checksec.sh icon indicating copy to clipboard operation
checksec.sh copied to clipboard
verified publisher icon slimm609

Broken CFI Checks

Open struct opened this issue 6 years ago • 2 comments

The new --extended CFI checks appear broken:

https://github.com/slimm609/checksec.sh/blob/fd840bcf3aeeb105dd83374ed80fce226ba0bc4b/checksec#L547-L556

  1. I think you will need readelf -Ws to capture long mangled C++ symbol function names
  2. The method of checking the first (?) entry of the array to see if theres a non .cfi function is likely full of false positives.

struct avatar Oct 07 '19 20:10 struct

https://github.com/dobin/clang-cfi-safestack-analysis

This is the repo I have used for reference testing, if you have source of false positives that I can use to test/troubleshoot, it would help in resolving the issue.

slimm609 avatar May 27 '20 14:05 slimm609

It seems that the grep pattern is broken? Was it intended to be \.cfi? I run into the following FP:

readelf -s /tmp/sample_go_binary | grep .cfi
  1143: 0000000000456640   261 FUNC    GLOBAL DEFAULT    1 runtime.funcfile

which results in CFI shown to be present

nettrino avatar Sep 01 '21 15:09 nettrino