#!/bin/bash # Copyright (c) 2017-2018 Red Hat. # # This is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published # by the Free Software Foundation; either version 3, or (at your # option) any later version. # # It is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. rm -f hello.o hello2.o hello3.o libhello.so hardening-fail-test.exe GCC=gcc READELF=readelf OBJCOPY=objcopy PLUGIN=../plugin/.libs/annobin.so $GCC -fplugin=$PLUGIN \ -c \ -fPIC \ -Wall \ -g \ -fno-stack-protector \ -fplugin-arg-annobin-stack-threshold=0x10 \ $srcdir/hello.c $GCC -fplugin=$PLUGIN \ -O3 \ -c \ -fPIC \ -fno-stack-protector \ -fplugin-arg-annobin-global-file-syms \ $srcdir/hello2.c $GCC -fplugin=$PLUGIN \ -O2 \ -c \ -fPIE \ -g3 \ -fstack-protector-strong \ -D_FORTIFY_SOURCE=2 \ -fplugin-arg-annobin-no-stack-size-notes \ -grecord-gcc-switches \ $srcdir/hello3.c \ $GCC -fplugin=$PLUGIN \ -O2 \ -fpic \ -fstack-protector \ -fplugin-arg-annobin-version \ -shared \ $srcdir/hello_lib.c \ -o libhello.so $GCC -fplugin=$PLUGIN \ -L . -pie \ -Wl,-z,now,-z,relro \ hello.o hello2.o hello3.o -lhello -o hardening-fail-test.exe # $OBJCOPY --merge-notes hardening-fail-test.exe hardening-fail-test-merged.exe # The --skip=fort option is here to skip the check of _FORTIFY_SOURCE as this # requires a version of readelf that knows how to fully parse the annobin notes # and such a version is not in common release (yet). The other hardening # properties can be deduced by the hardened.sh script without needing the notes # so that is why the test is allowed to proceed. # FIXME: Remove --skip=fort once readelf has been updated. $srcdir/../scripts/hardened.sh --readelf=$READELF --all hardening-fail-test.exe --skip=fort