Bug#321750: lintian - check for executable stack

[Bastian Blank]

Package: lintian
Severity: wishlist
Version: 1.23.11

The attached patch adds checks for executable stack.

Bastian

-- 
Lots of people drink from the wrong bottle sometimes.
                -- Edith Keeler, "The City on the Edge of Forever",
                   stardate unknown

diff -urN lintian-1.23.11/checks/shared-libs 
lintian-1.23.11.execstack/checks/shared-libs
--- lintian-1.23.11/checks/shared-libs  2005-07-09 09:09:40.000000000 +0200
+++ lintian-1.23.11.execstack/checks/shared-libs        2005-08-07 
12:53:52.000000000 +0200
@@ -46,6 +46,7 @@
 my $shlibs_control_file = "control/shlibs";
 my %SONAME;
 my %INTERP;
+my %STACK;
 my %objsomething;
 my %sharedobject;
 my %index_info;
@@ -75,8 +76,16 @@
        tag "shlib-with-non-pic-code", "$file";
     } elsif (m/^\s*INTERP\s/) {
        $INTERP{$file} = 1;
+    } elsif (m/^\s*STACK\s/) {
+       $STACK{$file} = 0;
     } else {
-        $objsomething{$file} = 1;
+        if (defined $STACK{$file} and $STACK{$file} eq 0) {
+           m/\sflags\s+(\S+)/o;
+           $STACK{$file} = $1;
+       }
+       else {
+           $objsomething{$file} = 1;
+       }
     }
 }
 close(IN);
@@ -150,6 +159,15 @@
            # yes! so postinst must call ldconfig
            $must_call_ldconfig = $real_file;
        }
+
+       # executable stack
+       if (exists $objsomething{$cur_file}) {
+           if (not defined $STACK{$cur_file}) {
+               tag "shlib-without-PT_GNU_STACK-section", $cur_file;
+           } elsif ($STACK{$cur_file} ne "rw-") {
+               tag "shlib-with-executable-stack", $cur_file;
+           }
+       }
     } elsif (exists $objsomething{$cur_file} &&
             exists $ldso_dir{dirname($cur_file)} &&
             exists $sharedobject{$cur_file}) {
diff -urN lintian-1.23.11/checks/shared-libs.desc 
lintian-1.23.11.execstack/checks/shared-libs.desc
--- lintian-1.23.11/checks/shared-libs.desc     2005-01-14 22:11:13.000000000 
+0100
+++ lintian-1.23.11.execstack/checks/shared-libs.desc   2005-08-07 
12:25:25.000000000 +0200
@@ -167,3 +167,13 @@
  SONAMEs are set with something like <tt>gcc -Wl,-soname,libfoo.so.0</tt>,
  where 0 is the major version of the library. If your package uses libtool,
  then libtool invoked with the right options should be doing this.
+
+Tag: shlib-without-PT_GNU_STACK-section
+Type: error
+Info: The listed shared libraries lacks a PT_GNU_STACK section. This makes
+ the dynamic linker to make the stack executable.
+
+Tag: shlib-with-executable-stack
+Type: warning
+Info: The listed shared libraries declares the stack as executable.
+
diff -urN lintian-1.23.11/debian/changelog 
lintian-1.23.11.execstack/debian/changelog
--- lintian-1.23.11/debian/changelog    2005-08-03 15:05:57.000000000 +0200
+++ lintian-1.23.11.execstack/debian/changelog  2005-08-07 12:26:24.000000000 
+0200
@@ -1,3 +1,10 @@
+lintian (1.23.11.0local.1) local; urgency=low
+
+  * check/shared-libs*:
+    - Add checks for executable stack.
+
+ -- Bastian Blank <[EMAIL PROTECTED]>  Sun, 07 Aug 2005 12:26:01 +0200
+
 lintian (1.23.11) unstable; urgency=low
 
   * frontend/lintian:

signature.asc
Description: Digital signature