X-Git-Url: https://jxself.org/git/?a=blobdiff_plain;f=kconfig-hardened-check.py;h=89b343ef3662ad1391f9b7984eec7acdf45b509a;hb=bbfddf66cbbc57edda6d130e6e9b7c676f58d09a;hp=ac2644fefd4caff44298958b669033a045a7ded6;hpb=ff20d4b5a2e2668951d3fb7343a833b48202cff2;p=kconfig-hardened-check.git

diff --git a/kconfig-hardened-check.py b/kconfig-hardened-check.py
index ac2644f..89b343e 100755
--- a/kconfig-hardened-check.py
+++ b/kconfig-hardened-check.py
@@ -49,6 +49,41 @@ class OptCheck:
         return '{} = {}'.format(self.name, self.state)
 
 
+class OR:
+    def __init__(self, *opts):
+        self.opts = opts
+        self.result = None
+
+    @property
+    def name(self):
+        return self.opts[0].name
+
+    @property
+    def expected(self):
+        return self.opts[0].expected
+
+    @property
+    def state(self):
+        return self.opts[0].state
+
+    @property
+    def decision(self):
+        return self.opts[0].decision
+
+    @property
+    def reason(self):
+        return self.opts[0].reason
+
+    def check(self):
+        for opt in self.opts:
+            result, msg = opt.check()
+            if result:
+                self.result = 'OK (CONFIG_{} {})'.format(opt.name, opt.state)
+                return result, self.result
+        self.result = 'FAIL: "{}"'.format(self.opts[0].state)
+        return False, self.result
+
+
 def construct_opt_checks():
     checklist.append(OptCheck('BUG',                     'y', 'ubuntu18', 'self_protection'))
     checklist.append(OptCheck('PAGE_TABLE_ISOLATION',    'y', 'ubuntu18', 'self_protection'))
@@ -112,6 +147,7 @@ def construct_opt_checks():
     checklist.append(OptCheck('ZSMALLOC_STAT',        'is not set', 'ubuntu18', 'cut_attack_surface'))
     checklist.append(OptCheck('PAGE_OWNER',           'is not set', 'ubuntu18', 'cut_attack_surface'))
     checklist.append(OptCheck('DEBUG_KMEMLEAK',       'is not set', 'ubuntu18', 'cut_attack_surface'))
+    checklist.append(OptCheck('BINFMT_AOUT',          'is not set', 'ubuntu18', 'cut_attack_surface'))
 
     checklist.append(OptCheck('IO_STRICT_DEVMEM',     'y', 'kspp', 'cut_attack_surface'))
     checklist.append(OptCheck('LEGACY_VSYSCALL_NONE', 'y', 'kspp', 'cut_attack_surface')) # 'vsyscall=none'
@@ -177,7 +213,11 @@ def get_option_state(options, name):
 
 def perform_checks(parsed_options):
     for opt in checklist:
-        opt.state = get_option_state(parsed_options, opt.name)
+        if hasattr(opt, 'opts'):
+            for o in opt.opts:
+                o.state = get_option_state(parsed_options, o.name)
+        else:
+            opt.state = get_option_state(parsed_options, opt.name)
         opt.check()