| 1 |
Hi! |
| 2 |
|
| 3 |
On Mon, Nov 14, 2005 at 03:45:48PM +0300, Vladimir Solomatin wrote: |
| 4 |
> ô.Å. Õ ÔÅÂÑ × hardened ÐÒÏÂÌÅÍ Ó X'ÍÉ É Java ÎÅÔ? åÓÌÉ ÞÔÏ-ÎÉÂÕÄØ, ÏÔ |
| 5 |
> ÞÅÇÏ ÐÒÉÛÌÏÓØ ÏÔËÁÚÁÔØÓÑ ÉÚ-ÚÁ hardened? |
| 6 |
|
| 7 |
îÅÔ. |
| 8 |
|
| 9 |
> ÏÔÓÕÔÓÔ×ÉÅ ÆÌÁÇÏ× +pie +ssp, ÎÁÌÉÞÉÉ -nopie -nossp |
| 10 |
> ÍÏÖÅÔ ÂÙÔØ ÜÔÏ × ÐÏÒÑÄËÅ ×ÅÝÅÊ. |
| 11 |
|
| 12 |
ñ ÔÁË ÐÏÎÉÍÁÀ ÞÔÏ ÆÌÁÇÉ -nopie É -nossp ÐÏÚ×ÏÌÑÀÔ ÓÏÂÒÁÔØ gcc ÏÔËÌÀÞÉ× ÜÔÉ ÆÉÞÉ. |
| 13 |
|
| 14 |
> paxtest.log ÄÏ ×ËÌÀÞÅÎÉÑ É ÎÁÓÔÒÏÊËÉ PaX É Grsecurity × ÑÄÒÅ |
| 15 |
> (Grsecurity ÎÁ×ÅÒÎÏÅ ÚÄÅÓØ ÒÏÌÉ ÎÅ ÉÇÒÁÅÔ) ×ÓÅ ÐÁËÅÔÙ ÓËÏÍÐÉÌÉÎÙ gcc Ó |
| 16 |
> +pie +ssp: |
| 17 |
> |
| 18 |
> --------------------------paxtest.log-------------------------- |
| 19 |
> Executable anonymous mapping : Vulnerable |
| 20 |
> Executable bss : Vulnerable |
| 21 |
> Executable data : Vulnerable |
| 22 |
> Executable heap : Vulnerable |
| 23 |
> Executable stack : Vulnerable |
| 24 |
> Executable anonymous mapping (mprotect) : Vulnerable |
| 25 |
> Executable bss (mprotect) : Vulnerable |
| 26 |
> Executable data (mprotect) : Vulnerable |
| 27 |
> Executable heap (mprotect) : Vulnerable |
| 28 |
> Executable stack (mprotect) : Vulnerable |
| 29 |
> Executable shared library bss (mprotect) : Vulnerable |
| 30 |
> Executable shared library data (mprotect): Vulnerable |
| 31 |
> Writable text segments : Vulnerable |
| 32 |
> Anonymous mapping randomisation test : No randomisation |
| 33 |
> Heap randomisation test (ET_EXEC) : No randomisation |
| 34 |
> Heap randomisation test (ET_DYN) : No randomisation |
| 35 |
> Main executable randomisation (ET_EXEC) : No randomisation |
| 36 |
> Main executable randomisation (ET_DYN) : No randomisation |
| 37 |
> Shared library randomisation test : No randomisation |
| 38 |
> Stack randomisation test (SEGMEXEC) : No randomisation |
| 39 |
> Stack randomisation test (PAGEEXEC) : No randomisation |
| 40 |
> Return to function (strcpy) : Vulnerable |
| 41 |
> Return to function (memcpy) : Vulnerable |
| 42 |
> Return to function (strcpy, RANDEXEC) : Vulnerable |
| 43 |
> Return to function (memcpy, RANDEXEC) : Vulnerable |
| 44 |
> Executable shared library bss : Killed |
| 45 |
> Executable shared library data : Killed |
| 46 |
> ---------------------------------------------------------------- |
| 47 |
> |
| 48 |
> ëÁË ÜÔÏ ×ÙÇÌÑÄÉÔ ÐÏÓÌÅ ÎÁÓÔÒÏÊËÉ PaX? |
| 49 |
|
| 50 |
Executable anonymous mapping : Killed |
| 51 |
Executable bss : Killed |
| 52 |
Executable data : Killed |
| 53 |
Executable heap : Killed |
| 54 |
Executable stack : Killed |
| 55 |
Executable anonymous mapping (mprotect) : Killed |
| 56 |
Executable bss (mprotect) : Killed |
| 57 |
Executable data (mprotect) : Killed |
| 58 |
Executable heap (mprotect) : Killed |
| 59 |
Executable stack (mprotect) : Killed |
| 60 |
Executable shared library bss (mprotect) : Killed |
| 61 |
Executable shared library data (mprotect): Killed |
| 62 |
Writable text segments : Killed |
| 63 |
Anonymous mapping randomisation test : 15 bits (guessed) |
| 64 |
Heap randomisation test (ET_EXEC) : 13 bits (guessed) |
| 65 |
Heap randomisation test (ET_DYN) : 23 bits (guessed) |
| 66 |
Main executable randomisation (ET_EXEC) : No randomisation |
| 67 |
Main executable randomisation (ET_DYN) : 15 bits (guessed) |
| 68 |
Shared library randomisation test : 15 bits (guessed) |
| 69 |
Stack randomisation test (SEGMEXEC) : 23 bits (guessed) |
| 70 |
Stack randomisation test (PAGEEXEC) : 24 bits (guessed) |
| 71 |
Return to function (strcpy) : Vulnerable |
| 72 |
Return to function (memcpy) : Vulnerable |
| 73 |
Return to function (strcpy, RANDEXEC) : Vulnerable |
| 74 |
Return to function (memcpy, RANDEXEC) : Vulnerable |
| 75 |
Executable shared library bss : Killed |
| 76 |
Executable shared library data : Killed |
| 77 |
|
| 78 |
þÔÏ ÎÕÖÎÏ ÅÝ£ ×ËÌÀÞÉÔØ ÞÔÏÂÙ "Return to function" ÔÏÖÅ ÂÙÌÉ ÚÁÝÉÝÅÎÙ Ñ ÐÏËÁ |
| 79 |
ÎÅ ÒÁÚÂÉÒÁÌÓÑ - ×ÒÅÍÅÎÉ ÎÅÔ. |
| 80 |
|
| 81 |
-- |
| 82 |
WBR, Alex. |
| 83 |
-- |
| 84 |
gentoo-user-ru@g.o mailing list |
Archives