Re: Patch 4/6 randomize the stack pointer

Sat, 29 Jan 2005 08:50:39 -0800 

On Sat, 2005-01-29 at 11:21 -0500, John Richard Moser wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> 
> 
> Arjan van de Ven wrote:
> >>I actually just tried to paxtest a fresh Fedora Core 3, unadultered,
> >>that I installed, and it FAILED every test.  After a while, spender
> >>reminded me about PT_GNU_STACK.  It failed everything but the Executable
> >>Stack test after execstack -c *.  The randomization tests gave
> >>13(heap-etexec), 16(heap-etdyn), 17(stack), and none for main exec
> >>(etexec,et_dyn) or shared library randomization.
> > 
> > 
> > because you ran prelink.
> > and you did not compile paxtest with -fPIE -pie to make it a PIE
> > executable.
> > 

what I get is

Executable anonymous mapping             : Killed
Executable bss                           : Killed
Executable data                          : Vulnerable
Executable heap                          : Killed
Executable stack                         : Killed
Executable anonymous mapping (mprotect)  : Vulnerable
Executable bss (mprotect)                : Vulnerable
Executable data (mprotect)               : Vulnerable
Executable heap (mprotect)               : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect)              : Vulnerable
Anonymous mapping randomisation test     : No randomisation
Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
Heap randomisation test (ET_DYN)         : 13 bits (guessed)
Main executable randomisation (ET_EXEC)  : 12 bits (guessed)
Main executable randomisation (ET_DYN)   : 12 bits (guessed)
Shared library randomisation test        : 12 bits (guessed)
Stack randomisation test (SEGMEXEC)      : 17 bits (guessed)
Stack randomisation test (PAGEEXEC)      : 17 bits (guessed)
Return to function (strcpy)              : paxtest: bad luck, try
different compiler options.
Return to function (strcpy, RANDEXEC)    : paxtest: bad luck, try
different compiler options.
Return to function (memcpy)              : Vulnerable
Return to function (memcpy, RANDEXEC)    : Vulnerable
Executable shared library bss            : Killed
Executable shared library data           : Killed
Writable text segments                   : Vulnerable


I'm not entirely happy yet (it shows a bug in mmap randomisation) but
it's way better than what you get in your tests (this is the desabotaged
0.9.6 version fwiw)


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to