From: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
To: buildroot@busybox.net
Subject: [Buildroot] [RFC PATCH 1/2] annobin: New package
Date: Wed, 6 Feb 2019 16:04:50 +0100 [thread overview]
Message-ID: <20190206160450.0b2a899c@windsurf> (raw)
In-Reply-To: <20180503143147.5301-2-stefan.sorensen@spectralink.com>
Hello Stefan,
On Thu, 3 May 2018 16:31:46 +0200
Stefan S?rensen <stefan.sorensen@spectralink.com> wrote:
> Signed-off-by: Stefan S?rensen <stefan.sorensen@spectralink.com>
In the mean time, the package checksec was added, which is able to do
the same sort of checks on binaries to verify if they have been built
with specific security hardening options:
config BR2_PACKAGE_HOST_CHECKSEC
bool "host checksec"
help
This tool provides a shell script to check the
properties of executables
(PIE,RELRO,Stack Canaries,Fortify Source).
It also has a kernel test mode that can run on target
for testing of PaX, ASLR, heap and config hardening.
NOTE: when using this tool as a host tool, the tool
can offline check a target folder of elf files for
hardening features enabled in those elf files. There
are other features of this tool, like the kernel test
feature that are not functional offline, but require the
user to execute in a chroot or on target.
https://github.com/slimm609/checksec.sh.git
This one is already in Buildroot, and is a lot easier to integrate than
a gcc plugin. So unless you see an issue with checksec that is solved
by annobin, we'll probably stick to using checksec.
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-02-06 15:04 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-03 14:31 [Buildroot] [RFC PATCH 0/2] Verify hardened builds Stefan Sørensen
2018-05-03 14:31 ` [Buildroot] [RFC PATCH 1/2] annobin: New package Stefan Sørensen
2018-05-03 22:13 ` Arnout Vandecappelle
2018-05-04 8:32 ` Sørensen, Stefan
2018-05-04 10:35 ` Arnout Vandecappelle
2019-02-06 15:04 ` Thomas Petazzoni [this message]
2019-02-06 15:27 ` Sørensen, Stefan
2019-02-06 15:40 ` Thomas Petazzoni
2018-05-03 14:31 ` [Buildroot] [RFC PATCH 2/2] core: Verify that hardening flags are used Stefan Sørensen
2018-05-03 22:42 ` Arnout Vandecappelle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190206160450.0b2a899c@windsurf \
--to=thomas.petazzoni@bootlin.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox