1 |
Hello, Alex Efros |
2 |
On 11/14/2005 04:39 PM, you wrote: |
3 |
> Executable anonymous mapping : Killed |
4 |
> Executable bss : Killed |
5 |
> Executable data : Killed |
6 |
> Executable heap : Killed |
7 |
> Executable stack : Killed |
8 |
> Executable anonymous mapping (mprotect) : Killed |
9 |
> Executable bss (mprotect) : Killed |
10 |
> Executable data (mprotect) : Killed |
11 |
> Executable heap (mprotect) : Killed |
12 |
> Executable stack (mprotect) : Killed |
13 |
> Executable shared library bss (mprotect) : Killed |
14 |
> Executable shared library data (mprotect): Killed |
15 |
> Writable text segments : Killed |
16 |
> Anonymous mapping randomisation test : 15 bits (guessed) |
17 |
> Heap randomisation test (ET_EXEC) : 13 bits (guessed) |
18 |
> Heap randomisation test (ET_DYN) : 23 bits (guessed) |
19 |
> Main executable randomisation (ET_EXEC) : No randomisation |
20 |
> Main executable randomisation (ET_DYN) : 15 bits (guessed) |
21 |
> Shared library randomisation test : 15 bits (guessed) |
22 |
> Stack randomisation test (SEGMEXEC) : 23 bits (guessed) |
23 |
> Stack randomisation test (PAGEEXEC) : 24 bits (guessed) |
24 |
> Return to function (strcpy) : Vulnerable |
25 |
> Return to function (memcpy) : Vulnerable |
26 |
> Return to function (strcpy, RANDEXEC) : Vulnerable |
27 |
> Return to function (memcpy, RANDEXEC) : Vulnerable |
28 |
> Executable shared library bss : Killed |
29 |
> Executable shared library data : Killed |
30 |
> |
31 |
> þÔÏ ÎÕÖÎÏ ÅÝ£ ×ËÌÀÞÉÔØ ÞÔÏÂÙ "Return to function" ÔÏÖÅ ÂÙÌÉ ÚÁÝÉÝÅÎÙ Ñ ÐÏËÁ |
32 |
> ÎÅ ÒÁÚÂÉÒÁÌÓÑ - ×ÒÅÍÅÎÉ ÎÅÔ. |
33 |
> |
34 |
$ bzless /usr/share/doc/paxtest-0.9.6/README.bz2 |
35 |
|
36 |
Return to function (strcpy) |
37 |
Return to function (strcpy, RANDEXEC) |
38 |
Return to function (memcpy) |
39 |
Return to function (memcpy, RANDEXEC) |
40 |
|
41 |
Return to function attacks are very nasty. These tests are hard to |
42 |
stop by kernel patches, but they show that there you should not |
43 |
expect |
44 |
perfect protection from this kind of security patches. |
45 |
|
46 |
-- |
47 |
Vladimir Solomatin (slash@×××××.ru) |
48 |
Phone: + 7 (4732) 711711 |
49 |
Relex Inc, Voronezh. |
50 |
|
51 |
|
52 |
|
53 |
-- |
54 |
Vladimir Solomatin (slash@×××××.ru) |
55 |
Phone: + 7 (4732) 711711 |
56 |
Relex Inc, Voronezh. |