1 |
Hello, |
2 |
|
3 |
I installed once again, but this time with default settings and only editing mandatory config files (like fstab). It's the original stage3-x86-hardened-2.6-2006.0.tar.bz2 without rebuilding any packages. Kernel config is mostly default, but with mandatory hardware drivers for disk and net and with PaX enabled. |
4 |
|
5 |
Paxtest now shows this: |
6 |
|
7 |
localhost ~ # paxtest kiddie |
8 |
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@×××××××××.org> |
9 |
Released under the GNU Public Licence version 2 or later |
10 |
|
11 |
Writing output to paxtest.log |
12 |
It may take a while for the tests to complete |
13 |
Test results: |
14 |
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@×××××××××.org> |
15 |
Released under the GNU Public Licence version 2 or later |
16 |
|
17 |
Mode: kiddie |
18 |
Linux localhost 2.6.18-hardened #3 Thu Feb 15 13:33:17 Local time zone must be set--see zic manu i686 Intel(R) Pentium(R) 4 CPU 3.20GHz GenuineIntel GNU/Linux |
19 |
|
20 |
Executable anonymous mapping : Killed |
21 |
Executable bss : Killed |
22 |
Executable data : Killed |
23 |
Executable heap : Killed |
24 |
Executable stack : Killed |
25 |
Executable anonymous mapping (mprotect) : Killed |
26 |
Executable bss (mprotect) : Killed |
27 |
Executable data (mprotect) : Killed |
28 |
Executable heap (mprotect) : Killed |
29 |
Executable stack (mprotect) : Killed |
30 |
Executable shared library bss (mprotect) : Killed |
31 |
Executable shared library data (mprotect): Killed |
32 |
Writable text segments : Killed |
33 |
Anonymous mapping randomisation test : 17 bits (guessed) |
34 |
Heap randomisation test (ET_EXEC) : 13 bits (guessed) |
35 |
Heap randomisation test (ET_DYN) : 23 bits (guessed) |
36 |
Main executable randomisation (ET_EXEC) : No randomisation |
37 |
Main executable randomisation (ET_DYN) : 15 bits (guessed) |
38 |
Shared library randomisation test : 17 bits (guessed) |
39 |
Stack randomisation test (SEGMEXEC) : 23 bits (guessed) |
40 |
Stack randomisation test (PAGEEXEC) : 23 bits (guessed) |
41 |
Return to function (strcpy) : Vulnerable |
42 |
Return to function (memcpy) : Vulnerable |
43 |
Return to function (strcpy, RANDEXEC) : Vulnerable |
44 |
Return to function (memcpy, RANDEXEC) : Vulnerable |
45 |
Executable shared library bss : Killed |
46 |
Executable shared library data : Killed |
47 |
|
48 |
|
49 |
localhost ~ # emerge --info |
50 |
Portage 2.0.53 (hardened/x86/2.6, gcc-3.4.4, glibc-2.3.5-r2, 2.6.18-hardened i686) |
51 |
================================================================= |
52 |
System uname: 2.6.18-hardened i686 Intel(R) Pentium(R) 4 CPU 3.20GHz |
53 |
Gentoo Base System version 1.6.13 |
54 |
app-admin/eselect-compiler: [Not Present] |
55 |
dev-java/java-config: [Not Present] |
56 |
dev-lang/python: 2.4.2 |
57 |
dev-python/pycrypto: [Not Present] |
58 |
dev-util/ccache: [Not Present] |
59 |
dev-util/confcache: [Not Present] |
60 |
sys-apps/sandbox: 1.2.12 |
61 |
sys-devel/autoconf: 2.13, 2.60 |
62 |
sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1, 1.10 |
63 |
sys-devel/binutils: 2.16.1 |
64 |
sys-devel/gcc-config: 1.3.12-r4 |
65 |
sys-devel/libtool: 1.5.20 |
66 |
virtual/os-headers: 2.6.11-r2 |
67 |
ACCEPT_KEYWORDS="x86" |
68 |
AUTOCLEAN="yes" |
69 |
CBUILD="i686-pc-linux-gnu" |
70 |
CFLAGS="-O2 -march=i686" |
71 |
CHOST="i686-pc-linux-gnu" |
72 |
CONFIG_PROTECT="/etc" |
73 |
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" |
74 |
CXXFLAGS="-O2 -march=i686" |
75 |
DISTDIR="/usr/portage/distfiles" |
76 |
FEATURES="autoconfig distlocks sandbox sfperms strict" |
77 |
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" |
78 |
PKGDIR="/usr/portage/packages" |
79 |
PORTAGE_TMPDIR="/var/tmp" |
80 |
PORTDIR="/usr/portage" |
81 |
SYNC="rsync://rsync.gentoo.org/gentoo-portage" |
82 |
USE="x86 berkdb bzip2 crypt dlloader expat hardened midi ncurses nls pam perl pic python readline ssl tcpd udev xorg zlib input_devices_mouse input_devices_keyboard userland_GNU kernel_linux elibc_glibc alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol lcd_devices_bayrad lcd_devices_cfontz lcd_devices_cfontz633 lcd_devices_glk lcd_devices_hd44780 lcd_devices_lb216 lcd_devices_lcdm001 lcd_devices_mtxorb lcd_devices_ncurses lcd_devices_te! |
83 |
xt" |
84 |
Unset: CTARGET, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS, PORTAGE_RSYNC_OPTS, PORTDIR_OVERLAY |
85 |
|
86 |
|
87 |
Kernel config: |
88 |
|
89 |
# |
90 |
# PaX |
91 |
# |
92 |
CONFIG_PAX=y |
93 |
|
94 |
# |
95 |
# PaX Control |
96 |
# |
97 |
# CONFIG_PAX_SOFTMODE is not set |
98 |
# CONFIG_PAX_EI_PAX is not set |
99 |
CONFIG_PAX_PT_PAX_FLAGS=y |
100 |
CONFIG_PAX_NO_ACL_FLAGS=y |
101 |
# CONFIG_PAX_HAVE_ACL_FLAGS is not set |
102 |
# CONFIG_PAX_HOOK_ACL_FLAGS is not set |
103 |
|
104 |
# |
105 |
# Non-executable pages |
106 |
# |
107 |
CONFIG_PAX_NOEXEC=y |
108 |
CONFIG_PAX_PAGEEXEC=y |
109 |
CONFIG_PAX_SEGMEXEC=y |
110 |
# CONFIG_PAX_DEFAULT_PAGEEXEC is not set |
111 |
CONFIG_PAX_DEFAULT_SEGMEXEC=y |
112 |
CONFIG_PAX_EMUTRAMP=y |
113 |
CONFIG_PAX_MPROTECT=y |
114 |
CONFIG_PAX_NOELFRELOCS=y |
115 |
CONFIG_PAX_KERNEXEC=y |
116 |
|
117 |
# |
118 |
# Address Space Layout Randomization |
119 |
# |
120 |
CONFIG_PAX_ASLR=y |
121 |
CONFIG_PAX_RANDKSTACK=y |
122 |
CONFIG_PAX_RANDUSTACK=y |
123 |
CONFIG_PAX_RANDMMAP=y |
124 |
|
125 |
# |
126 |
# Miscellaneous hardening features |
127 |
# |
128 |
CONFIG_PAX_MEMORY_SANITIZE=y |
129 |
CONFIG_PAX_MEMORY_UDEREF=y |
130 |
|
131 |
# |
132 |
# Grsecurity |
133 |
# |
134 |
# CONFIG_GRKERNSEC is not set |
135 |
# CONFIG_KEYS is not set |
136 |
# CONFIG_SECURITY is not set |
137 |
|
138 |
|
139 |
localhost ~ # gcc -v |
140 |
Reading specs from /usr/lib/gcc/i386-pc-linux-gnu/3.4.4/specs |
141 |
Configured with: /var/tmp/portage/gcc-3.4.4-r1/work/gcc-3.4.4/configure --prefix=/usr --bindir=/usr/i386-pc-linux-gnu/gcc-bin/3.4.4 --includedir=/usr/lib/gcc/i386-pc-linux-gnu/3.4.4/include --datadir=/usr/share/gcc-data/i386-pc-linux-gnu/3.4.4 --mandir=/usr/share/gcc-data/i386-pc-linux-gnu/3.4.4/man --infodir=/usr/share/gcc-data/i386-pc-linux-gnu/3.4.4/info --with-gxx-include-dir=/usr/lib/gcc/i386-pc-linux-gnu/3.4.4/include/g++-v3 --host=i386-pc-linux-gnu --build=i386-pc-linux-gnu --disable-altivec --enable-nls --without-included-gettext --with-system-zlib --disable-checking --disable-werror --disable-libunwind-exceptions --disable-multilib --disable-libmudflap --disable-libgcj --enable-languages=c,c++ --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu |
142 |
Thread model: posix |
143 |
gcc version 3.4.4 (Gentoo Hardened 3.4.4-r1, ssp-3.4.4-1.0, pie-8.7.8) |
144 |
|
145 |
|
146 |
It's the first time for me, that paxtest shows something else than Vulnerable. I'll now continue with customising the system and try to find out, which of my actions break PaX. |
147 |
|
148 |
Thank you very much to everyone who helped me in this matter. Your help is appreciated. |
149 |
I'll report back with my findings. |
150 |
|
151 |
Best regards, |
152 |
Tino |
153 |
-- |
154 |
gentoo-hardened@g.o mailing list |