aboutsummaryrefslogtreecommitdiff
path: root/ci
diff options
context:
space:
mode:
authorWladimir J. van der Laan <laanwj@protonmail.com>2020-01-02 12:44:32 +0100
committerWladimir J. van der Laan <laanwj@protonmail.com>2020-01-02 12:48:49 +0100
commit0655c7a94cc9bf54d43eceed805e83f1b59e2409 (patch)
tree9b628192d148107c21d6e51ff3c088f0d9231369 /ci
parent35fff5be60e853455abc24713481544e91adfedb (diff)
parent7c9e821c4e6cb186208ead9c8df616d1f393a49a (diff)
Merge #17787: scripts: add MACHO PIE check to security-check.py
7c9e821c4e6cb186208ead9c8df616d1f393a49a scripts: add MACHO NOUNDEFS check to security-check.py (fanquake) 4ca92dc6d3f3e487d63286d8871d1829b3d279ff scripts: add MACHO PIE check to security-check.py (fanquake) Pull request description: This uses `otool -vh` to print the mach header and look for the `PIE` flag: ```bash otool -vh src/bitcoind Mach header magic cputype cpusubtype caps filetype ncmds sizeofcmds flags MH_MAGIC_64 X86_64 ALL LIB64 EXECUTE 24 2544 NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE ``` From [`mach-o/loader.h`](https://opensource.apple.com/source/cctools/cctools-927.0.2/include/mach-o/loader.h.auto.html): ```c #define MH_PIE 0x200000 /* When this bit is set, the OS will load the main executable at a random address. Only used in MH_EXECUTE filetypes. */ ``` ACKs for top commit: laanwj: code review ACK 7c9e821c4e6cb186208ead9c8df616d1f393a49a Tree-SHA512: 5ba2f60440d0e31c70371a355c91ca4f723d80f7287d04e2098bf5b11892cc74216ff8f1454603c4db9675d4f7983614843b992b8dcfca0309aadf2aa7ab2e4b
Diffstat (limited to 'ci')
0 files changed, 0 insertions, 0 deletions