may execute the program to get the list of the shared libraries. We should never run the ldd command on untrusted executables.

7. Conclusion In this article, we’ve discussed different ways to list shared libraries of a program. The ldd command is the most straightforward one to show the shared libraries of a program. The readelf command is a better choice compared to the rest since we deal with “ELF” format on Linux. However, we must keep in mind that we should never use it on untrusted executables.

teoberi commented 7 months ago

For your request from here: https://github.com/slimm609/checksec.sh/pull/236#discussion_r1574613537 maybe we could add to Fortify, for "N/A" case in tests/binaries:

  1. from here a version of "Hello World" in C + ASM to test the binary file case without libc dependency Build commands: 
    gcc -o hello main.c start.S hello.S -w -nostdlib -no-pie -s
clang -o hello_cl main.c start.S hello.S -w -nostdlib -no-pie -s
gcc -m32 -o hello32 main.c start.S hello.S -w -nostdlib -no-pie -s
clang -m32 -o hello_cl32 main.c start.S hello.S -w -nostdlib -no-pie -s
  2. from here a version of "Hello World" in C to test the binary file case when "${FS_cnt_total}" == "0" Build commands: 
    gcc -o helloworld helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
clang -o helloworld_cl helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
gcc -m32 -o helloworld32 helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s
clang -m32 -o helloworld_cl32 helloworld.c -w -D_FORTIFY_SOURCE=0 -O2 -s

    Source files: hello.zip helloworld.zip

Fortify testing for the "N/A" case in tests/hardening-checks.sh using:

# N/A
for bin in rel.o rel32.o rel_cl.o rel_cl32.o; do

is not working! It works instead with the previously generated files, that is:

# N/A
for bin in hello hello_cl hello32 hello_cl32 helloworld helloworld_cl helloworld32 helloworld_cl32; do