1 |
On 02.05.2007, at 22:36, Philipp Riegger wrote: |
2 |
|
3 |
> I'm not sure wich tests you mean. I'll post the complete log of the |
4 |
> test with hardened sources and the differences between the tests as |
5 |
> soon as i finish them. |
6 |
|
7 |
Ok. This is strange now. everything seems to work: |
8 |
|
9 |
May 2 19:29:53 chris NX (Execute Disable) protection: active |
10 |
May 2 19:58:20 chris NX (Execute Disable) protection: active |
11 |
|
12 |
This are the 2 kernels i booted today. And since i only booted 2 |
13 |
kernels today, 1 hardened and 1 vanilla, hardware nx shoul hopefully |
14 |
work now. The paxtest results were also as expected, not hardened was |
15 |
only more vulnerable. |
16 |
|
17 |
But: |
18 |
|
19 |
I found this demo program on the bug mentioned in my first email (in |
20 |
the link): |
21 |
|
22 |
<file name="test.c"> |
23 |
#include <dlfcn.h> |
24 |
#include <sys/mman.h> |
25 |
#include <unistd.h> |
26 |
|
27 |
int main() { |
28 |
void (*test_func)() = NULL; |
29 |
void *handle; |
30 |
handle = dlopen("./test_so.so", RTLD_NOW); |
31 |
if (!handle) |
32 |
return -1; |
33 |
test_func = dlsym(handle, "prot_test"); |
34 |
test_func(); |
35 |
|
36 |
/*Mprotect it NX*/ |
37 |
mprotect( (void*)(((unsigned long)test_func) & ~(getpagesize |
38 |
() - 1)), ge |
39 |
tpagesize(), PROT_READ|PROT_WRITE); |
40 |
|
41 |
test_func(); |
42 |
return 1; |
43 |
} |
44 |
</file> |
45 |
<file name="test_so.c"> |
46 |
#include <stdio.h> |
47 |
|
48 |
void prot_test() { |
49 |
printf("Test function run successfully!\n"); |
50 |
} |
51 |
</file> |
52 |
|
53 |
This should be built using |
54 |
gcc -O2 -shared -fpic test_so.c -o test_so.so |
55 |
gcc -O2 test.c -o test -ldl |
56 |
and on vanilla sources the second one segfaults for me, on hardened |
57 |
sources it works. So hardened sources seem to be wrong. What might be |
58 |
the reason for that? |
59 |
|
60 |
Philipp |
61 |
-- |
62 |
gentoo-hardened@g.o mailing list |