diff options
| author | Andrey Arapov <arno@nixaid.com> | 2015-04-05 21:13:26 +0200 |
|---|---|---|
| committer | Andrey Arapov <arno@nixaid.com> | 2015-04-05 21:13:26 +0200 |
| commit | 96063873e2fd24dd4dbe44f85d079026ef62b6ef (patch) | |
| tree | dd5350db61c330e648c2210c82b2bcbba71bf9f6 /pkgs/os-specific/linux/checksec | |
| parent | 8300898f98e235dcfa321887d52b7f72f80b5ad5 (diff) | |
| download | nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar.gz nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar.bz2 nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar.lz nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar.xz nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.tar.zst nixpkgs-96063873e2fd24dd4dbe44f85d079026ef62b6ef.zip | |
checksec: use binutils instead of elfutils
readelf which makes most of checks should come from binutils package instead of elfutils E.g. the PIE check from checksec, different readelf gives different result: (elfutils) $ /nix/store/rgrji20513g19ci0sa6jydm86gpf4j42-elfutils-0.158/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx 2>/dev/null |grep -q '(DEBUG)' ; echo $? 1 (binutils) $ /nix/store/b8qhjrwf8sf9ggkjxqqav7f1m6w83bh0-binutils-2.23.1/bin/readelf -d /nix/store/q1sbn93v4k3166s091s9biygv9srv8qa-nginx-1.6.2/bin/nginx 2>/dev/null | grep -q '(DEBUG)' ; echo $? 0
Diffstat (limited to 'pkgs/os-specific/linux/checksec')
| -rw-r--r-- | pkgs/os-specific/linux/checksec/default.nix | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/checksec/default.nix b/pkgs/os-specific/linux/checksec/default.nix index 4701d774dfd..b423dc3a086 100644 --- a/pkgs/os-specific/linux/checksec/default.nix +++ b/pkgs/os-specific/linux/checksec/default.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchurl, file, findutils, elfutils, glibc }: +{ stdenv, fetchurl, file, findutils, binutils, glibc, procps, coreutils }: stdenv.mkDerivation rec { name = "checksec-${version}"; @@ -25,9 +25,11 @@ stdenv.mkDerivation rec { substituteInPlace $out/bin/checksec --replace find ${findutils}/bin/find substituteInPlace $out/bin/checksec --replace "file $" "${file}/bin/file $" substituteInPlace $out/bin/checksec --replace "xargs file" "xargs ${file}/bin/file" - substituteInPlace $out/bin/checksec --replace " readelf -" " ${elfutils}/bin/readelf -" - substituteInPlace $out/bin/checksec --replace "(readelf -" "(${elfutils}/bin/readelf -" - substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${elfutils}/bin/readelf" + substituteInPlace $out/bin/checksec --replace " readelf -" " ${binutils}/bin/readelf -" + substituteInPlace $out/bin/checksec --replace "(readelf -" "(${binutils}/bin/readelf -" + substituteInPlace $out/bin/checksec --replace "command_exists readelf" "command_exists ${binutils}/bin/readelf" + substituteInPlace $out/bin/checksec --replace "/sbin/sysctl -" "${procps}/sbin/sysctl -" + substituteInPlace $out/bin/checksec --replace "/usr/bin/id -" "${coreutils}/bin/id -" ''; phases = "unpackPhase patchPhase installPhase"; |