Merge pull request #206 from sreschke80/shared/libcsearch

Search libc at user defined place, allow cross plattform analysis
slimm609 · Dec 15, 2022 · 41e291b · 41e291b
2 parents d5b6bc5 + 0b6beb9
commit 41e291b
Show file tree

Hide file tree

Showing 6 changed files with 82 additions and 24 deletions.
diff --git a/checksec b/checksec
@@ -98,19 +98,37 @@ if [[ ${commandsmissing} == true ]]; then
   sleep 2
 fi
 
-#FS_libc is used across multiple functions
-for libc in libc.so.6 libc.so.7 libc.so; do
-  if [[ -n $(find / -name ${libc}) ]]; then
-    read -r FS_libc < <(find / -name ${libc})
-    break
+# search for libc
+# shall be called before using variable FS_libc
+search_libc() {
+  if [[ -z ${FS_libc} ]]; then
+    # if a specific search path is given, use it
+    LIBC_SEARCH_PATH=/
+    if [[ -n "${LIBC_FILE}" ]]; then
+      if [[ -f "${LIBC_FILE}" ]]; then
+        FS_libc=${LIBC_FILE}
+      elif [[ -d "${LIBC_FILE}" ]]; then
+        LIBC_SEARCH_PATH=${LIBC_FILE}
+      fi
+    fi
+
+    if [[ -z ${FS_libc} ]]; then
+      #FS_libc is used across multiple functions
+      for libc in libc.so.6 libc.so.7 libc.so; do
+        if [[ -n $(find "${LIBC_SEARCH_PATH}" -name ${libc}) ]]; then
+          read -r FS_libc < <(find "${LIBC_SEARCH_PATH}" -name ${libc})
+          break
+        fi
+      done
+    fi
+    if [[ -e ${FS_libc} ]]; then
+      export FS_libc
+    else
+      printf "\033[31mError: libc not found.\033[m\n\n"
+      exit 1
+    fi
   fi
-done
-if [[ -e ${FS_libc} ]]; then
-  export FS_libc
-else
-  printf "\033[31mError: libc not found.\033[m\n\n"
-  exit 1
-fi
+}
 
 for command in readelf eu-readelf greadelf; do
   if (command_exists ${command}); then
@@ -358,6 +376,8 @@ chk_fortify_file() {
     exit 1
   fi
 
+  search_libc
+
   FS_chk_func_libc=()
   FS_functions=()
   while IFS='' read -r line; do FS_chk_func_libc+=("$line"); done < <(${readelf} -s "${FS_libc}" 2> /dev/null | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//')
@@ -397,6 +417,8 @@ chk_fortify_proc() {
     name=$(head -1 "${N}/status" | cut -b 7-)
     echo_message "* Process name (PID)                         : ${name} (${N})\n" "" "" ""
 
+    search_libc
+
     FS_chk_func_libc=()
     FS_functions=()
     while IFS='' read -r line; do FS_chk_func_libc+=("$line"); done < <(${readelf} -s "${FS_libc}" 2> /dev/null | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//')
@@ -779,6 +801,8 @@ filecheck() {
     echo_message '\033[32mNo Symbols\t\033[m  ' 'No Symbols,' ' symbols="no"' '"symbols":"no",'
   fi
 
+  search_libc
+
   FS_filechk_func_libc="$(${readelf} -s "${FS_libc}" 2> /dev/null | sed -ne 's/.*__\(.*_chk\)@@.*/\1/p')"
   FS_func_libc="${FS_filechk_func_libc//_chk/}"
   FS_func="$(${readelf} --dyn-syms "${1}" 2> /dev/null | awk '{ print $8 }' | sed -e 's/_*//' -e 's/@.*//' -e '/^$/d')"
@@ -924,6 +948,7 @@ help() {
   echo " ## Checksec Options"
   echo "  --file={file}"
   echo "  --dir={directory}"
+  echo "  --libcfile={file or search path for libc}"
   echo "  --listfile={text file with one file per line}"
   echo "  --proc={process name}"
   echo "  --proc-all"
@@ -1719,6 +1744,10 @@ while getopts "${optspec}" optchar; do
           OPT=$((OPT + 1))
           CHK_FUNCTION="chk_file_list"
           ;;
+        libcfile=*)
+          LIBC_FILE=${OPTARG#*=}
+          echo LIBC_FILE="${LIBC_FILE}"
+          ;;
         proc-all)
           OPT=$((OPT + 1))
           CHK_FUNCTION="chk_proc_all"

diff --git a/src/core.sh b/src/core.sh
@@ -65,19 +65,37 @@ if [[ ${commandsmissing} == true ]]; then
   sleep 2
 fi
 
-#FS_libc is used across multiple functions
-for libc in libc.so.6 libc.so.7 libc.so; do
-  if [[ -n $(find / -name ${libc}) ]]; then
-    read -r FS_libc < <(find / -name ${libc})
-    break
+# search for libc
+# shall be called before using variable FS_libc
+search_libc() {
+  if [[ -z ${FS_libc} ]]; then
+    # if a specific search path is given, use it
+    LIBC_SEARCH_PATH=/
+    if [[ -n "${LIBC_FILE}" ]]; then
+      if [[ -f "${LIBC_FILE}" ]]; then
+        FS_libc=${LIBC_FILE}
+      elif [[ -d "${LIBC_FILE}" ]]; then
+        LIBC_SEARCH_PATH=${LIBC_FILE}
+      fi
+    fi
+
+    if [[ -z ${FS_libc} ]]; then
+      #FS_libc is used across multiple functions
+      for libc in libc.so.6 libc.so.7 libc.so; do
+        if [[ -n $(find "${LIBC_SEARCH_PATH}" -name ${libc}) ]]; then
+          read -r FS_libc < <(find "${LIBC_SEARCH_PATH}" -name ${libc})
+          break
+        fi
+      done
+    fi
+    if [[ -e ${FS_libc} ]]; then
+      export FS_libc
+    else
+      printf "\033[31mError: libc not found.\033[m\n\n"
+      exit 1
+    fi
   fi
-done
-if [[ -e ${FS_libc} ]]; then
-  export FS_libc
-else
-  printf "\033[31mError: libc not found.\033[m\n\n"
-  exit 1
-fi
+}
 
 for command in readelf eu-readelf greadelf; do
   if (command_exists ${command}); then

diff --git a/src/footer.sh b/src/footer.sh
@@ -63,6 +63,10 @@ while getopts "${optspec}" optchar; do
           OPT=$((OPT + 1))
           CHK_FUNCTION="chk_file_list"
           ;;
+        libcfile=*)
+          LIBC_FILE=${OPTARG#*=}
+          echo LIBC_FILE="${LIBC_FILE}"
+          ;;
         proc-all)
           OPT=$((OPT + 1))
           CHK_FUNCTION="chk_proc_all"

diff --git a/src/functions/chk_fortify.sh b/src/functions/chk_fortify.sh
@@ -31,6 +31,8 @@ chk_fortify_file() {
     exit 1
   fi
 
+  search_libc
+
   FS_chk_func_libc=()
   FS_functions=()
   while IFS='' read -r line; do FS_chk_func_libc+=("$line"); done < <(${readelf} -s "${FS_libc}" 2> /dev/null | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//')
@@ -70,6 +72,8 @@ chk_fortify_proc() {
     name=$(head -1 "${N}/status" | cut -b 7-)
     echo_message "* Process name (PID)                         : ${name} (${N})\n" "" "" ""
 
+    search_libc
+
     FS_chk_func_libc=()
     FS_functions=()
     while IFS='' read -r line; do FS_chk_func_libc+=("$line"); done < <(${readelf} -s "${FS_libc}" 2> /dev/null | grep _chk@@ | awk '{ print $8 }' | cut -c 3- | sed -e 's/_chk@.*//')

diff --git a/src/functions/filecheck.sh b/src/functions/filecheck.sh
@@ -119,6 +119,8 @@ filecheck() {
     echo_message '\033[32mNo Symbols\t\033[m  ' 'No Symbols,' ' symbols="no"' '"symbols":"no",'
   fi
 
+  search_libc
+
   FS_filechk_func_libc="$(${readelf} -s "${FS_libc}" 2> /dev/null | sed -ne 's/.*__\(.*_chk\)@@.*/\1/p')"
   FS_func_libc="${FS_filechk_func_libc//_chk/}"
   FS_func="$(${readelf} --dyn-syms "${1}" 2> /dev/null | awk '{ print $8 }' | sed -e 's/_*//' -e 's/@.*//' -e '/^$/d')"

diff --git a/src/functions/help.sh b/src/functions/help.sh
@@ -12,6 +12,7 @@ help() {
   echo " ## Checksec Options"
   echo "  --file={file}"
   echo "  --dir={directory}"
+  echo "  --libcfile={file or search path for libc}"
   echo "  --listfile={text file with one file per line}"
   echo "  --proc={process name}"
   echo "  --proc-all"