[bin.git] / deb-checkssp

#!/bin/sh -e

# check given debs for SSP and print out the deb and filename of non-SSP ELF
# files

D=`mktemp -d`
trap "rm -rf $D" 0 1 2 3 11 13 15

for i; do
    rm -rf D/*

    dpkg-deb -x "$i" "$D"
    find "$D" -type f | while read f; do
        # ignore non-ELF files
        readelf -h "$f" > /dev/null 2>&1 || continue
        nm -D "$f" | grep -q __stack_chk_fail || {
            echo "$i: ${f#$D} not built with SSP"
        }
    done
done