hardening-wrapper 2.7ubuntu2 / usr / bin / hardened-ld

This file is indexed.

/usr/bin/hardened-ld is in hardening-wrapper 2.7ubuntu2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
#! /usr/bin/perl
use strict;
use warnings;
use File::Spec qw(rel2abs);
use File::Basename;

my @args = ();
my $enabled = 0;
my $debug = 0;
my $debug_fd = *STDERR;

# Set up defaults
my %default;
$default{'DEB_BUILD_HARDENING'}=0;
$default{'DEB_BUILD_HARDENING_DEBUG'}=0;

# Architecture settings
# linux amd64
$default{'DEB_BUILD_HARDENING_RELRO'}=1;
$default{'DEB_BUILD_HARDENING_BINDNOW'}=1;

# System settings
my $system_conf = '/etc/hardening-wrapper.conf';
if (-r $system_conf) {
    open(CONF,$system_conf) || warn "Cannot read $system_conf\n";
    while (my $line = <CONF>) {
        if ($line =~ /^\s*(DEB_BUILD_HARDENING[_A-Z]*)\s*=\s*(\d)$/) {
            $default{$1}=$2+0;
        }
    }
    close(CONF);
}

# Environment settings
$enabled =        defined($ENV{'DEB_BUILD_HARDENING'}) ?
                          $ENV{'DEB_BUILD_HARDENING'} :
                          $default{'DEB_BUILD_HARDENING'};
$debug =          defined($ENV{'DEB_BUILD_HARDENING_DEBUG'}) ?
                          $ENV{'DEB_BUILD_HARDENING_DEBUG'} :
                          $default{'DEB_BUILD_HARDENING_DEBUG'};
my $force_relro = defined($ENV{'DEB_BUILD_HARDENING_RELRO'}) ?
                          $ENV{'DEB_BUILD_HARDENING_RELRO'} :
                          $default{'DEB_BUILD_HARDENING_RELRO'};
my $force_bindnow = defined($ENV{'DEB_BUILD_HARDENING_BINDNOW'}) ?
                          $ENV{'DEB_BUILD_HARDENING_BINDNOW'} :
                          $default{'DEB_BUILD_HARDENING_BINDNOW'};

if ($enabled) {
    # Scan arguments
    my $index = 0;
    foreach my $arg (@ARGV) {
        if ($arg eq "relro" && $index>0 && $ARGV[$index-1] eq "-z") {
            $force_relro = 0;
        }
        if ($arg eq "now" && $index>0 && $ARGV[$index-1] eq "-z") {
            $force_bindnow = 0;
        }
        $index++;
    }

    if ($force_relro) {
        push(@args,'-z','relro');
    }
    if ($force_bindnow) {
        push(@args,'-z','now');
    }
}

my $self = "hardened-ld";
my $link = "";
my $arg0 = File::Spec->rel2abs(basename($0),dirname($0));
my $tool = $arg0;
if ($tool =~ /$self$/ || defined($ENV{'HARDENING_USE_USR_BIN'})) {
    $tool = "/usr/bin/ld";
}

if (defined($ENV{'DEB_BUILD_HARDENING_DEBUG_OUTPUT'})) {
    $debug_fd = undef;
    if (!open($debug_fd, ">>$ENV{'DEB_BUILD_HARDENING_DEBUG_OUTPUT'}")) {
        die "Cannot open $ENV{'DEB_BUILD_HARDENING_DEBUG_OUTPUT'}: $!\n";
    }
}

sub resolve_link($)
{
    my $origin = $_[0];
    my $link = readlink($origin);
    return File::Spec->rel2abs($link,dirname($origin));
}

while (-l $tool && ($link = resolve_link($tool)) !~ /$self$/) {
    $tool = $link;
}
if (-x "$tool.real") {
    $tool = "$tool.real";
}
# Abort if we ended up on a circular symlink resolution
if ($tool eq $arg0) {
    my $short = $tool;
    $short =~ s/.*\///g;
	print STDERR "$tool: not found (maybe $short is not installed?)\n";
	exit(127);
}
my @target = ($tool, @args, @ARGV);

print $debug_fd join(" ",@target),"\n" if ($debug);

exec @target or die "Unable to exec $target[0]: $!\n";

APT Browse - Built by Thomas Orozco.