Handle ELF binary with no program segments

ffontaine · ffontaine · commit a86eb45f9d97 · 2025-03-06T16:50:30.000+01:00
Do not return False for NX and No for RELRO when there is no program segments in the ELF binary file (e.g. kernel module). This is inspired from slimm609/checksec@29aea68 For RELRO, a new NA value is added For NX, True is returned to avoid changing NX type from boolean to string Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
diff --git a/checksec/binary.py b/checksec/binary.py
@@ -19,7 +19,12 @@ def __init__(self, bin_path: Path):
 
     @property
     def has_nx(self) -> bool:
-        return self.bin.has_nx
+        # Handle ELF binary with no program segments (e.g., Kernel modules)
+        # In this case, return True
+        if isinstance(self.bin, lief.ELF.Binary) and len(self.bin.segments) == 0:
+            return True
+        else
+            return self.bin.has_nx
 
     @property
     def checksec_state(self) -> Union["ELFChecksecData", "PEChecksecData"]:
diff --git a/checksec/elf.py b/checksec/elf.py
@@ -70,6 +70,7 @@ class RelroType(Enum):
     No = 1
     Partial = 2
     Full = 3
+    NA = 4
 
 
 class PIEType(Enum):
@@ -117,6 +118,11 @@ def set_dyn_syms(self) -> FrozenSet[str]:
 
     @property
     def relro(self) -> RelroType:
+        # Handle binary with no program segments (e.g., Kernel modules)
+        # In this case, return NA
+        if len(self.bin.segments) == 0:
+            return RelroType.NA
+
         if self.bin.get(lief.ELF.Segment.TYPE.GNU_RELRO) is None:
             return RelroType.No
 
