Mock Version: 1.1.38 Mock Version: 1.1.38 ENTER do(['bash', '--login', '-c', 'rpmbuild -bs --target noarch --nodeps builddir/build/SPECS/hardening-check.spec'], False, '/var/lib/mock/f20-build-2095201-389382/root/', None, 86400, True, False, 1000, 425, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bs --target noarch --nodeps builddir/build/SPECS/hardening-check.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin'} warning: Could not canonicalize hostname: buildhw-07.phx2.fedoraproject.org Building target platforms: noarch Building for target noarch Wrote: /builddir/build/SRPMS/hardening-check-2.5-1.fc20.src.rpm Child return code was: 0 LEAVE do --> ENTER do(['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/hardening-check.spec'], False, '/var/lib/mock/f20-build-2095201-389382/root/', None, 86400, True, False, 1000, 425, None, False, {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin'}, logger=) Executing command: ['bash', '--login', '-c', 'rpmbuild -bb --target noarch --nodeps builddir/build/SPECS/hardening-check.spec'] with env {'LANG': 'en_US.UTF-8', 'TERM': 'vt100', 'SHELL': '/bin/bash', 'HOSTNAME': 'mock', 'PROMPT_COMMAND': 'echo -n ""', 'HOME': '/builddir', 'PATH': '/usr/bin:/bin:/usr/sbin:/sbin'} Building target platforms: noarch Building for target noarch Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.IXiQNl + umask 022 + cd /builddir/build/BUILD + cd /builddir/build/BUILD + rm -rf hardening-wrapper + /usr/bin/gzip -dc /builddir/build/SOURCES/hardening-wrapper_2.5.tar.gz + /usr/bin/tar -xf - + STATUS=0 + '[' 0 -ne 0 ']' + cd hardening-wrapper + /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w . + sed -i -e '/^[ \t]*if \[ -z \"\$.DEB_/d' Makefile + exit 0 Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.LCClMz + umask 022 + cd /builddir/build/BUILD + cd hardening-wrapper + make -j16 mkdir -p build-tree # Construct wrappers. install hardened-cc hardened-ld build-tree/ # Set defaults, based on OS and ARCH. perl -pi -e 's/ #OS#/ '""'/; s/ #ARCH#/ '""'/;' build-tree/hardened-cc build-tree/hardened-ld perl -pi -e "s/default{'DEB_BUILD_HARDENING_PIE'}=1;/default{'DEB_BUILD_HARDENING_PIE'}=0;/;" build-tree/hardened-cc build-tree/hardened-ld perl -pi -e "s/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/default{'DEB_BUILD_HARDENING_STACKPROTECTOR'}=1;/;" build-tree/hardened-cc build-tree/hardened-ld # Duplicate cc wrapper to c++. install build-tree/hardened-cc build-tree/hardened-c++ perl -pi -e 's/hardened-cc/hardened-c++/g; s|/usr/bin/cc|/usr/bin/c++|g;' build-tree/hardened-c++ # Construct tools. install hardening.make hardening-check build-tree/ # Do not use "shell" here because it eats newlines. We want those. perl -pi -e "s/^my %libc;/my %libc = (\n$(perl hardening-check --find-libc-functions /bin/ls)\n);/;" build-tree/hardening-check # Construct man pages. install hardened-cc.1 hardened-ld.1 build-tree/ pod2man hardening-check > build-tree/hardening-check.1 # Duplicate cc man page to c++. install build-tree/hardened-cc.1 build-tree/hardened-c++.1 perl -pi -e 's/hardened-cc/hardened-c++/g; s/gcc/g++/g;' build-tree/hardened-c++.1 touch build-tree/stamp-build + exit 0 Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.oK4zEO + umask 022 + cd /builddir/build/BUILD + '[' /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch '!=' / ']' + rm -rf /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch ++ dirname /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch + mkdir -p /builddir/build/BUILDROOT + mkdir /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch + cd hardening-wrapper + mkdir -p /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/bin /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/man/man1 + install -pm 0755 build-tree/hardening-check /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/bin + install -pm 0644 build-tree/hardening-check.1 /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/man/man1 + /usr/lib/rpm/find-debuginfo.sh --strict-build-id -m --run-dwz --dwz-low-mem-die-limit 10000000 --dwz-max-die-limit 50000000 /builddir/build/BUILD/hardening-wrapper /usr/lib/rpm/sepdebugcrcfix: Updated 0 CRC32s, 0 CRC32s did match. + /usr/lib/rpm/check-buildroot + /usr/lib/rpm/redhat/brp-compress + /usr/lib/rpm/redhat/brp-strip-static-archive /usr/bin/strip + /usr/lib/rpm/brp-python-bytecompile /usr/bin/python 1 + /usr/lib/rpm/redhat/brp-python-hardlink + /usr/lib/rpm/redhat/brp-java-repack-jars Executing(%check): /bin/sh -e /var/tmp/rpm-tmp.RKszI3 + umask 022 + cd /builddir/build/BUILD + cd hardening-wrapper + make check make -C tests check make[1]: Entering directory `/builddir/build/BUILD/hardening-wrapper/tests' # Check the stack protector and PIE options directly, just to have # a historical record in the build logs. cc -Wall -fstack-protector hello.c -o ../build-tree/cc-test || true ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x4005e0) cc -Wall -fPIE -pie hello.c -o ../build-tree/cc-test || true ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x7f816739b888) ../build-tree/cc-test || true ../build-tree/cc-test: ok (0x7feaa51e1888) make -f Makefile.wrapper check make[2]: Entering directory `/builddir/build/BUILD/hardening-wrapper/tests' # Test basic perl syntax for script in ../build-tree/hardened-cc ../build-tree/hardened-ld ../build-tree/hardened-c++; do perl -c $script; done ../build-tree/hardened-cc syntax OK ../build-tree/hardened-ld syntax OK ../build-tree/hardened-c++ syntax OK touch syntax.stamp # Compiler and linker options disabled. DEB_BUILD_HARDENING=0 ../build-tree/hardened-cc -B ../build-tree/ -o ../build-tree/wrapper-test-stock hello.c /usr/bin/gcc -B ../build-tree/ -o ../build-tree/wrapper-test-stock hello.c readelf -ldrsW ../build-tree/wrapper-test-stock Elf file type is EXEC (Executable file) Entry point 0x400490 There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x000804 0x000804 R E 0x200000 LOAD 0x000e10 0x0000000000600e10 0x0000000000600e10 0x00022c 0x000230 RW 0x200000 DYNAMIC 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d0 0x0001d0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x0006b0 0x00000000004006b0 0x00000000004006b0 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000e10 0x0000000000600e10 0x0000000000600e10 0x0001f0 0x0001f0 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xe28 contains 24 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x400418 0x000000000000000d (FINI) 0x400684 0x0000000000000019 (INIT_ARRAY) 0x600e10 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600e18 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400330 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 65 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x601000 0x0000000000000002 (PLTRELSZ) 96 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x4003b8 0x0000000000000007 (RELA) 0x4003a0 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x400380 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x400372 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x3a0 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x3b8 contains 4 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000601018 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 printf + 0 0000000000601020 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000601028 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000601030 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 Symbol table '.dynsym' contains 5 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.2.5 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (2) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ Symbol table '.symtab' contains 67 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400330 0 SECTION LOCAL DEFAULT 6 7: 0000000000400372 0 SECTION LOCAL DEFAULT 7 8: 0000000000400380 0 SECTION LOCAL DEFAULT 8 9: 00000000004003a0 0 SECTION LOCAL DEFAULT 9 10: 00000000004003b8 0 SECTION LOCAL DEFAULT 10 11: 0000000000400418 0 SECTION LOCAL DEFAULT 11 12: 0000000000400440 0 SECTION LOCAL DEFAULT 12 13: 0000000000400490 0 SECTION LOCAL DEFAULT 13 14: 0000000000400684 0 SECTION LOCAL DEFAULT 14 15: 0000000000400690 0 SECTION LOCAL DEFAULT 15 16: 00000000004006b0 0 SECTION LOCAL DEFAULT 16 17: 00000000004006f0 0 SECTION LOCAL DEFAULT 17 18: 0000000000600e10 0 SECTION LOCAL DEFAULT 18 19: 0000000000600e18 0 SECTION LOCAL DEFAULT 19 20: 0000000000600e20 0 SECTION LOCAL DEFAULT 20 21: 0000000000600e28 0 SECTION LOCAL DEFAULT 21 22: 0000000000600ff8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601038 0 SECTION LOCAL DEFAULT 24 25: 000000000060103c 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 29: 00000000004004c0 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 30: 00000000004004f0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 31: 0000000000400530 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 000000000060103c 1 OBJECT LOCAL DEFAULT 25 completed.6366 33: 0000000000600e18 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 34: 0000000000400550 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 0000000000600e10 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 38: 0000000000400800 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 39: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 40: 0000000000000000 0 FILE LOCAL DEFAULT ABS 41: 0000000000600e18 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 42: 0000000000600e28 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 43: 0000000000600e10 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 44: 0000000000601000 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ 45: 0000000000400680 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 46: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 47: 0000000000601038 0 NOTYPE WEAK DEFAULT 24 data_start 48: 000000000060103c 0 NOTYPE GLOBAL DEFAULT 24 _edata 49: 0000000000400684 0 FUNC GLOBAL DEFAULT 14 _fini 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.2.5 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 52: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 53: 0000000000601038 0 NOTYPE GLOBAL DEFAULT 24 __data_start 54: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 55: 0000000000400698 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 56: 0000000000400580 90 FUNC GLOBAL DEFAULT 13 announcement 57: 0000000000400690 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 58: 0000000000400610 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 59: 0000000000601040 0 NOTYPE GLOBAL DEFAULT 25 _end 60: 0000000000400490 0 FUNC GLOBAL DEFAULT 13 _start 61: 000000000060103c 0 NOTYPE GLOBAL DEFAULT 25 __bss_start 62: 00000000004005da 40 FUNC GLOBAL DEFAULT 13 main 63: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 64: 0000000000601040 0 OBJECT GLOBAL HIDDEN 24 __TMC_END__ 65: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 66: 0000000000400418 0 FUNC GLOBAL DEFAULT 11 _init ../build-tree/wrapper-test-stock ../build-tree/wrapper-test-stock: ok (0x400580) # Compiler options enabled. (linker is not wrapper) ../build-tree/hardened-cc -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-compiled hello.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-compiled hello.c readelf -ldrsW ../build-tree/wrapper-test-compiled Elf file type is EXEC (Executable file) Entry point 0x40053c There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00088c 0x00088c R E 0x200000 LOAD 0x000e10 0x0000000000600e10 0x0000000000600e10 0x000234 0x000238 RW 0x200000 DYNAMIC 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d0 0x0001d0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x000740 0x0000000000400740 0x0000000000400740 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000e10 0x0000000000600e10 0x0000000000600e10 0x0001f0 0x0001f0 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xe28 contains 24 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4004a0 0x000000000000000d (FINI) 0x400714 0x0000000000000019 (INIT_ARRAY) 0x600e10 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600e18 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400348 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 117 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x601000 0x0000000000000002 (PLTRELSZ) 120 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400428 0x0000000000000007 (RELA) 0x400410 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x4003d0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x4003be 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x410 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x428 contains 5 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000601018 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __stack_chk_fail + 0 0000000000601020 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000601028 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000601030 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 0000000000601038 0000000500000007 R_X86_64_JUMP_SLOT 0000000000000000 __printf_chk + 0 Symbol table '.dynsym' contains 6 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (3) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (4) Symbol table '.symtab' contains 68 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400348 0 SECTION LOCAL DEFAULT 6 7: 00000000004003be 0 SECTION LOCAL DEFAULT 7 8: 00000000004003d0 0 SECTION LOCAL DEFAULT 8 9: 0000000000400410 0 SECTION LOCAL DEFAULT 9 10: 0000000000400428 0 SECTION LOCAL DEFAULT 10 11: 00000000004004a0 0 SECTION LOCAL DEFAULT 11 12: 00000000004004c0 0 SECTION LOCAL DEFAULT 12 13: 0000000000400520 0 SECTION LOCAL DEFAULT 13 14: 0000000000400714 0 SECTION LOCAL DEFAULT 14 15: 0000000000400720 0 SECTION LOCAL DEFAULT 15 16: 0000000000400740 0 SECTION LOCAL DEFAULT 16 17: 0000000000400780 0 SECTION LOCAL DEFAULT 17 18: 0000000000600e10 0 SECTION LOCAL DEFAULT 18 19: 0000000000600e18 0 SECTION LOCAL DEFAULT 19 20: 0000000000600e20 0 SECTION LOCAL DEFAULT 20 21: 0000000000600e28 0 SECTION LOCAL DEFAULT 21 22: 0000000000600ff8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601040 0 SECTION LOCAL DEFAULT 24 25: 0000000000601044 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 28: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 29: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 30: 0000000000400570 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 31: 00000000004005a0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 32: 00000000004005e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 33: 0000000000601044 1 OBJECT LOCAL DEFAULT 25 completed.6366 34: 0000000000600e18 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 35: 0000000000400600 0 FUNC LOCAL DEFAULT 13 frame_dummy 36: 0000000000600e10 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 38: 0000000000400888 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 39: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 40: 0000000000000000 0 FILE LOCAL DEFAULT ABS 41: 0000000000600e18 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 42: 0000000000600e28 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 43: 0000000000600e10 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 44: 0000000000601000 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ 45: 0000000000400710 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 46: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 47: 0000000000601040 0 NOTYPE WEAK DEFAULT 24 data_start 48: 0000000000601044 0 NOTYPE GLOBAL DEFAULT 24 _edata 49: 0000000000400714 0 FUNC GLOBAL DEFAULT 14 _fini 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 52: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 53: 0000000000601040 0 NOTYPE GLOBAL DEFAULT 24 __data_start 54: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 55: 0000000000400728 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 56: 0000000000400630 104 FUNC GLOBAL DEFAULT 13 announcement 57: 0000000000400720 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 58: 00000000004006a0 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 59: 0000000000601048 0 NOTYPE GLOBAL DEFAULT 25 _end 60: 000000000040053c 0 FUNC GLOBAL DEFAULT 13 _start 61: 0000000000601044 0 NOTYPE GLOBAL DEFAULT 25 __bss_start 62: 0000000000400520 25 FUNC GLOBAL DEFAULT 13 main 63: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 64: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 65: 0000000000601048 0 OBJECT GLOBAL HIDDEN 24 __TMC_END__ 66: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 67: 00000000004004a0 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/wrapper-test-compiled ../build-tree/wrapper-test-compiled: ok (0x400630) ../build-tree/wrapper-test-compiled ../build-tree/wrapper-test-compiled: ok (0x400630) # Enable symlink for ld to trick gcc into doing wrapped linking (cd ../build-tree && ln -s hardened-ld ld) (cd ../build-tree && ln -s hardened-ld ld.gold) # Compiler and linker options enabled. ../build-tree/hardened-cc -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-linked hello.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-linked hello.c /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-linked /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. /tmp/ccLlkvGs.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o readelf -ldrsW ../build-tree/wrapper-test-linked Elf file type is EXEC (Executable file) Entry point 0x40053c There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00088c 0x00088c R E 0x200000 LOAD 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000254 0x000258 RW 0x200000 DYNAMIC 0x000dc8 0x0000000000600dc8 0x0000000000600dc8 0x0001f0 0x0001f0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x000740 0x0000000000400740 0x0000000000400740 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000250 0x000250 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xdc8 contains 26 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4004a0 0x000000000000000d (FINI) 0x400714 0x0000000000000019 (INIT_ARRAY) 0x600db0 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600db8 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400348 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 117 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x600fb8 0x0000000000000002 (PLTRELSZ) 120 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400428 0x0000000000000007 (RELA) 0x400410 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x0000000000000018 (BIND_NOW) 0x000000006ffffffb (FLAGS_1) Flags: NOW 0x000000006ffffffe (VERNEED) 0x4003d0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x4003be 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x410 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x428 contains 5 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600fd0 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __stack_chk_fail + 0 0000000000600fd8 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000600fe0 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000600fe8 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 0000000000600ff0 0000000500000007 R_X86_64_JUMP_SLOT 0000000000000000 __printf_chk + 0 Symbol table '.dynsym' contains 6 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (3) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (4) Symbol table '.symtab' contains 67 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400348 0 SECTION LOCAL DEFAULT 6 7: 00000000004003be 0 SECTION LOCAL DEFAULT 7 8: 00000000004003d0 0 SECTION LOCAL DEFAULT 8 9: 0000000000400410 0 SECTION LOCAL DEFAULT 9 10: 0000000000400428 0 SECTION LOCAL DEFAULT 10 11: 00000000004004a0 0 SECTION LOCAL DEFAULT 11 12: 00000000004004c0 0 SECTION LOCAL DEFAULT 12 13: 0000000000400520 0 SECTION LOCAL DEFAULT 13 14: 0000000000400714 0 SECTION LOCAL DEFAULT 14 15: 0000000000400720 0 SECTION LOCAL DEFAULT 15 16: 0000000000400740 0 SECTION LOCAL DEFAULT 16 17: 0000000000400780 0 SECTION LOCAL DEFAULT 17 18: 0000000000600db0 0 SECTION LOCAL DEFAULT 18 19: 0000000000600db8 0 SECTION LOCAL DEFAULT 19 20: 0000000000600dc0 0 SECTION LOCAL DEFAULT 20 21: 0000000000600dc8 0 SECTION LOCAL DEFAULT 21 22: 0000000000600fb8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601004 0 SECTION LOCAL DEFAULT 24 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 29: 0000000000400570 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 30: 00000000004005a0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 31: 00000000004005e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 0000000000601004 1 OBJECT LOCAL DEFAULT 24 completed.6366 33: 0000000000600db8 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 34: 0000000000400600 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 0000000000600db0 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 37: 0000000000400888 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 38: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 39: 0000000000000000 0 FILE LOCAL DEFAULT ABS 40: 0000000000600db8 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 41: 0000000000600dc8 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 42: 0000000000600db0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 43: 0000000000600fb8 0 OBJECT LOCAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_ 44: 0000000000400710 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 45: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 46: 0000000000601000 0 NOTYPE WEAK DEFAULT 23 data_start 47: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 23 _edata 48: 0000000000400714 0 FUNC GLOBAL DEFAULT 14 _fini 49: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 52: 0000000000601000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 53: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 54: 0000000000400728 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 55: 0000000000400630 104 FUNC GLOBAL DEFAULT 13 announcement 56: 0000000000400720 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 57: 00000000004006a0 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 58: 0000000000601008 0 NOTYPE GLOBAL DEFAULT 24 _end 59: 000000000040053c 0 FUNC GLOBAL DEFAULT 13 _start 60: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 24 __bss_start 61: 0000000000400520 25 FUNC GLOBAL DEFAULT 13 main 62: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 63: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 64: 0000000000601008 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__ 65: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 66: 00000000004004a0 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: ok (0x400630) ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: ok (0x400630) # Check state of hardening features via check script perl ../build-tree/hardening-check -p ../build-tree/wrapper-test-linked ../build-tree/wrapper-test-linked: Position Independent Executable: no, normal executable! (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Manually check state of hardening features # Skipped PIE test # Test Stack Protector nm ../build-tree/wrapper-test-linked | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Test Fortify nm ../build-tree/wrapper-test-linked | egrep '__(sn)?printf_chk($|@@GLIBC)' U __printf_chk@@GLIBC_2.3.4 # Test Format (no-op currently) # Test for RELRO readelf -lW ../build-tree/wrapper-test-linked | grep GNU_RELRO GNU_RELRO 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000250 0x000250 R 0x1 # Test for BIND_NOW readelf -dW ../build-tree/wrapper-test-linked | grep BIND_NOW 0x0000000000000018 (BIND_NOW) # Build directly with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC-direct hello.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC-direct hello.c /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-fPIC-direct /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. /tmp/ccfX8mIK.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o ../build-tree/wrapper-test-fPIC-direct ../build-tree/wrapper-test-fPIC-direct: ok (0x400670) # Build .o with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC.o -c hello.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC.o -c hello.c # Link .o with -fPIC already defined ../build-tree/hardened-cc -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC.o /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -fPIC -O2 -o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC.o /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-fPIC /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. ../build-tree/wrapper-test-fPIC.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o ../build-tree/wrapper-test-fPIC ../build-tree/wrapper-test-fPIC: ok (0x400670) # Make sure build fails due to -Werror=format-security ! ../build-tree/hardened-cc -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-format-security format.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-format-security format.c format.c: In function 'main': format.c:11:5: error: format not a string literal and no format arguments [-Werror=format-security] return fprintf(stderr, argv[0]); ^ cc1: some warnings being treated as errors # Make sure build succeeds with -Wno-format-security ../build-tree/hardened-cc -B ../build-tree/ -O2 -Wno-format-security -o ../build-tree/wrapper-test-format-security format.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -Wno-format-security -o ../build-tree/wrapper-test-format-security format.c /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-format-security /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. /tmp/ccjRYSOR.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o # Make sure build stack-protects a small ssp buffer ../build-tree/hardened-cc -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-ssp-buffer-size-protect ssp-buffer-size-protect.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-ssp-buffer-size-protect ssp-buffer-size-protect.c /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-ssp-buffer-size-protect /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. /tmp/ccSH4M2Z.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o # Test Stack Protector nm ../build-tree/wrapper-test-ssp-buffer-size-protect | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Make sure build does not stack-protects a tiny ssp buffer ../build-tree/hardened-cc -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-ssp-buffer-size-skip ssp-buffer-size-skip.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -o ../build-tree/wrapper-test-ssp-buffer-size-skip ssp-buffer-size-skip.c /usr/bin/ld.bfd -z relro -z now --build-id --no-add-needed --eh-frame-hdr --hash-style=gnu -m elf_x86_64 -dynamic-linker /lib64/ld-linux-x86-64.so.2 -o ../build-tree/wrapper-test-ssp-buffer-size-skip /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crt1.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crti.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtbegin.o -L../build-tree -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64 -L/lib/../lib64 -L/usr/lib/../lib64 -L/usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../.. /tmp/cckOPLr6.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/x86_64-redhat-linux/4.8.2/crtend.o /usr/lib/gcc/x86_64-redhat-linux/4.8.2/../../../../lib64/crtn.o # Test Stack Protector is correctly skipped ! nm ../build-tree/wrapper-test-ssp-buffer-size-skip | egrep '__stack_chk_fail($|@@GLIBC)' ../build-tree/hardened-cc -B ../build-tree/ -O2 -c -o ../build-tree/wrapper-test-all.o hello.c /usr/bin/gcc -fstack-protector --param=ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -B ../build-tree/ -O2 -c -o ../build-tree/wrapper-test-all.o hello.c ar r ../build-tree/wrapper-test-all.a ../build-tree/wrapper-test-all.o ar: creating ../build-tree/wrapper-test-all.a readelf -ldrsW ../build-tree/wrapper-test-all.a File: ../build-tree/wrapper-test-all.a(wrapper-test-all.o) There are no program headers in this file. Relocation section '.rela.text' at offset 0x748 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 000000000000000b 000000050000000a R_X86_64_32 0000000000000000 .rodata.str1.1 + 0 000000000000002b 0000000b00000002 R_X86_64_PC32 0000000000000000 snprintf - 4 0000000000000035 0000000a0000000a R_X86_64_32 0000000000000000 announcement + 0 000000000000003a 000000050000000a R_X86_64_32 0000000000000000 .rodata.str1.1 + 3 0000000000000044 0000000c00000002 R_X86_64_PC32 0000000000000000 __printf_chk - 4 0000000000000064 0000000d00000002 R_X86_64_PC32 0000000000000000 __stack_chk_fail - 4 Relocation section '.rela.text.startup' at offset 0x7d8 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000008 0000000a00000002 R_X86_64_PC32 0000000000000000 announcement - 4 Relocation section '.rela.eh_frame' at offset 0x7f0 contains 2 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000020 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 0 000000000000003c 0000000600000002 R_X86_64_PC32 0000000000000000 .text.startup + 0 Symbol table '.symtab' contains 15 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 3: 0000000000000000 0 SECTION LOCAL DEFAULT 3 4: 0000000000000000 0 SECTION LOCAL DEFAULT 4 5: 0000000000000000 0 SECTION LOCAL DEFAULT 5 6: 0000000000000000 0 SECTION LOCAL DEFAULT 6 7: 0000000000000000 0 SECTION LOCAL DEFAULT 9 8: 0000000000000000 0 SECTION LOCAL DEFAULT 10 9: 0000000000000000 0 SECTION LOCAL DEFAULT 8 10: 0000000000000000 104 FUNC GLOBAL DEFAULT 1 announcement 11: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND snprintf 12: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __printf_chk 13: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __stack_chk_fail 14: 0000000000000000 25 FUNC GLOBAL DEFAULT 6 main perl ../build-tree/hardening-check -p ../build-tree/wrapper-test-all.a ../build-tree/wrapper-test-all.a: Position Independent Executable: no, object archive (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: no, non-ELF (ignored) Immediate binding: no, non-ELF (ignored) DEB_BUILD_HARDENING=0 ../build-tree/hardened-cc -B ../build-tree/ -c -o ../build-tree/wrapper-test-none.o hello.c /usr/bin/gcc -B ../build-tree/ -c -o ../build-tree/wrapper-test-none.o hello.c ar r ../build-tree/wrapper-test-none.a ../build-tree/wrapper-test-none.o ar: creating ../build-tree/wrapper-test-none.a readelf -ldrsW ../build-tree/wrapper-test-none.a File: ../build-tree/wrapper-test-none.a(wrapper-test-none.o) There are no program headers in this file. Relocation section '.rela.text' at offset 0x670 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000024 000000050000000a R_X86_64_32 0000000000000000 .rodata + 0 0000000000000036 0000000a00000002 R_X86_64_PC32 0000000000000000 snprintf - 4 0000000000000042 000000090000000a R_X86_64_32 0000000000000000 announcement + 0 000000000000004a 000000050000000a R_X86_64_32 0000000000000000 .rodata + 3 0000000000000054 0000000b00000002 R_X86_64_PC32 0000000000000000 printf - 4 0000000000000074 0000000900000002 R_X86_64_PC32 0000000000000000 announcement - 4 Relocation section '.rela.eh_frame' at offset 0x700 contains 2 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000020 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 0 0000000000000040 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 5a Symbol table '.symtab' contains 13 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 3: 0000000000000000 0 SECTION LOCAL DEFAULT 3 4: 0000000000000000 0 SECTION LOCAL DEFAULT 4 5: 0000000000000000 0 SECTION LOCAL DEFAULT 5 6: 0000000000000000 0 SECTION LOCAL DEFAULT 7 7: 0000000000000000 0 SECTION LOCAL DEFAULT 8 8: 0000000000000000 0 SECTION LOCAL DEFAULT 6 9: 0000000000000000 90 FUNC GLOBAL DEFAULT 1 announcement 10: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND snprintf 11: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND printf 12: 000000000000005a 40 FUNC GLOBAL DEFAULT 1 main if perl ../build-tree/hardening-check -p ../build-tree/wrapper-test-none.a; then exit 1; fi ../build-tree/wrapper-test-none.a: Position Independent Executable: no, object archive (ignored) Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: no, non-ELF (ignored) Immediate binding: no, non-ELF (ignored) make[2]: Leaving directory `/builddir/build/BUILD/hardening-wrapper/tests' make -f Makefile.includes check make[2]: Entering directory `/builddir/build/BUILD/hardening-wrapper/tests' # Compiler and linker options disabled. DEB_BUILD_HARDENING=0 cc -o ../build-tree/includes-test-stock hello.c readelf -ldrsW ../build-tree/includes-test-stock Elf file type is EXEC (Executable file) Entry point 0x400490 There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x000804 0x000804 R E 0x200000 LOAD 0x000e10 0x0000000000600e10 0x0000000000600e10 0x00022c 0x000230 RW 0x200000 DYNAMIC 0x000e28 0x0000000000600e28 0x0000000000600e28 0x0001d0 0x0001d0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x0006b0 0x00000000004006b0 0x00000000004006b0 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000e10 0x0000000000600e10 0x0000000000600e10 0x0001f0 0x0001f0 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xe28 contains 24 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x400418 0x000000000000000d (FINI) 0x400684 0x0000000000000019 (INIT_ARRAY) 0x600e10 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600e18 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400330 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 65 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x601000 0x0000000000000002 (PLTRELSZ) 96 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x4003b8 0x0000000000000007 (RELA) 0x4003a0 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x400380 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x400372 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x3a0 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x3b8 contains 4 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000601018 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 printf + 0 0000000000601020 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000601028 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000601030 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 Symbol table '.dynsym' contains 5 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@GLIBC_2.2.5 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (2) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (2) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ Symbol table '.symtab' contains 67 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400330 0 SECTION LOCAL DEFAULT 6 7: 0000000000400372 0 SECTION LOCAL DEFAULT 7 8: 0000000000400380 0 SECTION LOCAL DEFAULT 8 9: 00000000004003a0 0 SECTION LOCAL DEFAULT 9 10: 00000000004003b8 0 SECTION LOCAL DEFAULT 10 11: 0000000000400418 0 SECTION LOCAL DEFAULT 11 12: 0000000000400440 0 SECTION LOCAL DEFAULT 12 13: 0000000000400490 0 SECTION LOCAL DEFAULT 13 14: 0000000000400684 0 SECTION LOCAL DEFAULT 14 15: 0000000000400690 0 SECTION LOCAL DEFAULT 15 16: 00000000004006b0 0 SECTION LOCAL DEFAULT 16 17: 00000000004006f0 0 SECTION LOCAL DEFAULT 17 18: 0000000000600e10 0 SECTION LOCAL DEFAULT 18 19: 0000000000600e18 0 SECTION LOCAL DEFAULT 19 20: 0000000000600e20 0 SECTION LOCAL DEFAULT 20 21: 0000000000600e28 0 SECTION LOCAL DEFAULT 21 22: 0000000000600ff8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601038 0 SECTION LOCAL DEFAULT 24 25: 000000000060103c 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 SECTION LOCAL DEFAULT 26 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 29: 00000000004004c0 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 30: 00000000004004f0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 31: 0000000000400530 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 000000000060103c 1 OBJECT LOCAL DEFAULT 25 completed.6366 33: 0000000000600e18 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 34: 0000000000400550 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 0000000000600e10 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 37: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 38: 0000000000400800 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 39: 0000000000600e20 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 40: 0000000000000000 0 FILE LOCAL DEFAULT ABS 41: 0000000000600e18 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 42: 0000000000600e28 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 43: 0000000000600e10 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 44: 0000000000601000 0 OBJECT LOCAL DEFAULT 23 _GLOBAL_OFFSET_TABLE_ 45: 0000000000400680 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 46: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 47: 0000000000601038 0 NOTYPE WEAK DEFAULT 24 data_start 48: 000000000060103c 0 NOTYPE GLOBAL DEFAULT 24 _edata 49: 0000000000400684 0 FUNC GLOBAL DEFAULT 14 _fini 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND printf@@GLIBC_2.2.5 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 52: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 53: 0000000000601038 0 NOTYPE GLOBAL DEFAULT 24 __data_start 54: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 55: 0000000000400698 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 56: 0000000000400580 90 FUNC GLOBAL DEFAULT 13 announcement 57: 0000000000400690 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 58: 0000000000400610 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 59: 0000000000601040 0 NOTYPE GLOBAL DEFAULT 25 _end 60: 0000000000400490 0 FUNC GLOBAL DEFAULT 13 _start 61: 000000000060103c 0 NOTYPE GLOBAL DEFAULT 25 __bss_start 62: 00000000004005da 40 FUNC GLOBAL DEFAULT 13 main 63: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 64: 0000000000601040 0 OBJECT GLOBAL HIDDEN 24 __TMC_END__ 65: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 66: 0000000000400418 0 FUNC GLOBAL DEFAULT 11 _init ../build-tree/includes-test-stock ../build-tree/includes-test-stock: ok (0x400580) # Compiler options enabled. (linker is not wrapper) cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-compiled hello.c readelf -ldrsW ../build-tree/includes-test-compiled Elf file type is EXEC (Executable file) Entry point 0x40053c There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00088c 0x00088c R E 0x200000 LOAD 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000254 0x000258 RW 0x200000 DYNAMIC 0x000dc8 0x0000000000600dc8 0x0000000000600dc8 0x0001f0 0x0001f0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x000740 0x0000000000400740 0x0000000000400740 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000250 0x000250 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xdc8 contains 26 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4004a0 0x000000000000000d (FINI) 0x400714 0x0000000000000019 (INIT_ARRAY) 0x600db0 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600db8 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400348 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 117 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x600fb8 0x0000000000000002 (PLTRELSZ) 120 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400428 0x0000000000000007 (RELA) 0x400410 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x0000000000000018 (BIND_NOW) 0x000000006ffffffb (FLAGS_1) Flags: NOW 0x000000006ffffffe (VERNEED) 0x4003d0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x4003be 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x410 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x428 contains 5 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600fd0 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __stack_chk_fail + 0 0000000000600fd8 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000600fe0 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000600fe8 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 0000000000600ff0 0000000500000007 R_X86_64_JUMP_SLOT 0000000000000000 __printf_chk + 0 Symbol table '.dynsym' contains 6 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (3) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (4) Symbol table '.symtab' contains 67 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400348 0 SECTION LOCAL DEFAULT 6 7: 00000000004003be 0 SECTION LOCAL DEFAULT 7 8: 00000000004003d0 0 SECTION LOCAL DEFAULT 8 9: 0000000000400410 0 SECTION LOCAL DEFAULT 9 10: 0000000000400428 0 SECTION LOCAL DEFAULT 10 11: 00000000004004a0 0 SECTION LOCAL DEFAULT 11 12: 00000000004004c0 0 SECTION LOCAL DEFAULT 12 13: 0000000000400520 0 SECTION LOCAL DEFAULT 13 14: 0000000000400714 0 SECTION LOCAL DEFAULT 14 15: 0000000000400720 0 SECTION LOCAL DEFAULT 15 16: 0000000000400740 0 SECTION LOCAL DEFAULT 16 17: 0000000000400780 0 SECTION LOCAL DEFAULT 17 18: 0000000000600db0 0 SECTION LOCAL DEFAULT 18 19: 0000000000600db8 0 SECTION LOCAL DEFAULT 19 20: 0000000000600dc0 0 SECTION LOCAL DEFAULT 20 21: 0000000000600dc8 0 SECTION LOCAL DEFAULT 21 22: 0000000000600fb8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601004 0 SECTION LOCAL DEFAULT 24 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 29: 0000000000400570 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 30: 00000000004005a0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 31: 00000000004005e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 0000000000601004 1 OBJECT LOCAL DEFAULT 24 completed.6366 33: 0000000000600db8 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 34: 0000000000400600 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 0000000000600db0 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 37: 0000000000400888 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 38: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 39: 0000000000000000 0 FILE LOCAL DEFAULT ABS 40: 0000000000600db8 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 41: 0000000000600dc8 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 42: 0000000000600db0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 43: 0000000000600fb8 0 OBJECT LOCAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_ 44: 0000000000400710 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 45: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 46: 0000000000601000 0 NOTYPE WEAK DEFAULT 23 data_start 47: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 23 _edata 48: 0000000000400714 0 FUNC GLOBAL DEFAULT 14 _fini 49: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 52: 0000000000601000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 53: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 54: 0000000000400728 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 55: 0000000000400630 104 FUNC GLOBAL DEFAULT 13 announcement 56: 0000000000400720 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 57: 00000000004006a0 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 58: 0000000000601008 0 NOTYPE GLOBAL DEFAULT 24 _end 59: 000000000040053c 0 FUNC GLOBAL DEFAULT 13 _start 60: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 24 __bss_start 61: 0000000000400520 25 FUNC GLOBAL DEFAULT 13 main 62: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 63: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 64: 0000000000601008 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__ 65: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 66: 00000000004004a0 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/includes-test-compiled ../build-tree/includes-test-compiled: ok (0x400630) ../build-tree/includes-test-compiled ../build-tree/includes-test-compiled: ok (0x400630) # Compiler and linker options enabled. cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-linked hello.c readelf -ldrsW ../build-tree/includes-test-linked Elf file type is EXEC (Executable file) Entry point 0x40053c There are 9 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001f8 0x0001f8 R E 0x8 INTERP 0x000238 0x0000000000400238 0x0000000000400238 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x00088c 0x00088c R E 0x200000 LOAD 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000254 0x000258 RW 0x200000 DYNAMIC 0x000dc8 0x0000000000600dc8 0x0000000000600dc8 0x0001f0 0x0001f0 RW 0x8 NOTE 0x000254 0x0000000000400254 0x0000000000400254 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x000740 0x0000000000400740 0x0000000000400740 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 GNU_RELRO 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000250 0x000250 R 0x1 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 08 .init_array .fini_array .jcr .dynamic .got Dynamic section at offset 0xdc8 contains 26 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4004a0 0x000000000000000d (FINI) 0x400714 0x0000000000000019 (INIT_ARRAY) 0x600db0 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600db8 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400298 0x0000000000000005 (STRTAB) 0x400348 0x0000000000000006 (SYMTAB) 0x4002b8 0x000000000000000a (STRSZ) 117 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x600fb8 0x0000000000000002 (PLTRELSZ) 120 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400428 0x0000000000000007 (RELA) 0x400410 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x0000000000000018 (BIND_NOW) 0x000000006ffffffb (FLAGS_1) Flags: NOW 0x000000006ffffffe (VERNEED) 0x4003d0 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x4003be 0x0000000000000000 (NULL) 0x0 Relocation section '.rela.dyn' at offset 0x410 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600ff8 0000000400000006 R_X86_64_GLOB_DAT 0000000000000000 __gmon_start__ + 0 Relocation section '.rela.plt' at offset 0x428 contains 5 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000600fd0 0000000100000007 R_X86_64_JUMP_SLOT 0000000000000000 __stack_chk_fail + 0 0000000000600fd8 0000000200000007 R_X86_64_JUMP_SLOT 0000000000000000 snprintf + 0 0000000000600fe0 0000000300000007 R_X86_64_JUMP_SLOT 0000000000000000 __libc_start_main + 0 0000000000600fe8 0000000400000007 R_X86_64_JUMP_SLOT 0000000000000000 __gmon_start__ + 0 0000000000600ff0 0000000500000007 R_X86_64_JUMP_SLOT 0000000000000000 __printf_chk + 0 Symbol table '.dynsym' contains 6 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@GLIBC_2.4 (2) 2: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@GLIBC_2.2.5 (3) 3: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@GLIBC_2.2.5 (3) 4: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 5: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@GLIBC_2.3.4 (4) Symbol table '.symtab' contains 67 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000400238 0 SECTION LOCAL DEFAULT 1 2: 0000000000400254 0 SECTION LOCAL DEFAULT 2 3: 0000000000400274 0 SECTION LOCAL DEFAULT 3 4: 0000000000400298 0 SECTION LOCAL DEFAULT 4 5: 00000000004002b8 0 SECTION LOCAL DEFAULT 5 6: 0000000000400348 0 SECTION LOCAL DEFAULT 6 7: 00000000004003be 0 SECTION LOCAL DEFAULT 7 8: 00000000004003d0 0 SECTION LOCAL DEFAULT 8 9: 0000000000400410 0 SECTION LOCAL DEFAULT 9 10: 0000000000400428 0 SECTION LOCAL DEFAULT 10 11: 00000000004004a0 0 SECTION LOCAL DEFAULT 11 12: 00000000004004c0 0 SECTION LOCAL DEFAULT 12 13: 0000000000400520 0 SECTION LOCAL DEFAULT 13 14: 0000000000400714 0 SECTION LOCAL DEFAULT 14 15: 0000000000400720 0 SECTION LOCAL DEFAULT 15 16: 0000000000400740 0 SECTION LOCAL DEFAULT 16 17: 0000000000400780 0 SECTION LOCAL DEFAULT 17 18: 0000000000600db0 0 SECTION LOCAL DEFAULT 18 19: 0000000000600db8 0 SECTION LOCAL DEFAULT 19 20: 0000000000600dc0 0 SECTION LOCAL DEFAULT 20 21: 0000000000600dc8 0 SECTION LOCAL DEFAULT 21 22: 0000000000600fb8 0 SECTION LOCAL DEFAULT 22 23: 0000000000601000 0 SECTION LOCAL DEFAULT 23 24: 0000000000601004 0 SECTION LOCAL DEFAULT 24 25: 0000000000000000 0 SECTION LOCAL DEFAULT 25 26: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 27: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 28: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_LIST__ 29: 0000000000400570 0 FUNC LOCAL DEFAULT 13 deregister_tm_clones 30: 00000000004005a0 0 FUNC LOCAL DEFAULT 13 register_tm_clones 31: 00000000004005e0 0 FUNC LOCAL DEFAULT 13 __do_global_dtors_aux 32: 0000000000601004 1 OBJECT LOCAL DEFAULT 24 completed.6366 33: 0000000000600db8 0 OBJECT LOCAL DEFAULT 19 __do_global_dtors_aux_fini_array_entry 34: 0000000000400600 0 FUNC LOCAL DEFAULT 13 frame_dummy 35: 0000000000600db0 0 OBJECT LOCAL DEFAULT 18 __frame_dummy_init_array_entry 36: 0000000000000000 0 FILE LOCAL DEFAULT ABS crtstuff.c 37: 0000000000400888 0 OBJECT LOCAL DEFAULT 17 __FRAME_END__ 38: 0000000000600dc0 0 OBJECT LOCAL DEFAULT 20 __JCR_END__ 39: 0000000000000000 0 FILE LOCAL DEFAULT ABS 40: 0000000000600db8 0 NOTYPE LOCAL DEFAULT 18 __init_array_end 41: 0000000000600dc8 0 OBJECT LOCAL DEFAULT 21 _DYNAMIC 42: 0000000000600db0 0 NOTYPE LOCAL DEFAULT 18 __init_array_start 43: 0000000000600fb8 0 OBJECT LOCAL DEFAULT 22 _GLOBAL_OFFSET_TABLE_ 44: 0000000000400710 2 FUNC GLOBAL DEFAULT 13 __libc_csu_fini 45: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_deregisterTMCloneTable 46: 0000000000601000 0 NOTYPE WEAK DEFAULT 23 data_start 47: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 23 _edata 48: 0000000000400714 0 FUNC GLOBAL DEFAULT 14 _fini 49: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __stack_chk_fail@@GLIBC_2.4 50: 0000000000000000 0 FUNC GLOBAL DEFAULT UND snprintf@@GLIBC_2.2.5 51: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __libc_start_main@@GLIBC_2.2.5 52: 0000000000601000 0 NOTYPE GLOBAL DEFAULT 23 __data_start 53: 0000000000000000 0 NOTYPE WEAK DEFAULT UND __gmon_start__ 54: 0000000000400728 0 OBJECT GLOBAL HIDDEN 15 __dso_handle 55: 0000000000400630 104 FUNC GLOBAL DEFAULT 13 announcement 56: 0000000000400720 4 OBJECT GLOBAL DEFAULT 15 _IO_stdin_used 57: 00000000004006a0 101 FUNC GLOBAL DEFAULT 13 __libc_csu_init 58: 0000000000601008 0 NOTYPE GLOBAL DEFAULT 24 _end 59: 000000000040053c 0 FUNC GLOBAL DEFAULT 13 _start 60: 0000000000601004 0 NOTYPE GLOBAL DEFAULT 24 __bss_start 61: 0000000000400520 25 FUNC GLOBAL DEFAULT 13 main 62: 0000000000000000 0 FUNC GLOBAL DEFAULT UND __printf_chk@@GLIBC_2.3.4 63: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _Jv_RegisterClasses 64: 0000000000601008 0 OBJECT GLOBAL HIDDEN 23 __TMC_END__ 65: 0000000000000000 0 NOTYPE WEAK DEFAULT UND _ITM_registerTMCloneTable 66: 00000000004004a0 0 FUNC GLOBAL DEFAULT 11 _init # Run twice to show off PIE, if available in kernel ../build-tree/includes-test-linked ../build-tree/includes-test-linked: ok (0x400630) ../build-tree/includes-test-linked ../build-tree/includes-test-linked: ok (0x400630) # Check state of hardening features via check script perl ../build-tree/hardening-check -p ../build-tree/includes-test-linked ../build-tree/includes-test-linked: Position Independent Executable: no, normal executable! (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Manually check state of hardening features # Skipped PIE test # Test Stack Protector nm ../build-tree/includes-test-linked | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Test Fortify nm ../build-tree/includes-test-linked | egrep '__(sn)?printf_chk($|@@GLIBC)' U __printf_chk@@GLIBC_2.3.4 # Test Format (no-op currently) # Test for RELRO readelf -lW ../build-tree/includes-test-linked | grep GNU_RELRO GNU_RELRO 0x000db0 0x0000000000600db0 0x0000000000600db0 0x000250 0x000250 R 0x1 # Test for BIND_NOW readelf -dW ../build-tree/includes-test-linked | grep BIND_NOW 0x0000000000000018 (BIND_NOW) # Build directly with -fPIC already defined cc -fPIC -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC-direct hello.c ../build-tree/includes-test-fPIC-direct ../build-tree/includes-test-fPIC-direct: ok (0x400670) # Build .o with -fPIC already defined cc -fPIC -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC.o -c hello.c # Link .o with -fPIC already defined cc -fPIC -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-fPIC ../build-tree/includes-test-fPIC.o ../build-tree/includes-test-fPIC ../build-tree/includes-test-fPIC: ok (0x400670) # Make sure build fails due to -Werror=format-security ! cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-format-security format.c format.c: In function 'main': format.c:11:5: error: format not a string literal and no format arguments [-Werror=format-security] return fprintf(stderr, argv[0]); ^ cc1: some warnings being treated as errors # Make sure build succeeds with -Wno-format-security cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wno-format-security -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-format-security format.c # Make sure build stack-protects a small ssp buffer cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-ssp-buffer-size-protect ssp-buffer-size-protect.c # Test Stack Protector nm ../build-tree/includes-test-ssp-buffer-size-protect | egrep '__stack_chk_fail($|@@GLIBC)' U __stack_chk_fail@@GLIBC_2.4 # Make sure build does not stack-protects a tiny ssp buffer cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -o ../build-tree/includes-test-ssp-buffer-size-skip ssp-buffer-size-skip.c # Test Stack Protector is correctly skipped ! nm ../build-tree/includes-test-ssp-buffer-size-skip | egrep '__stack_chk_fail($|@@GLIBC)' cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -c -o ../build-tree/includes-test-all.o hello.c ar r ../build-tree/includes-test-all.a ../build-tree/includes-test-all.o ar: creating ../build-tree/includes-test-all.a readelf -ldrsW ../build-tree/includes-test-all.a File: ../build-tree/includes-test-all.a(includes-test-all.o) There are no program headers in this file. Relocation section '.rela.text' at offset 0x748 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 000000000000000b 000000050000000a R_X86_64_32 0000000000000000 .rodata.str1.1 + 0 000000000000002b 0000000b00000002 R_X86_64_PC32 0000000000000000 snprintf - 4 0000000000000035 0000000a0000000a R_X86_64_32 0000000000000000 announcement + 0 000000000000003a 000000050000000a R_X86_64_32 0000000000000000 .rodata.str1.1 + 3 0000000000000044 0000000c00000002 R_X86_64_PC32 0000000000000000 __printf_chk - 4 0000000000000064 0000000d00000002 R_X86_64_PC32 0000000000000000 __stack_chk_fail - 4 Relocation section '.rela.text.startup' at offset 0x7d8 contains 1 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000008 0000000a00000002 R_X86_64_PC32 0000000000000000 announcement - 4 Relocation section '.rela.eh_frame' at offset 0x7f0 contains 2 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000020 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 0 000000000000003c 0000000600000002 R_X86_64_PC32 0000000000000000 .text.startup + 0 Symbol table '.symtab' contains 15 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 3: 0000000000000000 0 SECTION LOCAL DEFAULT 3 4: 0000000000000000 0 SECTION LOCAL DEFAULT 4 5: 0000000000000000 0 SECTION LOCAL DEFAULT 5 6: 0000000000000000 0 SECTION LOCAL DEFAULT 6 7: 0000000000000000 0 SECTION LOCAL DEFAULT 9 8: 0000000000000000 0 SECTION LOCAL DEFAULT 10 9: 0000000000000000 0 SECTION LOCAL DEFAULT 8 10: 0000000000000000 104 FUNC GLOBAL DEFAULT 1 announcement 11: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND snprintf 12: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __printf_chk 13: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND __stack_chk_fail 14: 0000000000000000 25 FUNC GLOBAL DEFAULT 6 main perl ../build-tree/hardening-check -p ../build-tree/includes-test-all.a ../build-tree/includes-test-all.a: Position Independent Executable: no, object archive (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: no, non-ELF (ignored) Immediate binding: no, non-ELF (ignored) DEB_BUILD_HARDENING=0 cc -c -o ../build-tree/includes-test-none.o hello.c ar r ../build-tree/includes-test-none.a ../build-tree/includes-test-none.o ar: creating ../build-tree/includes-test-none.a readelf -ldrsW ../build-tree/includes-test-none.a File: ../build-tree/includes-test-none.a(includes-test-none.o) There are no program headers in this file. Relocation section '.rela.text' at offset 0x670 contains 6 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000024 000000050000000a R_X86_64_32 0000000000000000 .rodata + 0 0000000000000036 0000000a00000002 R_X86_64_PC32 0000000000000000 snprintf - 4 0000000000000042 000000090000000a R_X86_64_32 0000000000000000 announcement + 0 000000000000004a 000000050000000a R_X86_64_32 0000000000000000 .rodata + 3 0000000000000054 0000000b00000002 R_X86_64_PC32 0000000000000000 printf - 4 0000000000000074 0000000900000002 R_X86_64_PC32 0000000000000000 announcement - 4 Relocation section '.rela.eh_frame' at offset 0x700 contains 2 entries: Offset Info Type Symbol's Value Symbol's Name + Addend 0000000000000020 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 0 0000000000000040 0000000200000002 R_X86_64_PC32 0000000000000000 .text + 5a Symbol table '.symtab' contains 13 entries: Num: Value Size Type Bind Vis Ndx Name 0: 0000000000000000 0 NOTYPE LOCAL DEFAULT UND 1: 0000000000000000 0 FILE LOCAL DEFAULT ABS hello.c 2: 0000000000000000 0 SECTION LOCAL DEFAULT 1 3: 0000000000000000 0 SECTION LOCAL DEFAULT 3 4: 0000000000000000 0 SECTION LOCAL DEFAULT 4 5: 0000000000000000 0 SECTION LOCAL DEFAULT 5 6: 0000000000000000 0 SECTION LOCAL DEFAULT 7 7: 0000000000000000 0 SECTION LOCAL DEFAULT 8 8: 0000000000000000 0 SECTION LOCAL DEFAULT 6 9: 0000000000000000 90 FUNC GLOBAL DEFAULT 1 announcement 10: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND snprintf 11: 0000000000000000 0 NOTYPE GLOBAL DEFAULT UND printf 12: 000000000000005a 40 FUNC GLOBAL DEFAULT 1 main if perl ../build-tree/hardening-check -p ../build-tree/includes-test-none.a; then exit 1; fi ../build-tree/includes-test-none.a: Position Independent Executable: no, object archive (ignored) Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: no, non-ELF (ignored) Immediate binding: no, non-ELF (ignored) # Disable stack protector cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -fno-stack-protector -o ../build-tree/includes-disabled hello.c if perl ../build-tree/hardening-check -p ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! (ignored) Stack protected: no, not found! Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: yes # Disable fortify cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -U_FORTIFY_SOURCE -o ../build-tree/includes-disabled hello.c if perl ../build-tree/hardening-check -p ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! (ignored) Stack protected: yes Fortify Source functions: no, only unprotected functions found! Read-only relocations: yes Immediate binding: yes # Disable relro cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,norelro -o ../build-tree/includes-disabled hello.c if perl ../build-tree/hardening-check -p ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: no, not found! Immediate binding: yes # Disable bindnow cc -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 -Wl,-z,relro -Wl,-z,now -Wl,-z,lazy -o ../build-tree/includes-disabled hello.c if perl ../build-tree/hardening-check -p ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! (ignored) Stack protected: yes Fortify Source functions: yes (some protected functions found) Read-only relocations: yes Immediate binding: no, not found! # Disable everything cc \ -fstack-protector --param ssp-buffer-size=4 -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security -O2 \ -Wl,-z,relro -Wl,-z,now \ -fno-stack-protector \ -U_FORTIFY_SOURCE \ -Wno-format-security \ -Wl,-z,norelro \ -Wl,-z,lazy \ -o ../build-tree/includes-disabled hello.c if perl ../build-tree/hardening-check -p ../build-tree/includes-disabled; then exit 1; fi ../build-tree/includes-disabled: Position Independent Executable: no, normal executable! (ignored) Stack protected: no, not found! Fortify Source functions: no, only unprotected functions found! Read-only relocations: no, not found! Immediate binding: no, not found! readelf -ldW ../build-tree/includes-disabled Elf file type is EXEC (Executable file) Entry point 0x40046c There are 8 program headers, starting at offset 64 Program Headers: Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align PHDR 0x000040 0x0000000000400040 0x0000000000400040 0x0001c0 0x0001c0 R E 0x8 INTERP 0x000200 0x0000000000400200 0x0000000000400200 0x00001c 0x00001c R 0x1 [Requesting program interpreter: /lib64/ld-linux-x86-64.so.2] LOAD 0x000000 0x0000000000400000 0x0000000000400000 0x000784 0x000784 R E 0x200000 LOAD 0x000788 0x0000000000600788 0x0000000000600788 0x00022c 0x000230 RW 0x200000 DYNAMIC 0x0007a0 0x00000000006007a0 0x00000000006007a0 0x0001d0 0x0001d0 RW 0x8 NOTE 0x00021c 0x000000000040021c 0x000000000040021c 0x000044 0x000044 R 0x4 GNU_EH_FRAME 0x000640 0x0000000000400640 0x0000000000400640 0x00003c 0x00003c R 0x4 GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x8 Section to Segment mapping: Segment Sections... 00 01 .interp 02 .interp .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn .rela.plt .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame 03 .init_array .fini_array .jcr .dynamic .got .got.plt .data .bss 04 .dynamic 05 .note.ABI-tag .note.gnu.build-id 06 .eh_frame_hdr 07 Dynamic section at offset 0x7a0 contains 24 entries: Tag Type Name/Value 0x0000000000000001 (NEEDED) Shared library: [libc.so.6] 0x000000000000000c (INIT) 0x4003e0 0x000000000000000d (FINI) 0x400614 0x0000000000000019 (INIT_ARRAY) 0x600788 0x000000000000001b (INIT_ARRAYSZ) 8 (bytes) 0x000000000000001a (FINI_ARRAY) 0x600790 0x000000000000001c (FINI_ARRAYSZ) 8 (bytes) 0x000000006ffffef5 (GNU_HASH) 0x400260 0x0000000000000005 (STRTAB) 0x4002f8 0x0000000000000006 (SYMTAB) 0x400280 0x000000000000000a (STRSZ) 65 (bytes) 0x000000000000000b (SYMENT) 24 (bytes) 0x0000000000000015 (DEBUG) 0x0 0x0000000000000003 (PLTGOT) 0x600978 0x0000000000000002 (PLTRELSZ) 96 (bytes) 0x0000000000000014 (PLTREL) RELA 0x0000000000000017 (JMPREL) 0x400380 0x0000000000000007 (RELA) 0x400368 0x0000000000000008 (RELASZ) 24 (bytes) 0x0000000000000009 (RELAENT) 24 (bytes) 0x000000006ffffffe (VERNEED) 0x400348 0x000000006fffffff (VERNEEDNUM) 1 0x000000006ffffff0 (VERSYM) 0x40033a 0x0000000000000000 (NULL) 0x0 make[2]: Leaving directory `/builddir/build/BUILD/hardening-wrapper/tests' make[1]: Leaving directory `/builddir/build/BUILD/hardening-wrapper/tests' Processing files: hardening-check-2.5-1.fc20.noarch Executing(%doc): /bin/sh -e /var/tmp/rpm-tmp.qRgQcu + exit 0 + umask 022 + cd /builddir/build/BUILD + cd hardening-wrapper + DOCDIR=/builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + export DOCDIR + /usr/bin/mkdir -p /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + cp -pr AUTHORS /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + cp -pr TODO /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + cp -pr debian/changelog /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + cp -pr debian/copyright /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + cp -pr debian/README.Debian /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch/usr/share/doc/hardening-check + exit 0 Provides: hardening-check = 2.5-1.fc20 Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Requires: /usr/bin/perl perl(Getopt::Long) perl(IPC::Open3) perl(Pod::Usage) perl(Symbol) perl(Term::ANSIColor) perl(strict) perl(warnings) Checking for unpackaged file(s): /usr/lib/rpm/check-files /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch warning: Could not canonicalize hostname: buildhw-07.phx2.fedoraproject.org Wrote: /builddir/build/RPMS/hardening-check-2.5-1.fc20.noarch.rpm Executing(%clean): /bin/sh -e /var/tmp/rpm-tmp.AO8zKl + umask 022 + cd /builddir/build/BUILD + cd hardening-wrapper + /usr/bin/rm -rf /builddir/build/BUILDROOT/hardening-check-2.5-1.fc20.noarch + exit 0 Child return code was: 0 LEAVE do -->