checksec – identify security features compiled into Linux binaries

Checkec is an excellent tool written by Tobias Klein for identifying security features which were selected or omitted at compile-time on any given Linux binary.

We rarely compile things for ourselves these days, but rather implicitly trust the person who packaged the software we use to have made good choices with security-relevant compiler options when compiling the binary for us. checksec does a deep dive on a binary by using the readelf command to closely examine the binary and then parses out the results into an easily readable table, or to json for further processing.

Opensource.com has produced an excellent article on the subject available here: https://opensource.com/article/21/6/linux-checksec.

And the author’s project page with detailed explanations of each of the items the tool checks is available here: https://www.trapkit.de/tools/checksec/.

dcd

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.