[arch-projects] [namcap] [PATCH] elffiles: also check DF_BIND_NOW when checking FULL RELRO
Chih-Hsuan Yen
yan12125 at gmail.com
Tue Sep 11 14:28:37 UTC 2018
Looks like DF_BIND_NOW has the same function as DT_BIND_NOW.
---
Namcap/rules/elffiles.py | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/Namcap/rules/elffiles.py b/Namcap/rules/elffiles.py
index d707a58..b2ce6ec 100644
--- a/Namcap/rules/elffiles.py
+++ b/Namcap/rules/elffiles.py
@@ -140,11 +140,16 @@ class ELFGnuRelroRule(TarballRule):
description = "Check for FULL RELRO in ELF files."
def has_bind_now(self, elffile):
+ DF_BIND_NOW = 8
+
for section in elffile.iter_sections():
if not isinstance(section, DynamicSection):
continue
- if any(tag.entry.d_tag == 'DT_BIND_NOW' for tag in section.iter_tags()):
- return True
+ for tag in section.iter_tags():
+ if tag.entry.d_tag == 'DT_BIND_NOW':
+ return True
+ if tag.entry.d_tag == 'DT_FLAGS' and tag.entry.d_val & DF_BIND_NOW:
+ return True
return False
def analyze(self, pkginfo, tar):
--
2.19.0
More information about the arch-projects
mailing list