Re: [gentoo-user-ru] article about Hardened Gentoo - gentoo-user-ru

From:	Vladimir Solomatin <slash@×××××.ru>
To:	gentoo-user-ru@l.g.o
Subject:	Re: [gentoo-user-ru] article about Hardened Gentoo
Date:	Wed, 20 Feb 2008 18:06:34
Message-Id:	`47BC3918.6010705@relex.ru`

1

Hello, Alex Efros

2

On 11/14/2005 04:39 PM, you wrote:

3

> Executable anonymous mapping             : Killed

4

> Executable bss                           : Killed

5

> Executable data                          : Killed

6

> Executable heap                          : Killed

7

> Executable stack                         : Killed

8

> Executable anonymous mapping (mprotect)  : Killed

9

> Executable bss (mprotect)                : Killed

10

> Executable data (mprotect)               : Killed

11

> Executable heap (mprotect)               : Killed

12

> Executable stack (mprotect)              : Killed

13

> Executable shared library bss (mprotect) : Killed

14

> Executable shared library data (mprotect): Killed

15

> Writable text segments                   : Killed

16

> Anonymous mapping randomisation test     : 15 bits (guessed)

17

> Heap randomisation test (ET_EXEC)        : 13 bits (guessed)

18

> Heap randomisation test (ET_DYN)         : 23 bits (guessed)

19

> Main executable randomisation (ET_EXEC)  : No randomisation

20

> Main executable randomisation (ET_DYN)   : 15 bits (guessed)

21

> Shared library randomisation test        : 15 bits (guessed)

22

> Stack randomisation test (SEGMEXEC)      : 23 bits (guessed)

23

> Stack randomisation test (PAGEEXEC)      : 24 bits (guessed)

24

> Return to function (strcpy)              : Vulnerable

25

> Return to function (memcpy)              : Vulnerable

26

> Return to function (strcpy, RANDEXEC)    : Vulnerable

27

> Return to function (memcpy, RANDEXEC)    : Vulnerable

28

> Executable shared library bss            : Killed

29

> Executable shared library data           : Killed

30

>

31

> þÔÏ ÎÕÖÎÏ ÅÝ£ ×ËÌÀÞÉÔØ ÞÔÏÂÙ "Return to function" ÔÏÖÅ ÂÙÌÉ ÚÁÝÉÝÅÎÙ Ñ ÐÏËÁ

32

> ÎÅ ÒÁÚÂÉÒÁÌÓÑ - ×ÒÅÍÅÎÉ ÎÅÔ.

33

>

34

$ bzless /usr/share/doc/paxtest-0.9.6/README.bz2

35

36

Return to function (strcpy)

37

Return to function (strcpy, RANDEXEC)

38

Return to function (memcpy)

39

Return to function (memcpy, RANDEXEC)

40

41

        Return to function attacks are very nasty. These tests are hard to

42

        stop by kernel patches, but they show that there you should not 

43

expect

44

        perfect protection from this kind of security patches.

45

46

--

47

Vladimir Solomatin (slash@×××××.ru)

48

Phone: + 7 (4732) 711711

49

Relex Inc, Voronezh.

--

54

Vladimir Solomatin (slash@×××××.ru)

55

Phone: + 7 (4732) 711711

56

Relex Inc, Voronezh.

1	Hello, Alex Efros
2	On 11/14/2005 04:39 PM, you wrote:
3	> Executable anonymous mapping : Killed
4	> Executable bss : Killed
5	> Executable data : Killed
6	> Executable heap : Killed
7	> Executable stack : Killed
8	> Executable anonymous mapping (mprotect) : Killed
9	> Executable bss (mprotect) : Killed
10	> Executable data (mprotect) : Killed
11	> Executable heap (mprotect) : Killed
12	> Executable stack (mprotect) : Killed
13	> Executable shared library bss (mprotect) : Killed
14	> Executable shared library data (mprotect): Killed
15	> Writable text segments : Killed
16	> Anonymous mapping randomisation test : 15 bits (guessed)
17	> Heap randomisation test (ET_EXEC) : 13 bits (guessed)
18	> Heap randomisation test (ET_DYN) : 23 bits (guessed)
19	> Main executable randomisation (ET_EXEC) : No randomisation
20	> Main executable randomisation (ET_DYN) : 15 bits (guessed)
21	> Shared library randomisation test : 15 bits (guessed)
22	> Stack randomisation test (SEGMEXEC) : 23 bits (guessed)
23	> Stack randomisation test (PAGEEXEC) : 24 bits (guessed)
24	> Return to function (strcpy) : Vulnerable
25	> Return to function (memcpy) : Vulnerable
26	> Return to function (strcpy, RANDEXEC) : Vulnerable
27	> Return to function (memcpy, RANDEXEC) : Vulnerable
28	> Executable shared library bss : Killed
29	> Executable shared library data : Killed
30	>
31	> þÔÏ ÎÕÖÎÏ ÅÝ£ ×ËÌÀÞÉÔØ ÞÔÏÂÙ "Return to function" ÔÏÖÅ ÂÙÌÉ ÚÁÝÉÝÅÎÙ Ñ ÐÏËÁ
32	> ÎÅ ÒÁÚÂÉÒÁÌÓÑ - ×ÒÅÍÅÎÉ ÎÅÔ.
33	>
34	$ bzless /usr/share/doc/paxtest-0.9.6/README.bz2
35
36	Return to function (strcpy)
37	Return to function (strcpy, RANDEXEC)
38	Return to function (memcpy)
39	Return to function (memcpy, RANDEXEC)
40
41	Return to function attacks are very nasty. These tests are hard to
42	stop by kernel patches, but they show that there you should not
43	expect
44	perfect protection from this kind of security patches.
45
46	--
47	Vladimir Solomatin (slash@×××××.ru)
48	Phone: + 7 (4732) 711711
49	Relex Inc, Voronezh.
50
51
52
53	--
54	Vladimir Solomatin (slash@×××××.ru)
55	Phone: + 7 (4732) 711711
56	Relex Inc, Voronezh.

Gentoo Archives: gentoo-user-ru