Commit dbc435f9 authored by Chen-Ying Kuo's avatar Chen-Ying Kuo

New upstream version 1.11.1

parent 7a2220a7
# Issue tracker
If any of these values are not included, the issue will be closed and not worked
## Issue
<!--- Tell us what should happen -->
## Debug Report
include the output of `checksec --debug_report`
## Command run to produce the error
<!--- Provide the exact command run to reproduce the error -->
## OS version and Kernel version
<!--- Include the os and kernel version -->
## Debug output
Run the same command as above to reproduce the error but include the --debug flag
e.x `checksec --debug -f /usr/bin/ls`
Rev-2019011901 Brian Davis <slimm609@gmail.com>
* checksec.sh: Updated to 1.11.1
* checksec.sh: resolved issues with readelf
* checksec.sh: Added docker images for testing
* checksec.sh: Added armhf and aarch64 libc locations
Thanks Avamander
* checksec.sh: Replace FS_COUNT with fgrep
Thanks Iraugusto
* checksec.sh: Fixed symbols count in csv
Thanks Iraugusto
* checksec.sh: Fixed RW-RPATH and RW-RUNPATH
Thanks Iraugusto
* checksec.sh: Added stack canaries generated by intel compiler
Thanks Xavier Brouckaert
* checksec.sh: Mute stat errors for non-existent directories
Thanks Iraugusto
* checksec.sh: Removed invalid json structures and duplicate kernel checks
* checksec.sh: fixed spaces in -d option
* checksec.sh: Added stack-protector-string check
Thanks scottellis
* checksec.sh: Add arm64 specific kernel checks
Thanks scottellis
* checksec.sh: Add REFCOUNT_FULL to kernel tests
Thanks scottellis
* checksec.sh: Remove OSX support
Rev-2018012401 Brian Davis <slimm609@gmail.com>
* checksec.sh: Updated to 1.9.0
* checksec.sh: made all kernel checks dependant on kernel version
......
FROM archlinux/base:latest
# Install dependencies
RUN pacman -Syu --noconfirm vim base-devel && ln -s $(command -v vim) /bin/vi
COPY . /root
WORKDIR /root
......@@ -6,40 +6,40 @@ It has been originally written by Tobias Klein and the original source is availa
Updates
-------
Last Update: 2018-10-14
Last Update: 2019-01-19
For OSX
-------
Install the binutils via brew `brew install binutils`
Most of the tools do not work on mach-O binaries or the OSX kernel, so it is not supported
Examples
--------
**normal (or --format cli)**
$checksec.sh --file /bin/ls
$checksec --file /bin/ls
RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /bin/ls
**csv**
$ checksec.sh --output csv --file /bin/ls
$ checksec --output csv --file /bin/ls
Partial RELRO,Canary found,NX enabled,No PIE,No RPATH,No RUNPATH,/bin/ls
**xml**
$ checksec.sh --output xml --file /bin/ls
$ checksec --output xml --file /bin/ls
<?xml version="1.0" encoding="UTF-8"?>
<file relro="partial" canary="yes" nx="yes" pie="no" rpath="no" runpath="no" filename='/bin/ls'/>
**json**
$ checksec.sh --output json --file /bin/ls
$ checksec --output json --file /bin/ls
{ "file": { "relro":"partial","canary":"yes","nx":"yes","pie":"no","rpath":"no","runpath":"no","filename":"/bin/ls" } }
**Fortify test in cli**
$ checksec.sh --fortify-proc 1
$ checksec --fortify-proc 1
* Process name (PID) : init (1)
* FORTIFY_SOURCE support available (libc) : Yes
* Binary compiled with FORTIFY_SOURCE support: Yes
......@@ -72,7 +72,7 @@ Examples
**Kernel test in Cli**
$ checksec.sh --kernel
$ checksec --kernel
* Kernel protection information:
Description - List the status of kernel protection mechanisms. Rather than
......@@ -123,7 +123,7 @@ Examples
**Kernel Test in XML**
$ checksec.sh --output xml --kernel
$ checksec --output xml --kernel
<?xml version="1.0" encoding="UTF-8"?>
<kernel config='/boot/config-3.11-2-amd64' gcc_stack_protector='yes' strict_user_copy_check='no' ro_kernel_data='yes' restrict_dev_mem_access='yes' restrict_dev_kmem_access='no'>
<grsecurity config='no' />
......@@ -132,7 +132,7 @@ Examples
**Kernel Test in Json**
$ checksec.sh --output json --kernel
$ checksec --output json --kernel
{ "kernel": { "KernelConfig":"/boot/config-3.11-2-amd64","gcc_stack_protector":"yes","strict_user_copy_check":"no","ro_kernel_data":"yes","restrict_dev_mem_access":"yes","restrict_dev_kmem_access":"no" },{ "grsecurity_config":"no" },{ "kernheap_config":"no" } }
Using with Cross-compiled Systems
......
This diff is collapsed.
No preview for this file type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment