Package: hardening-includes Version: 2.7 Severity: wishlist Tags: patch Hello,
the attached patch adds a check for executable heap/stack to hardening-check. Some (mostly older) programs still use an executable stack which might be a security issue. This patch finds those problematic programs. Regards Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
--- /usr/bin/hardening-check 2014-11-14 19:27:54.000000000 +0100
+++ hardening-check 2015-09-22 03:00:22.864140308 +0200
@@ -299,6 +299,19 @@
}
}
+ # NX enabled
+ $name = " Stack/Heap not executable (NX)";
+ if ($PROG_REPORT =~ /^ *\bGNU_STACK\b *(?:[0x]+ ){5}([RWE]+)/m) {
+ if ($1 eq 'RW') {
+ good($name, "yes");
+ } else {
+ bad("no-nx", $file, $name, "no, executable stack/heap!", 0);
+ }
+ } else {
+ bad("unknown-nx", $file, $name, "unknown, no stack found!", 0);
+ }
+
+
# Stack-protected
$name = " Stack protected";
if (defined($functions->{'__stack_chk_fail'}) ||
signature.asc
Description: PGP signature
