ELF (Linux/Unix) Security Rules
Rules for analyzing ELF (Executable and Linkable Format) binaries on Linux and Unix systems.
Memory Protection
| Rule |
Name |
Severity |
Description |
| AD3001 |
EnablePositionIndependentExecutable |
Error |
Enable PIE for ASLR |
| AD3002 |
DoNotMarkStackAsExecutable |
Error |
Non-executable stack |
| AD3006 |
EnableNonExecutableStack |
Error |
Verify NX stack |
| AD3010 |
EnableReadOnlyRelocations |
Warning |
Enable RELRO |
| AD3011 |
EnableBindNow |
Warning |
Enable BIND_NOW |
| AD3014 |
NoTextRelocations |
Error |
No text relocations |
| AD3022 |
WritableGotProtection |
Warning |
GOT protection |
Stack Protection
| Rule |
Name |
Severity |
Description |
| AD3003 |
EnableStackProtector |
Error |
Enable stack canaries |
| AD3005 |
EnableStackClashProtection |
Warning |
Stack clash protection |
| AD3030 |
UseGccCheckedFunctions |
Warning |
Use FORTIFY_SOURCE |
| AD3045 |
EnableStackVariableInitialization |
Warning |
Auto-init stack vars |
| AD3051 |
CheckFortifySourceLevel |
Warning |
Check FORTIFY level |
Control Flow (Intel x86_64)
| Rule |
Name |
Severity |
Description |
| AD3015 |
EnableIntelCET |
Warning |
Enable Intel CET/IBT |
| AD3016 |
EnableIntelShadowStack |
Warning |
Enable Shadow Stack |
| AD3036 |
EnableControlFlowIntegrity |
Warning |
Enable Clang CFI |
Control Flow (ARM64)
| Rule |
Name |
Severity |
Description |
| AD3017 |
EnableArmBTI |
Warning |
ARM Branch Target Identification |
| AD3018 |
EnableArmPAC |
Warning |
ARM Pointer Authentication |
| AD3039 |
EnableArmMTE |
Warning |
ARM Memory Tagging Extension |
| AD3044 |
EnableShadowCallStack |
Note |
Shadow Call Stack |
Library Path Security
| Rule |
Name |
Severity |
Description |
| AD3012 |
DoNotUseRpath |
Warning |
Don't use deprecated RPATH |
| AD3013 |
ValidateRunpath |
Warning |
Validate RUNPATH entries |
| AD3024 |
RestrictDlopen |
Warning |
Restrict dlopen usage |
Compiler & Linker
| Rule |
Name |
Severity |
Description |
| AD3004 |
GenerateRequiredSymbolFormat |
Note |
Required symbol format |
| AD3019 |
EnableLTO |
Note |
Enable Link-Time Optimization |
| AD3020 |
EnableOptimization |
Note |
Enable optimization |
| AD3025 |
EnableExceptionHandling |
Warning |
Exception handling frames |
| AD3050 |
EnableGccDefs |
Note |
GCC hardening defines |
Clang-Specific
| Rule |
Name |
Severity |
Description |
| AD3031 |
EnableClangSafeStack |
Warning |
Enable SafeStack |
| AD3032 |
EnableSpeculativeLoadHardening |
Warning |
Speculative load hardening |
Rust-Specific
| Rule |
Name |
Severity |
Description |
| AD3033 |
RustEnableCET |
Warning |
Rust CET support |
| AD3034 |
RustEnableControlFlowGuard |
Warning |
Rust CFG |
| AD3035 |
RustEnableSecureSourceHash |
Note |
Secure source hashing |
| AD3037 |
RustEnableSanitizers |
Note |
Rust sanitizers |
Sanitizers (Development)
| Rule |
Name |
Severity |
Description |
| AD3038 |
EnableUBSan |
Note |
UndefinedBehaviorSanitizer |
| AD3040 |
EnableAddressSanitizerELF |
Note |
AddressSanitizer |
Supply Chain
| Rule |
Name |
Severity |
Description |
| AD3021 |
NoUnicodeSymbols |
Warning |
No Unicode in symbols |
| AD3041 |
DoNotUseBannedApisELF |
Warning |
Banned API usage |
| AD3042 |
DoNotStaticallyLinkOpenSSLELF |
Warning |
Don't statically link OpenSSL |