aboutsummaryrefslogtreecommitdiff
path: root/contrib/devtools/security-check.py
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/devtools/security-check.py')
-rwxr-xr-xcontrib/devtools/security-check.py34
1 files changed, 17 insertions, 17 deletions
diff --git a/contrib/devtools/security-check.py b/contrib/devtools/security-check.py
index 0319f739c4..301fea85c1 100755
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@@ -5,7 +5,7 @@ Exit status will be 0 if successful, and the program will be silent.
Otherwise the exit status will be 1 and it will log which executables failed which checks.
Needs `readelf` (for ELF) and `objdump` (for PE).
'''
-from __future__ import division,print_function
+from __future__ import division,print_function,unicode_literals
import subprocess
import sys
import os
@@ -23,9 +23,9 @@ def check_ELF_PIE(executable):
raise IOError('Error opening file')
ok = False
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
line = line.split()
- if len(line)>=2 and line[0] == 'Type:' and line[1] == 'DYN':
+ if len(line)>=2 and line[0] == b'Type:' and line[1] == b'DYN':
ok = True
return ok
@@ -38,17 +38,17 @@ def get_ELF_program_headers(executable):
in_headers = False
count = 0
headers = []
- for line in stdout.split('\n'):
- if line.startswith('Program Headers:'):
+ for line in stdout.split(b'\n'):
+ if line.startswith(b'Program Headers:'):
in_headers = True
- if line == '':
+ if line == b'':
in_headers = False
if in_headers:
if count == 1: # header line
- ofs_typ = line.find('Type')
- ofs_offset = line.find('Offset')
- ofs_flags = line.find('Flg')
- ofs_align = line.find('Align')
+ ofs_typ = line.find(b'Type')
+ ofs_offset = line.find(b'Offset')
+ ofs_flags = line.find(b'Flg')
+ ofs_align = line.find(b'Align')
if ofs_typ == -1 or ofs_offset == -1 or ofs_flags == -1 or ofs_align == -1:
raise ValueError('Cannot parse elfread -lW output')
elif count > 1:
@@ -65,9 +65,9 @@ def check_ELF_NX(executable):
have_wx = False
have_gnu_stack = False
for (typ, flags) in get_ELF_program_headers(executable):
- if typ == 'GNU_STACK':
+ if typ == b'GNU_STACK':
have_gnu_stack = True
- if 'W' in flags and 'E' in flags: # section is both writable and executable
+ if b'W' in flags and b'E' in flags: # section is both writable and executable
have_wx = True
return have_gnu_stack and not have_wx
@@ -84,7 +84,7 @@ def check_ELF_RELRO(executable):
# However, the dynamic linker need to write to this area so these are RW.
# Glibc itself takes care of mprotecting this area R after relocations are finished.
# See also http://permalink.gmane.org/gmane.comp.gnu.binutils/71347
- if typ == 'GNU_RELRO':
+ if typ == b'GNU_RELRO':
have_gnu_relro = True
have_bindnow = False
@@ -92,9 +92,9 @@ def check_ELF_RELRO(executable):
(stdout, stderr) = p.communicate()
if p.returncode:
raise IOError('Error opening file')
- for line in stdout.split('\n'):
+ for line in stdout.split(b'\n'):
tokens = line.split()
- if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]):
+ if len(tokens)>1 and tokens[1] == b'(BIND_NOW)' or (len(tokens)>2 and tokens[1] == b'(FLAGS)' and b'BIND_NOW' in tokens[2]):
have_bindnow = True
return have_gnu_relro and have_bindnow
@@ -107,8 +107,8 @@ def check_ELF_Canary(executable):
if p.returncode:
raise IOError('Error opening file')
ok = False
- for line in stdout.split('\n'):
- if '__stack_chk_fail' in line:
+ for line in stdout.split(b'\n'):
+ if b'__stack_chk_fail' in line:
ok = True
return ok