1 |
On Thu, 2004-06-17 at 00:54, Rumen Yotov wrote: |
2 |
> Hi all, |
3 |
> Tried to push grsec&PaX settings to the limits. Used quite all settings from quickstart-guide and got this with paxtest-0.9.5: |
4 |
> ...BEGIN CUT ... |
5 |
> PaXtest - Copyright(c) 2003 by Peter Busser <peter@×××××××××.org> |
6 |
> Released under the GNU Public Licence version 2 or later |
7 |
> |
8 |
> It may take a while for the tests to complete |
9 |
> Test results: |
10 |
> PaXtest - Copyright(c) 2003 by Peter Busser <peter@×××××××××.org> |
11 |
> Released under the GNU Public Licence version 2 or later |
12 |
> |
13 |
> Executable anonymous mapping : Killed |
14 |
> Executable bss : Killed |
15 |
> Executable data : Killed |
16 |
> Executable heap : Killed |
17 |
> Executable stack : Killed |
18 |
> Executable anonymous mapping (mprotect) : Killed |
19 |
> Executable bss (mprotect) : Killed |
20 |
> Executable data (mprotect) : Killed |
21 |
> Executable heap (mprotect) : Killed |
22 |
> Executable shared library bss (mprotect) : Killed |
23 |
> Executable shared library data (mprotect): Killed |
24 |
> Executable stack (mprotect) : Killed |
25 |
> Anonymous mapping randomisation test : 16 bits (guessed) |
26 |
> Heap randomisation test (ET_EXEC) : 25 bits (guessed) |
27 |
> Heap randomisation test (ET_DYN) : 25 bits (guessed) |
28 |
> Main executable randomisation (ET_EXEC) : 17 bits (guessed) |
29 |
> Main executable randomisation (ET_DYN) : 17 bits (guessed) |
30 |
> Shared library randomisation test : 16 bits (guessed) |
31 |
> Stack randomisation test (SEGMEXEC) : 23 bits (guessed) |
32 |
> Stack randomisation test (PAGEEXEC) : 23 bits (guessed) |
33 |
> Return to function (strcpy) : Vulnerable |
34 |
> Return to function (strcpy, RANDEXEC) : Vulnerable |
35 |
> Return to function (memcpy) : Vulnerable |
36 |
> Return to function (memcpy, RANDEXEC) : Vulnerable |
37 |
> Executable shared library bss : Killed |
38 |
> Executable shared library data : Killed |
39 |
> Writable text segments : Killed |
40 |
> ... END CUT ... |
41 |
|
42 |
|
43 |
> 1.Could something be done about this 4 'Vuln.' left? |
44 |
No thats expected. The goal of paxtest was not to show you how safe you |
45 |
were but infact how vuln you are. So.. If you notice in the Makefile it |
46 |
explicitly disables -fstack-protector which covers 2 of the remaining 4 |
47 |
areas which exploitation can happen via. Seeing that it's vuln should |
48 |
prove the point why you want/need |
49 |
-fstack-protector/-fstack-protector-all which is handled automatically |
50 |
with USE=hardened =sys-devel/gcc-3.3.3-r6 |
51 |
|
52 |
|
53 |
> PS: can't use ACL for now as i'm on reiserfs3, so no easy acl support still. Am i wrong? |
54 |
From reading below it looks like your going to be using grsec. grsec is |
55 |
file system independent. |
56 |
|
57 |
> 2.Also managed to get xorg-X11-6.7.0-r1 to work using these settings, |
58 |
> compiled it with USE="static -hardened" so no modules loading (thanks |
59 |
> to forums.grsecurity.net). But can't get it to work with the |
60 |
> binary-nvidia driver 'nvidia' works only with 2-D 'nv' driver, but for |
61 |
> now it's enough for me. Nvidia-kernel module is loaded, so maybe it's |
62 |
> something to do with loading kernel-glx module and xorg-x11 |
63 |
> being'static'. Suggestions? |
64 |
No easy work around here if your trying to use 3rd party modules. |
65 |
|
66 |
> 3.Problems with paxtest-0.9.6 (still not in portage). Took it from adamantix.org project page. Can't compile it some error there: |
67 |
sigh yeah.... I've sent Peter Busser patches for this a number of times |
68 |
but for whatever reason he is busy working on other stuff.. The solution |
69 |
is easy enough if I recall. add -lpthread to the LDFLAGS in the Makefile |
70 |
|
71 |
|
72 |
> ..BEGIN CUT... |
73 |
> make gentoo |
74 |
> make -f Makefile.Gentoo |
75 |
> make[1]: Entering directory `/home/gentoo/src/paxtest-0.9.6' |
76 |
> gcc -specs=dumpspecs -o anonmap body.o anonmap.o |
77 |
> body.o(.text+0x131): In function `main': |
78 |
> : undefined reference to `pthread_create' |
79 |
> body.o(.text+0x14a): In function `main': |
80 |
> : undefined reference to `pthread_kill' |
81 |
> collect2: ld returned 1 exit status |
82 |
> make[1]: *** [anonmap] Error 1 |
83 |
> make[1]: Leaving directory `/home/gentoo/src/paxtest-0.9.6' |
84 |
> make: *** [gentoo] Error 2 |
85 |
> ...END CUT... |
86 |
|
87 |
> i'm compiling with grsec turned ON and GCC-3.3.3-r6 (hardened i think). |
88 |
> paxtest-0.9.5 compiles OK. |
89 |
> TIA. |
90 |
> Rumen |
91 |
-- |
92 |
Ned Ludd <solar@g.o> |
93 |
Gentoo (hardened,security,infrastructure,embedded,toolchain) Developer |