armel binaries using C++ exceptions likely broken
Kees Cook
kees at ubuntu.com
Thu Oct 1 17:45:17 BST 2009
On Thu, Oct 01, 2009 at 03:54:04PM +0200, Loïc Minier wrote:
> So I'm currently working on compiling the recipe to identify affected
> binaries. Binaries showing TEXTRELs with R_ARM_RELATIVE are misbuilt,
> but I think they might still work fine.
>
> I'm also looking for the right place and tools to scan all armel
> binaries. Hosts, scripts, tips etc.
Hi,
I mentioned this on IRC, but figured it might have general utility for
anyone else that might need to do similar things...
The Security Team has a tool[1] that is designed to walk an entire local
repository mirror performing actions[2] against each package (source or
binary). We've used this for scanning for specific unsafe function use[3] in
source, and for looking for binary file characteristics[4].
There are examples on how to run "for-archive" against source (doing an
unpack and source patching), or against binaries are listed in comments at
the top of the file. Some configuration items are needed, for which there
is an overview README[5] that should help.
-Kees
[1] http://bazaar.launchpad.net/%7Eubuntu-security/ubuntu-security-tools/trunk/annotate/head%3A/repo-tools/for-archive
[2] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/files/head%3A/repo-tools/for-archive-tools/
[3] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/annotate/head%3A/repo-tools/find-func
[4] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/annotate/head%3A/repo-tools/for-archive-tools/has-execstack
[5] http://bazaar.launchpad.net/~ubuntu-security/ubuntu-security-tools/trunk/annotate/head%3A/README
--
Kees Cook
Ubuntu Security Team
More information about the ubuntu-devel
mailing list