foster/bitcoin-bitcoin-core
0
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-02-09 10:43:19 -05:00
Code Issues Activity

scripts: add run_command to security-check.py

Browse source 
Deduplicate all the subprocess code as mentioned in 18713.
This commit is contained in:
fanquake 2020-04-28 09:48:05 +08:00
parent 13f606b4f9
commit 83d063e954
No known key found for this signature in database
GPG key ID: 2EEB9F5CC09526C1
1 changed files with 21 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

58
contrib/devtools/security-check.py
View file

@ -16,14 +16,15 @@ READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')
OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump') OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump')
OTOOL_CMD = os.getenv('OTOOL', '/usr/bin/otool') OTOOL_CMD = os.getenv('OTOOL', '/usr/bin/otool')
def run_command(command):
p = subprocess.run(command, stdout=subprocess.PIPE, check=True, universal_newlines=True)
return p.stdout
def check_ELF_PIE(executable): def check_ELF_PIE(executable):
''' '''
Check for position independent executable (PIE), allowing for address space randomization. Check for position independent executable (PIE), allowing for address space randomization.
''' '''
p = subprocess.Popen([READELF_CMD, '-h', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([READELF_CMD, '-h', '-W', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
ok = False ok = False
for line in stdout.splitlines(): for line in stdout.splitlines():
@ -34,10 +35,8 @@ def check_ELF_PIE(executable):
def get_ELF_program_headers(executable): def get_ELF_program_headers(executable):
'''Return type and flags for ELF program headers''' '''Return type and flags for ELF program headers'''
p = subprocess.Popen([READELF_CMD, '-l', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([READELF_CMD, '-l', '-W', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
in_headers = False in_headers = False
count = 0 count = 0
headers = [] headers = []
@ -83,7 +82,8 @@ def check_ELF_RELRO(executable):
have_gnu_relro = False have_gnu_relro = False
for (typ, flags) in get_ELF_program_headers(executable): for (typ, flags) in get_ELF_program_headers(executable):
# Note: not checking flags == 'R': here as linkers set the permission differently # Note: not checking flags == 'R': here as linkers set the permission differently
# This does not affect security: the permission flags of the GNU_RELRO program header are ignored, the PT_LOAD header determines the effective permissions. # This does not affect security: the permission flags of the GNU_RELRO program
# header are ignored, the PT_LOAD header determines the effective permissions.
# However, the dynamic linker need to write to this area so these are RW. # However, the dynamic linker need to write to this area so these are RW.
# Glibc itself takes care of mprotecting this area R after relocations are finished. # Glibc itself takes care of mprotecting this area R after relocations are finished.
# See also https://marc.info/?l=binutils&m=1498883354122353 # See also https://marc.info/?l=binutils&m=1498883354122353
@ -91,10 +91,8 @@ def check_ELF_RELRO(executable):
have_gnu_relro = True have_gnu_relro = True
have_bindnow = False have_bindnow = False
p = subprocess.Popen([READELF_CMD, '-d', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([READELF_CMD, '-d', '-W', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
for line in stdout.splitlines(): for line in stdout.splitlines():
tokens = line.split() tokens = line.split()
if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2:]): if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2:]):
@ -105,10 +103,8 @@ def check_ELF_Canary(executable):
''' '''
Check for use of stack canary Check for use of stack canary
''' '''
p = subprocess.Popen([READELF_CMD, '--dyn-syms', '-W', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([READELF_CMD, '--dyn-syms', '-W', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
ok = False ok = False
for line in stdout.splitlines(): for line in stdout.splitlines():
if '__stack_chk_fail' in line: if '__stack_chk_fail' in line:
@ -117,10 +113,8 @@ def check_ELF_Canary(executable):
def get_PE_dll_characteristics(executable) -> int: def get_PE_dll_characteristics(executable) -> int:
'''Get PE DllCharacteristics bits''' '''Get PE DllCharacteristics bits'''
p = subprocess.Popen([OBJDUMP_CMD, '-x', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([OBJDUMP_CMD, '-x', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
bits = 0 bits = 0
for line in stdout.splitlines(): for line in stdout.splitlines():
tokens = line.split() tokens = line.split()
@ -146,10 +140,8 @@ def check_PE_HIGH_ENTROPY_VA(executable):
def check_PE_RELOC_SECTION(executable) -> bool: def check_PE_RELOC_SECTION(executable) -> bool:
'''Check for a reloc section. This is required for functional ASLR.''' '''Check for a reloc section. This is required for functional ASLR.'''
p = subprocess.Popen([OBJDUMP_CMD, '-h', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([OBJDUMP_CMD, '-h', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
for line in stdout.splitlines(): for line in stdout.splitlines():
if '.reloc' in line: if '.reloc' in line:
return True return True
@ -161,10 +153,7 @@ def check_PE_NX(executable):
return (bits & IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) == IMAGE_DLL_CHARACTERISTICS_NX_COMPAT return (bits & IMAGE_DLL_CHARACTERISTICS_NX_COMPAT) == IMAGE_DLL_CHARACTERISTICS_NX_COMPAT
def get_MACHO_executable_flags(executable): def get_MACHO_executable_flags(executable):
p = subprocess.Popen([OTOOL_CMD, '-vh', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([OTOOL_CMD, '-vh', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
flags = [] flags = []
for line in stdout.splitlines(): for line in stdout.splitlines():
@ -208,10 +197,7 @@ def check_MACHO_LAZY_BINDINGS(executable) -> bool:
Check for no lazy bindings. Check for no lazy bindings.
We don't use or check for MH_BINDATLOAD. See #18295. We don't use or check for MH_BINDATLOAD. See #18295.
''' '''
p = subprocess.Popen([OTOOL_CMD, '-l', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([OTOOL_CMD, '-l', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
for line in stdout.splitlines(): for line in stdout.splitlines():
tokens = line.split() tokens = line.split()
@ -224,10 +210,8 @@ def check_MACHO_Canary(executable) -> bool:
''' '''
Check for use of stack canary Check for use of stack canary
''' '''
p = subprocess.Popen([OTOOL_CMD, '-Iv', executable], stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE, universal_newlines=True) stdout = run_command([OTOOL_CMD, '-Iv', executable])
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
ok = False ok = False
for line in stdout.splitlines(): for line in stdout.splitlines():
if '___stack_chk_fail' in line: if '___stack_chk_fail' in line: