Re: Patch 4/6 randomize the stack pointer

From: Arjan van de Ven
Date: Sat Jan 29 2005 - 11:49:26 EST

Next message: Chris Friesen: "Re: Why does the kernel need a gig of VM?"
Previous message: Zwane Mwaikambo: "Re: [PATCH] OProfile: Fix oops on undetected CPU type"
In reply to: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Arjan van de Ven wrote:
> >>I actually just tried to paxtest a fresh Fedora Core 3, unadultered,
> >>that I installed, and it FAILED every test. After a while, spender
> >>reminded me about PT_GNU_STACK. It failed everything but the Executable
> >>Stack test after execstack -c *. The randomization tests gave
> >>13(heap-etexec), 16(heap-etdyn), 17(stack), and none for main exec
> >>(etexec,et_dyn) or shared library randomization.
> >
> >
> > because you ran prelink.
> > and you did not compile paxtest with -fPIE -pie to make it a PIE
> > executable.
> >

what I get is

Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Vulnerable
Executable heap : Killed
Executable stack : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect) : Vulnerable
Anonymous mapping randomisation test : No randomisation
Heap randomisation test (ET_EXEC) : 13 bits (guessed)
Heap randomisation test (ET_DYN) : 13 bits (guessed)
Main executable randomisation (ET_EXEC) : 12 bits (guessed)
Main executable randomisation (ET_DYN) : 12 bits (guessed)
Shared library randomisation test : 12 bits (guessed)
Stack randomisation test (SEGMEXEC) : 17 bits (guessed)
Stack randomisation test (PAGEEXEC) : 17 bits (guessed)
Return to function (strcpy) : paxtest: bad luck, try
different compiler options.
Return to function (strcpy, RANDEXEC) : paxtest: bad luck, try
different compiler options.
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Vulnerable

I'm not entirely happy yet (it shows a bug in mmap randomisation) but
it's way better than what you get in your tests (this is the desabotaged
0.9.6 version fwiw)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Chris Friesen: "Re: Why does the kernel need a gig of VM?"
Previous message: Zwane Mwaikambo: "Re: [PATCH] OProfile: Fix oops on undetected CPU type"
In reply to: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Next in thread: John Richard Moser: "Re: Patch 4/6 randomize the stack pointer"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]