Bitcoin
Functions | Variables
security-check Namespace Reference

Functions

def check_ELF_PIE (executable)
 
def get_ELF_program_headers (executable)
 
def check_ELF_NX (executable)
 
def check_ELF_RELRO (executable)
 
def check_ELF_Canary (executable)
 
def get_PE_dll_characteristics (executable)
 
def check_PE_DYNAMIC_BASE (executable)
 
def check_PE_HIGH_ENTROPY_VA (executable)
 
def check_PE_NX (executable)
 
def identify_executable (executable)
 

Variables

 READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')
 
 OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump')
 
dictionary NONFATAL = {}
 
int IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020
 
int IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040
 
int IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100
 
dictionary CHECKS
 
int retval = 0
 
def etype = identify_executable(filename)
 
list failed = []
 
list warning = []
 

Function Documentation

◆ check_ELF_Canary()

def security-check.check_ELF_Canary (   executable) 
Check for use of stack canary

◆ check_ELF_NX()

def security-check.check_ELF_NX (   executable) 
Check that no sections are writable and executable (including the stack)

◆ check_ELF_PIE()

def security-check.check_ELF_PIE (   executable) 
Check for position independent executable (PIE), allowing for address space randomization.

◆ check_ELF_RELRO()

def security-check.check_ELF_RELRO (   executable) 
Check for read-only relocations.
GNU_RELRO program header must exist
Dynamic section must have BIND_NOW flag

◆ check_PE_DYNAMIC_BASE()

def security-check.check_PE_DYNAMIC_BASE (   executable) 
PIE: DllCharacteristics bit 0x40 signifies dynamicbase (ASLR)

◆ check_PE_HIGH_ENTROPY_VA()

def security-check.check_PE_HIGH_ENTROPY_VA (   executable) 
PIE: DllCharacteristics bit 0x20 signifies high-entropy ASLR

◆ check_PE_NX()

def security-check.check_PE_NX (   executable) 
NX: DllCharacteristics bit 0x100 signifies nxcompat (DEP)

◆ get_ELF_program_headers()

def security-check.get_ELF_program_headers (   executable) 
Return type and flags for ELF program headers

◆ get_PE_dll_characteristics()

def security-check.get_PE_dll_characteristics (   executable) 
Get PE DllCharacteristics bits.
Returns a tuple (arch,bits) where arch is 'i386:x86-64' or 'i386'
and bits is the DllCharacteristics value.

◆ identify_executable()

def security-check.identify_executable (   executable)

Variable Documentation

◆ CHECKS

dictionary security-check.CHECKS
Initial value:
1 = {
2 'ELF': [
3  ('PIE', check_ELF_PIE),
4  ('NX', check_ELF_NX),
5  ('RELRO', check_ELF_RELRO),
6  ('Canary', check_ELF_Canary)
7 ],
8 'PE': [
9  ('DYNAMIC_BASE', check_PE_DYNAMIC_BASE),
10  ('HIGH_ENTROPY_VA', check_PE_HIGH_ENTROPY_VA),
11  ('NX', check_PE_NX)
12 ]
13 }

◆ etype

def security-check.etype = identify_executable(filename)

◆ failed

list security-check.failed = []

◆ IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE

int security-check.IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE = 0x0040

◆ IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA

int security-check.IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA = 0x0020

◆ IMAGE_DLL_CHARACTERISTICS_NX_COMPAT

int security-check.IMAGE_DLL_CHARACTERISTICS_NX_COMPAT = 0x0100

◆ NONFATAL

dictionary security-check.NONFATAL = {}

◆ OBJDUMP_CMD

security-check.OBJDUMP_CMD = os.getenv('OBJDUMP', '/usr/bin/objdump')

◆ READELF_CMD

security-check.READELF_CMD = os.getenv('READELF', '/usr/bin/readelf')

◆ retval

int security-check.retval = 0

◆ warning

list security-check.warning = []
Generated by   doxygen 1.8.15