X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig-hardened-check.py;h=30f3d1770ccc7b9e6fd80b0a93c0b0b3a5dccc71;hb=f662d0ed1d75e698c4944d93b3f8226c545e5960;hp=a87b28d5374e0a686a9da7bcdeb07e2f5f551e93;hpb=3fb179530c3849364b61c1b9b75b4129034e06f4;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index a87b28d..30f3d17 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -22,7 +22,6 @@ from collections import OrderedDict
 import re
 
 debug_mode = False  # set it to True to print the unknown options from the config
-error_count = 0
 checklist = []
 
 
@@ -36,18 +35,14 @@ class OptCheck:
         self.result = None
 
     def check(self):
-        global error_count
-
         if self.expected == self.state:
             self.result = 'OK'
         elif self.state is None:
             if self.expected == 'is not set':
                 self.result = 'OK: not found'
             else:
-                error_count += 1
                 self.result = 'FAIL: not found'
         else:
-            error_count += 1
             self.result = 'FAIL: "' + self.state + '"'
 
     def __repr__(self):
@@ -117,6 +112,7 @@ def construct_opt_checks():
     checklist.append(OptCheck('ZSMALLOC_STAT',        'is not set', 'ubuntu18', 'cut_attack_surface'))
     checklist.append(OptCheck('PAGE_OWNER',           'is not set', 'ubuntu18', 'cut_attack_surface'))
     checklist.append(OptCheck('DEBUG_KMEMLEAK',       'is not set', 'ubuntu18', 'cut_attack_surface'))
+    checklist.append(OptCheck('BINFMT_AOUT',          'is not set', 'ubuntu18', 'cut_attack_surface'))
 
     checklist.append(OptCheck('IO_STRICT_DEVMEM',     'y', 'kspp', 'cut_attack_surface'))
     checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
@@ -169,8 +165,6 @@ def print_opt_checks():
 
 
 def print_check_results():
-    global error_count
-
     print('  {:<39}|{:^13}|{:^10}|{:^20}||{:^20}'.format('option name', 'desired val', 'decision', 'reason', 'check result'))
     print('  ===========================================================================================================')
     for opt in checklist:
@@ -242,6 +236,7 @@ if __name__ == '__main__':
 
     if args.config:
         check_config_file(args.config)
+        error_count = len(list(filter(lambda opt: opt.result.startswith('FAIL'), checklist)))
         if error_count == 0:
             print('[+] config check is PASSED')
             sys.exit(0)