svn commit: r473605 - in head/Mk: . Scripts

Sat Jun 30 08:37:34 UTC 2018

Author: mat
Date: Sat Jun 30 08:37:33 2018
New Revision: 473605
URL: https://svnweb.freebsd.org/changeset/ports/473605

Log:
  Convert to readelf.
  
  objdump is being removed from HEAD, make sure everything still works
  when this happens.
  
  PR:		229049
  Reported by:	emaste
  Sponsored by:	Absolight
  Differential Revision:	https://reviews.freebsd.org/D15904

Modified:
  head/Mk/Scripts/security-check.awk
  head/Mk/bsd.port.mk   (contents, props changed)

Modified: head/Mk/Scripts/security-check.awk
==============================================================================

--- head/Mk/Scripts/security-check.awk	Sat Jun 30 08:37:22 2018	(r473604)
+++ head/Mk/Scripts/security-check.awk	Sat Jun 30 08:37:33 2018	(r473605)
@@ -11,17 +11,17 @@ FILENAME ~ /\.flattened$/ {
 	if ($0 ~ /(^|\/)etc\/rc\.d\//)
 		startup_scripts[$0] = 1;
 }
-FILENAME ~ /\.objdump$/ {
-	if (match($0, /: +file format [^ ]+$/)) {
-		file = substr($0, 1, RSTART - 1);
+FILENAME ~ /\.readelf$/ {
+	if (match($0, /^File:/)) {
+		file = substr($0, 7);
 		next;
 	}
 	if (file == "")
 		next;
-	if ($3 ~ /^(gets|mktemp|tempnam|tmpnam)$/ ||
-	  ($3 ~ /^(strcpy|strcat|sprintf)$/ && audit != ""))
-		stupid_binaries[file] = stupid_binaries[file] " " $3;
-	if ($3 ~ /^(accept|recvfrom)$/)
+	if ($5 ~ /^(gets|mktemp|tempnam|tmpnam)$/ ||
+	  ($5 ~ /^(strcpy|strcat|sprintf)$/ && audit != ""))
+		stupid_binaries[file] = stupid_binaries[file] " " $5;
+	if ($5 ~ /^(accept|recvfrom)$/)
 		network_binaries[file] = 1;
 }
 FILENAME ~ /\.setuid$/ { setuid_binaries[$0] = 1; }

Modified: head/Mk/bsd.port.mk
==============================================================================
--- head/Mk/bsd.port.mk	Sat Jun 30 08:37:22 2018	(r473604)
+++ head/Mk/bsd.port.mk	Sat Jun 30 08:37:33 2018	(r473605)
@@ -3589,7 +3589,11 @@ security-check: ${TMPPLIST}
 #   4.  startup scripts, in conjunction with 2.
 #   5.  world-writable files/dirs
 #
-	-@${RM} ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable ${WRKDIR}/.PLIST.objdump; \
+#  The ${NONEXISTENT} argument of ${READELF} is there so that there are always
+#  at least two file arguments, and forces it to always output the "File: foo"
+#  header lines.
+#
+	-@${RM} ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable ${WRKDIR}/.PLIST.readelf; \
 	${AWK} -v prefix='${PREFIX}' ' \
 		match($$0, /^@cwd /) { prefix = substr($$0, RSTART + RLENGTH); if (prefix == "/") prefix=""; next; } \
 		/^@/ { next; } \
@@ -3602,10 +3606,10 @@ security-check: ${TMPPLIST}
 	| ${XARGS} -0 -J % ${FIND} % -prune -perm -0002 \! -type l 2> /dev/null > ${WRKDIR}/.PLIST.writable; \
 	${TR} '\n' '\0' < ${WRKDIR}/.PLIST.flattened \
 	| ${XARGS} -0 -J % ${FIND} % -prune ! -type l -type f -print0 2> /dev/null \
-	| ${XARGS} -0 -n 1 ${OBJDUMP} -R 2> /dev/null > ${WRKDIR}/.PLIST.objdump; \
+	| ${XARGS} -0 ${READELF} -r ${NONEXISTENT} 2> /dev/null > ${WRKDIR}/.PLIST.readelf; \
 	if \
 		! ${AWK} -v audit="$${PORTS_AUDIT}" -f ${SCRIPTSDIR}/security-check.awk \
-		  ${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.objdump ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \
+		  ${WRKDIR}/.PLIST.flattened ${WRKDIR}/.PLIST.readelf ${WRKDIR}/.PLIST.setuid ${WRKDIR}/.PLIST.writable; \
 	then \
 		www_site=$$(cd ${.CURDIR} && ${MAKE} www-site); \
 	    if [ ! -z "$${www_site}" ]; then \
