[Buildroot] [RFC PATCH 1/2] annobin: New package
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Wed Feb 6 15:04:50 UTC 2019
Hello Stefan,
On Thu, 3 May 2018 16:31:46 +0200
Stefan Sørensen <stefan.sorensen at spectralink.com> wrote:
> Signed-off-by: Stefan Sørensen <stefan.sorensen at spectralink.com>
In the mean time, the package checksec was added, which is able to do
the same sort of checks on binaries to verify if they have been built
with specific security hardening options:
config BR2_PACKAGE_HOST_CHECKSEC
bool "host checksec"
help
This tool provides a shell script to check the
properties of executables
(PIE,RELRO,Stack Canaries,Fortify Source).
It also has a kernel test mode that can run on target
for testing of PaX, ASLR, heap and config hardening.
NOTE: when using this tool as a host tool, the tool
can offline check a target folder of elf files for
hardening features enabled in those elf files. There
are other features of this tool, like the kernel test
feature that are not functional offline, but require the
user to execute in a chroot or on target.
https://github.com/slimm609/checksec.sh.git
This one is already in Buildroot, and is a lot easier to integrate than
a gcc plugin. So unless you see an issue with checksec that is solved
by annobin, we'll probably stick to using checksec.
Thanks,
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list