[Bug 1747630] Re: Kernel security test test_022_aslr_hardy_vdso failed on Precise i386

Mon, 05 Aug 2019 17:45:53 -0700 

Okay, the reason this test (and bug 1717856) fail sporadically is that
ASLR in precise for i386 has very low number of random values for vdso
and shared library offsets, when ulimits are set such that unlimited
stack sizes are allowed:

  ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ uname -a
  Linux sec-precise-i386 3.2.0-142-generic #189-Ubuntu SMP Fri Jul 5 18:40:43 
UTC 2019 i686 i686 i386 GNU/Linux
  ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited
  ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ ulimit -s
  unlimited
  ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; 
i++)) ; do ./kernel-security/aslr/aslr --report vdso ; done | sort | uniq -c
     1273 0x40000000
     8662 0x40022000
       65 0x40026000

Yes, all of 3 values, and 86% of the invocations result in one value.
The shared library base values are slightly better, but not much:

  ubuntu@sec-precise-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; 
i++)) ; do ./kernel-security/aslr/aslr --report libs ; done | sort | uniq -c
      499 0x40003d80
      285 0x40016d80
      566 0x40025d80
     7608 0x40038d80
      295 0x4003cd80
      250 0x4003dd80
      167 0x4003ed80
      153 0x4003fd80
      177 0x40040d80

Compare this with the 3.13 results:

  ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ uname -a
  Linux sec-trusty-i386 3.13.0-170-generic #220-Ubuntu SMP Thu May 9 12:41:17 
UTC 2019 i686 i686 i686 GNU/Linux
  ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ ulimit -s unlimited
  ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ ulimit -s
  unlimited
  ubuntu@sec-trusty-i386:~/tests/qrt-test-kernel-security$ for ((i=0; i<10000; 
i++)) ; do ./kernel-security/aslr/aslr --report vdso ; done | sort | uniq -c | 
wc -l
  256

(output is piped into wc -l, because there are 256 distinct results.) So
8 bits of randomisation, which is not great, but better than >2.

The tests were added in response to http://hmarco.org/bugs/CVE-2016-3672
-Unlimiting-the-stack-not-longer-disables-ASLR.html and fixes were
applied for the 3.2.0-104.145 kernel.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-3672

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1747630

Title:
  Kernel security test test_022_aslr_hardy_vdso failed on Precise i386

To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1747630/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to