File tree Expand file tree Collapse file tree 1 file changed +15
-5
lines changed Expand file tree Collapse file tree 1 file changed +15
-5
lines changed Original file line number Diff line number Diff line change @@ -350,12 +350,22 @@ for them.
350350
351351This is somewhat hard to do with an external tool, since there is
352352no way of looking at a binary and telling what mitigations its components
353- have (for example [ ` hardening-check(1) ` ] , exists, but its check for
354- stack smashing protection only checks that at least 1 function has stack
355- cookies, rather than checking that every interesting function has it
356- enabled).
357-
353+ have.
354+
355+ There are howevever some external tools that do check for mitigations:
356+
357+ 1 . [ ` hardening-check(1) ` ] exists, but its check for stack smashing protection only
358+ checks that at least 1 function has stack cookies, rather than checking that
359+ every interesting function has it enabled.
360+ 2 . The Linux kernel has [ ` objtool ` ] , which checks for some other mitigations (for
361+ example, retpolines). It however needs to access the ` .o ` object files
362+ rather than to the final linked executable or shared library - which
363+ requires its user to control the linking process - and also has hardcoded
364+ limitations that make it only suitable for the Linux kernel, rather than
365+ being useful as a general-purpose tool.
366+
358367[ `hardening-check(1)` ] : https://manpages.debian.org/testing/devscripts/hardening-check.1.en.html
368+ [ `objtool` ] : https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/tools/objtool/Documentation/objtool.txt?id=5cd64d4f92683afa691a6b83dcad5adfb2165ed0
359369
360370## .note.gnu.property
361371
You can’t perform that action at this time.
0 commit comments