Added --no-libc flag.

koutheir · Feb 10, 2024 · 4c20e9e · 4c20e9e
1 parent 0a555f0
commit 4c20e9e
Show file tree

Hide file tree

Showing 7 changed files with 23 additions and 14 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -6,7 +6,7 @@
 
 [package]
 name = "binary-security-check"
-version = "1.2.13"
+version = "1.2.14"
 authors = ["Koutheir Attouchi <koutheir@gmail.com>"]
 license = "MIT"
 description = "Analyzer of security features in executable binaries"

diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 
 # Analyzer of security features in executable binaries
 
-`binary-security-check` is a command line utility that analyses executable
+`binary-security-check` is a command line utility that analyzes executable
 binaries looking for features that make the executable more secure,
 or less prone to some vulnerabilities.
 
@@ -13,7 +13,7 @@ In order to use this tool on your computer, you need to build it from sources:
 
 1. If you don't have a [Rust](https://www.rust-lang.org/) toolchain installed,
    then [install one](https://www.rust-lang.org/tools/install).
-   I recommend to install the latest stable toolchain for your computer.
+   I recommend installing the latest stable toolchain for your computer.
 
 2. Install a C toolchain for your computer. For example on Debian Linux:
    ```
@@ -91,7 +91,7 @@ For example, `!ASLR` means the binary does not support Address Space Layout Rand
 
 ```
 Usage:
-  binary-security-check [-v] [-c COLOR] [(-s DIR | -l FILE | -i SPEC)] <file>...
+  binary-security-check [-v] [-c COLOR] [(-s DIR | -l FILE | -i SPEC | -n)] <file>...
   binary-security-check (-h | --help)
   binary-security-check --version
 
@@ -103,6 +103,7 @@ Options:
   -l FILE, --libc=FILE  Set the path of the C runtime library.
   -i SPEC, --libc-spec=SPEC  Use an internal list of checked functions as
                  specified by a specification.
+  -n, --no-libc  Assume that input files do not use any C runtime libraries.
   -v, --verbose  Verbose logging.
   -h, --help     Show this screen.
   --version      Show version.
@@ -137,11 +138,12 @@ needed by the analyzed files, which is given by the --libc parameter.
 
 ## Miscellaneous features
 
-- Runs on multiple platforms, including Linux and Windows.
-- Supports all binary executable formats independently on which platform is used to run the tool.
+- Runs on multiple platforms, including Linux, FreeBSD and Windows.
+- Supports all binary executable formats independently of which platform is used to run the tool.
 - Operates in parallel when sensible.
 - Output colored text.
-- Support multiple ways to identify binary's dependent C library, including Linux Standard Base (LSB) specifications.
+- Support multiple ways to identify binary's dependent C library (if there is one),
+  including Linux Standard Base (LSB) specifications.
 - Designed to be easily extensible.
 
 # License

diff --git a/src/cmdline.docopt b/src/cmdline.docopt
@@ -2,7 +2,7 @@
 {1}, by {3}.
 
 Usage:
-  {0} [-v] [-c COLOR] [(-s DIR | -l FILE | -i SPEC)] <file>...
+  {0} [-v] [-c COLOR] [(-s DIR | -l FILE | -i SPEC | -n)] <file>...
   {0} (-h | --help)
   {0} --version
 
@@ -14,6 +14,7 @@ Options:
   -l FILE, --libc=FILE  Set the path of the C runtime library.
   -i SPEC, --libc-spec=SPEC  Use an internal list of checked functions as
                  specified by a specification.
+  -n, --no-libc  Assume that input files do not use any C runtime libraries.
   -v, --verbose  Verbose logging.
   -h, --help     Show this screen.
   --version      Show version.

diff --git a/src/cmdline.rs b/src/cmdline.rs
@@ -18,6 +18,7 @@ pub struct Args {
     pub flag_sysroot: Option<PathBuf>,
     pub flag_libc: Option<PathBuf>,
     pub flag_libc_spec: Option<LibCSpec>,
+    pub flag_no_libc: bool,
     pub flag_color: UseColor,
     pub arg_file: Vec<PathBuf>,
 }

diff --git a/src/elf/mod.rs b/src/elf/mod.rs
@@ -29,15 +29,20 @@ pub fn analyze_binary(parser: &BinaryParser) -> Result<Vec<Box<dyn DisplayInColo
     let has_stack_protection = ELFStackProtectionOption.check(parser)?;
     let read_only_after_reloc = ELFReadOnlyAfterRelocationsOption.check(parser)?;
     let immediate_bind = ELFImmediateBindingOption.check(parser)?;
-    let fortify_source = ELFFortifySourceOption::new(ARGS.flag_libc_spec).check(parser)?;
 
-    Ok(vec![
+    let mut result = vec![
         supports_address_space_layout_randomization,
         has_stack_protection,
         read_only_after_reloc,
         immediate_bind,
-        fortify_source,
-    ])
+    ];
+
+    if !ARGS.flag_no_libc {
+        let fortify_source = ELFFortifySourceOption::new(ARGS.flag_libc_spec).check(parser)?;
+        result.push(fortify_source);
+    }
+
+    Ok(result)
 }
 
 pub fn get_libc_functions_by_protection<'t>(

diff --git a/src/errors.rs b/src/errors.rs
@@ -57,7 +57,7 @@ pub enum Error {
     #[error("binary format '{format}' of file '{path}' is recognized but unsupported")]
     UnsupportedBinaryFormat { format: String, path: PathBuf },
 
-    #[error("dependent C runtime library is not recognized. Consider specifying --sysroot, --libc or --libc-spec")]
+    #[error("dependent C runtime library is not recognized. Consider specifying --sysroot, --libc, --libc-spec or --no-libc")]
     UnrecognizedNeededLibC,
 
     #[error("dependent C runtime library '{0}' was not found")]