Commit e5f0146a authored by SZ Lin (林上智)'s avatar SZ Lin (林上智)

Merge branch 'debian/master' into 'debian/master'


See merge request !1
parents ea2e57eb b6987f94
# Issue tracker
If any of these values are not included, the issue will be closed and not worked
## Issue
<!--- Tell us what should happen -->
## Debug Report
include the output of `checksec --debug_report`
## Command run to produce the error
<!--- Provide the exact command run to reproduce the error -->
## OS version and Kernel version
<!--- Include the os and kernel version -->
## Debug output
Run the same command as above to reproduce the error but include the --debug flag
e.x `checksec --debug -f /usr/bin/ls`
Rev-2019011901 Brian Davis <>
* Updated to 1.11.1
* resolved issues with readelf
* Added docker images for testing
* Added armhf and aarch64 libc locations
Thanks Avamander
* Replace FS_COUNT with fgrep
Thanks Iraugusto
* Fixed symbols count in csv
Thanks Iraugusto
Thanks Iraugusto
* Added stack canaries generated by intel compiler
Thanks Xavier Brouckaert
* Mute stat errors for non-existent directories
Thanks Iraugusto
* Removed invalid json structures and duplicate kernel checks
* fixed spaces in -d option
* Added stack-protector-string check
Thanks scottellis
* Add arm64 specific kernel checks
Thanks scottellis
* Add REFCOUNT_FULL to kernel tests
Thanks scottellis
* Remove OSX support
Rev-2018012401 Brian Davis <>
* Updated to 1.9.0
* made all kernel checks dependant on kernel version
FROM archlinux/base:latest
# Install dependencies
RUN pacman -Syu --noconfirm vim base-devel && ln -s $(command -v vim) /bin/vi
COPY . /root
......@@ -6,40 +6,40 @@ It has been originally written by Tobias Klein and the original source is availa
Last Update: 2018-10-14
Last Update: 2019-01-19
Install the binutils via brew `brew install binutils`
Most of the tools do not work on mach-O binaries or the OSX kernel, so it is not supported
**normal (or --format cli)**
$ --file /bin/ls
$checksec --file /bin/ls
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /bin/ls
$ --output csv --file /bin/ls
$ checksec --output csv --file /bin/ls
Partial RELRO,Canary found,NX enabled,No PIE,No RPATH,No RUNPATH,/bin/ls
$ --output xml --file /bin/ls
$ checksec --output xml --file /bin/ls
<?xml version="1.0" encoding="UTF-8"?>
<file relro="partial" canary="yes" nx="yes" pie="no" rpath="no" runpath="no" filename='/bin/ls'/>
$ --output json --file /bin/ls
$ checksec --output json --file /bin/ls
{ "file": { "relro":"partial","canary":"yes","nx":"yes","pie":"no","rpath":"no","runpath":"no","filename":"/bin/ls" } }
**Fortify test in cli**
$ --fortify-proc 1
$ checksec --fortify-proc 1
* Process name (PID) : init (1)
* FORTIFY_SOURCE support available (libc) : Yes
* Binary compiled with FORTIFY_SOURCE support: Yes
......@@ -72,7 +72,7 @@ Examples
**Kernel test in Cli**
$ --kernel
$ checksec --kernel
* Kernel protection information:
Description - List the status of kernel protection mechanisms. Rather than
......@@ -123,7 +123,7 @@ Examples
**Kernel Test in XML**
$ --output xml --kernel
$ checksec --output xml --kernel
<?xml version="1.0" encoding="UTF-8"?>
<kernel config='/boot/config-3.11-2-amd64' gcc_stack_protector='yes' strict_user_copy_check='no' ro_kernel_data='yes' restrict_dev_mem_access='yes' restrict_dev_kmem_access='no'>
<grsecurity config='no' />
......@@ -132,7 +132,7 @@ Examples
**Kernel Test in Json**
$ --output json --kernel
$ checksec --output json --kernel
{ "kernel": { "KernelConfig":"/boot/config-3.11-2-amd64","gcc_stack_protector":"yes","strict_user_copy_check":"no","ro_kernel_data":"yes","restrict_dev_mem_access":"yes","restrict_dev_kmem_access":"no" },{ "grsecurity_config":"no" },{ "kernheap_config":"no" } }
Using with Cross-compiled Systems
This diff is collapsed.
No preview for this file type
checksec (1.11.1-1) unstable; urgency=medium
* New upstream version 1.11.1
* Update d/watch for correct filenamemangle.
-- Chen-Ying Kuo <> Fri, 12 Apr 2019 00:00:10 +0800
checksec (1.9.0-1) unstable; urgency=low
* Initial release. (Closes: #909796)
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%<project>-$1.tar.gz%" \
opts="filenamemangle=s%(?:.*?)?v?(\d[\d.]*)\.tar\.gz%checksec-$1.tar.gz%" \ \
(?:.*?/)?v?(\d[\d.]*)\.tar\.gz debian uupdate
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment