-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
First impression checksec-go #252
Comments
This is a difference between using cobra as part of golang which makes several things much easier including shell completion so this will be a difference between the 2. |
RELRO is partially broken at the moment (and listed in the README as broken) but FORTIFY should be pretty accurate. The count will be off a bit due to some difference in available functions but it should be more accurate. https://github.com/slimm609/checksec.sh/blob/main/pkg/checksec/fortify.go#L33. lists only functions that can actually be fortified. I have not backported this to the bash version since this is intended to replace it. |
RELRO is fixed in #253 |
I changed the color to green in the latest MR. The file size will be larger because it is a static binary that doesn't require any external dependencies. This means it does need to include all libraries needed to perform the scans. However, today you need to install many more dependencies and requires bash, and multiple packages that are no longer needed with the golang release. |
@slimm609 any ETA for the Golang version? |
I have been fighting with brew bottles to get it working as part of the release but I think I am going to pause that and just get it released. I will try to finish this week |
Glad to know that, I rely on checksec when compiling Linux packages and I do this quite often. |
3.0.0 has been released. |
I come back with some clarification requests (exposed in the first post of this thread). |
RELRO still has problems. If ELF is linked with
|
Source file: |
@slimm609 FYI I've been maintaining Bash-based checksec 2.x.x in Gentoo but am not at home in the Golang ecosystem enough to be a good maintainer of Go-based >=3.0.0 and so have reached out to fellow Gentoo developers to find someone taking over a Golang-remake of the Gentoo package for >=3.0.0 at https://bugs.gentoo.org/946784 and also via mailing list |
Can you share details for the code that builds the package that exists now? I am not familiar with the gentoo build process but it should be fairly easy to adapt and can see what I can do to help |
@slimm609 the hard part are the Golang dependencies, so the ebuild targetting the Bash version will likely not help much with the actual task (but it's at https://gitweb.gentoo.org/repo/gentoo.git/tree/app-admin/checksec/checksec-2.7.1-r1.ebuild if you're curious, still). |
@hartwork yea, I understand. I wasn’t familiar with the gentoo sources but kubectx(https://gitweb.gentoo.org/repo/gentoo.git/tree/app-admin/kubectx/kubectx-0.9.4.ebuild) is a similar process to build as the new golang checksec |
@slimm609 |
There are small differences in the options, for example:
./checksec --file=/usr/bin/ssh
vs
./main file /usr/bin/ssh
The variant for Golang seems to me not very intuitive, that is:
Is ASCII Art Generator for checksec a bit too big?
RELRO and FORTIFY still differ between the two versions. I only checked for /usr/bin/ssh
The text was updated successfully, but these errors were encountered: