236 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
236 stdout=subprocess.PIPE, stderr=subprocess.PIPE) |
237 |
237 |
238 # aslr_tag_string will get stdout; err will get stderr |
238 # aslr_tag_string will get stdout; err will get stderr |
239 aslr_tag_string, err = aslr_tag_process.communicate() |
239 aslr_tag_string, err = aslr_tag_process.communicate() |
240 |
240 |
241 # No ASLR tag was found; everthing must be tagged |
241 # No ASLR tag was found; everything must be tagged |
242 if aslr_tag_process.returncode != 0: |
242 if aslr_tag_process.returncode != 0: |
243 engine.error( |
243 engine.error( |
244 _("'%s' is not tagged for aslr") % (path), |
244 _("'%s' is not tagged for aslr") % (path), |
245 msgid="%s%s.5" % (self.name, "001")) |
245 msgid="%s%s.5" % (self.name, "001")) |
246 return result |
246 return result |
271 match = True |
271 match = True |
272 break |
272 break |
273 |
273 |
274 if match == False: |
274 if match == False: |
275 list.append(dir) |
275 list.append(dir) |
|
276 # Make sure RUNPATH matches against a packaged path. |
|
277 # Don't check runpaths starting with $ORIGIN, which |
|
278 # is specially handled by the linker. |
|
279 |
|
280 elif not dir.startswith('$ORIGIN/'): |
|
281 |
|
282 # Strip out leading and trailing '/' in the |
|
283 # runpath, since the reference paths don't start |
|
284 # with '/' and trailing '/' could cause mismatches. |
|
285 # Check first if there is an exact match, then check |
|
286 # if any reference path starts with this runpath |
|
287 # plus a trailing slash, since it may still be a link |
|
288 # to a directory that has no action because it uses |
|
289 # the default attributes. |
|
290 |
|
291 relative_dir = dir.strip('/') |
|
292 if not relative_dir in self.ref_paths and \ |
|
293 not any(key.startswith(relative_dir + '/') |
|
294 for key in self.ref_paths): |
|
295 |
|
296 # If still no match, if the runpath contains |
|
297 # an embedded symlink, emit a warning; it may or may |
|
298 # not resolve to a legitimate path. |
|
299 # E.g., for usr/openwin/lib, usr/openwin->X11 and |
|
300 # usr/X11/lib are packaged, but usr/openwin/lib is not. |
|
301 # Otherwise, runpath is bad; add it to list. |
|
302 embedded_link = False |
|
303 pdir = os.path.dirname(relative_dir) |
|
304 while pdir != '': |
|
305 if (pdir in self.ref_paths and |
|
306 self.ref_paths[pdir][0][1].name == "link"): |
|
307 embedded_link = True |
|
308 engine.warning( |
|
309 _("runpath '%s' in '%s' not found in reference paths but contains symlink at '%s'") % (dir, path, pdir), |
|
310 msgid="%s%s.3" % (self.name, "001")) |
|
311 break |
|
312 pdir = os.path.dirname(pdir) |
|
313 if not embedded_link: |
|
314 list.append(dir) |
276 |
315 |
277 if bits == 32: |
316 if bits == 32: |
278 for expr in self.runpath_64_re: |
317 for expr in self.runpath_64_re: |
279 if expr.search(dir): |
318 if expr.search(dir): |
280 engine.warning( |
319 engine.warning( |