Re: F32 ELF file analysis

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wednesday, April 8, 2020 11:11:36 AM EDT David Cantrell wrote:
> >Just wanted to share with everyone the results of a data collection on
> >various metrics of ELF files when installing just @Core group.
> >
> >http://people.redhat.com/sgrubb/analysis/f32-analysis.slides.html#/
> >
> >I recommend clicking on the "pop out" link and then you have more room to
> >see the results. To use it grab SOURCERPM and dragh it just below
> >"count", then drag FILE under SOURCERPM, then grab STACK_PROT and drag it
> >to the right of count. Next click on the drop down and uncheck "ok".
> >Click apply. Now you have the listing of all files without the right
> >stack protector hardening.
> >
> >Go back into the STACK_PROT, check ok, click apply. Drag STACK_PROT back
> >to where it came from, grab USES_SECCOMP, drag it to the right of
> >"count", click drop down, uncheck "no", click apply, now you have the
> >list of programs using seccomp for confinement.
> >
> >Have fun playing with the data. Just remember when you subset the data, it
> >stays that way until you check all boxes. In case your curious, this is
> >exported from a Jupyter Notebook.
> 
> This is a nice visual.

I'm hoping it inspires people to do some poking around to help harden the OS 
a little more. For example, you can click on CLASS and uncheck everything but 
daemons. Then go down to CHANGES_UID and make only the no checked. This is 
how many daemons are not changing to another account and still using root.

> I'd like to ensure the check in rpminspect is doing
> the same thing.  What are you using to check for your STACK_PROT

This is annocheck

> and USES_SECCOMP?

readelf -s $f 2>/dev/null | grep FUNC | egrep 'seccomp_rule_add|seccomp'

This detects either direct use of seccomp or use of libseccomp.

Best Regards,
-Steve

_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux