Merge #13647: Scripts and tools: Fix BIND_NOW check in security-check.py

37d363dd4a Tools: fix BIND_NOW check in security-check.py (Conrado Gouvea)

Pull request description:

  Previously, the BIND_NOW check would work only if it was the first value in FLAGS.

Tree-SHA512: 39cd83f673a6b521803be5585ada516f2db4eede718f0c5aea3377825ed1adcefed5bbb41dd9a5f24a26f7d27116cfc81bde7e26283232593b72768c5ae3d321
This commit is contained in:
Wladimir J. van der Laan 2018-07-17 17:05:56 +02:00
commit 4027ec1d70
No known key found for this signature in database
GPG key ID: 1E4AED62986CD25D

View file

@ -97,7 +97,7 @@ def check_ELF_RELRO(executable):
raise IOError('Error opening file') raise IOError('Error opening file')
for line in stdout.splitlines(): for line in stdout.splitlines():
tokens = line.split() tokens = line.split()
if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2]): if len(tokens)>1 and tokens[1] == '(BIND_NOW)' or (len(tokens)>2 and tokens[1] == '(FLAGS)' and 'BIND_NOW' in tokens[2:]):
have_bindnow = True have_bindnow = True
return have_gnu_relro and have_bindnow return have_gnu_relro and have_bindnow