scripts: add MACHO NX check to security-check.py

2025-06-29 10:19:26 +02:00 · 2020-03-25 08:11:20 +08:00
parent 1a4e9f32ef
commit edaca2dd12
2 changed files with 12 additions and 0 deletions
--- a/contrib/devtools/security-check.py
+++ b/contrib/devtools/security-check.py
@ -197,6 +197,15 @@ def check_MACHO_NOUNDEFS(executable) -> bool:
        return True
    return False

+def check_MACHO_NX(executable) -> bool:
+    '''
+    Check for no stack execution
+    '''
+    flags = get_MACHO_executable_flags(executable)
+    if 'ALLOW_STACK_EXECUTION' in flags:
+        return False
+    return True
+
 CHECKS = {
 'ELF': [
    ('PIE', check_ELF_PIE),
@ -212,6 +221,7 @@ CHECKS = {
 'MACHO': [
    ('PIE', check_MACHO_PIE),
    ('NOUNDEFS', check_MACHO_NOUNDEFS),
+    ('NX', check_MACHO_NX)
 ]
 }