Commit graph

5 commits

Author SHA1 Message Date
Wladimir J. van der Laan
579b863cd7 devtools: Add security-check.py
Perform the following ELF security checks:

- PIE: Check for position independent executable (PIE), allowing for address space randomization
- NX: Check that no sections are writable and executable (including the stack)
- RELRO: Check for read-only relocations, binding at startup
- Canary: Check for use of stack canary

Also add a check to symbol-check.py that checks that only the subset of
allowed libraries is imported (to avoid incompatibilities).
2015-10-22 03:35:38 +02:00
Michael Ford
78253fcbad Remove references to X11 licence 2014-12-16 15:56:50 +08:00
Wladimir J. van der Laan
27116e87cc
devtools: Exclude default exports from symbol-checker script
See discussion in #4663.
2014-08-17 10:07:46 +02:00
Wladimir J. van der Laan
202c95c216 devtools: have symbol check script check for exported symbols
After last commit, our executables should export no symbols anymore.  To
make sure that this stays the case, verify this in the symbol checker
script.
2014-04-30 15:30:39 +02:00
Wladimir J. van der Laan
74fc254c2b devtools: add script to check symbols from Linux gitian executables
Add a script to check that the (Linux) executables produced by gitian
only contain allowed gcc, glibc and libstdc++ version symbols.  This
makes sure they are still compatible with the minimum supported Linux
distribution versions.
2014-04-25 12:19:37 +02:00