Что-то не проходит у меня проверка paxtest:
Код: Выделить всё
# paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: blackhat
Linux media 2.6.32-hardened-r6_v1 #3 SMP Mon May 10 11:37:16 EEST 2010 x86_64 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Killed
Anonymous mapping randomisation test : 33 bits (guessed)
Heap randomisation test (ET_EXEC) : 40 bits (guessed)
Heap randomisation test (ET_DYN) : 40 bits (guessed)
Main executable randomisation (ET_EXEC) : 32 bits (guessed)
Main executable randomisation (ET_DYN) : 32 bits (guessed)
Shared library randomisation test : 33 bits (guessed)
Stack randomisation test (SEGMEXEC) : No randomisation
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : *** buffer overflow detected ***: rettofunc1 - terminated
rettofunc1: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy) : *** buffer overflow detected ***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : *** buffer overflow detected ***: rettofunc1x - terminated
rettofunc1x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected ***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Vulnerable
Executable shared library data : Vulnerable
Ебилд для ядра 2.6.32-r6 взят из оверлея anarchy.
gcc-4.3.4-r4 из hardened-dev :
Код: Выделить всё
gcc-config -l
[1] x86_64-pc-linux-gnu-4.3.4 *
[2] x86_64-pc-linux-gnu-4.3.4-hardenednopie
[3] x86_64-pc-linux-gnu-4.3.4-hardenednopiessp
[4] x86_64-pc-linux-gnu-4.3.4-hardenednossp
[5] x86_64-pc-linux-gnu-4.3.4-vanilla
Профиль был выбран сразу после распаковки последней доступной stage3-amd64-hardened с коследующей пересборкой toolchain, system и оставшегося в мире.
Самое непонятное, что если pax разрешить программный в ядре, то
приводит к следующему результату:
Код: Выделить всё
# paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: blackhat
Linux media 2.6.32-hardened-r6_v1 #3 SMP Mon May 10 11:37:16 EEST 2010 x86_64 Intel(R) Xeon(TM) CPU 3.00GHz GenuineIntel GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomisation test : 28 bits (guessed)
Heap randomisation test (ET_EXEC) : 28 bits (guessed)
Heap randomisation test (ET_DYN) : 28 bits (guessed)
Main executable randomisation (ET_EXEC) : 32 bits (guessed)
Main executable randomisation (ET_DYN) : 28 bits (guessed)
Shared library randomisation test : 28 bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 bits (guessed)
Return to function (strcpy) : *** buffer overflow detected ***: rettofunc1 - terminated
rettofunc1: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy) : *** buffer overflow detected ***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC) : *** buffer overflow detected ***: rettofunc1x - terminated
rettofunc1x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy, RANDEXEC) : *** buffer overflow detected ***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss : Vulnerable
Executable shared library data : Vulnerable
Кусок конфига ядра:
Код: Выделить всё
#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
CONFIG_GRKERNSEC_HARDENED_SERVER=y
# CONFIG_GRKERNSEC_HARDENED_SERVER_NO_RBAC is not set
# CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set
# CONFIG_GRKERNSEC_HARDENED_WORKSTATION_NO_RBAC is not set
# CONFIG_GRKERNSEC_CUSTOM is not set
#
# Address Space Protection
#
CONFIG_GRKERNSEC_KMEM=y
CONFIG_GRKERNSEC_IO=y
CONFIG_GRKERNSEC_PROC_MEMMAP=y
CONFIG_GRKERNSEC_BRUTE=y
CONFIG_GRKERNSEC_MODHARDEN=y
CONFIG_GRKERNSEC_HIDESYM=y
#
# Role Based Access Control Options
#
# CONFIG_GRKERNSEC_NO_RBAC is not set
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30
#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
CONFIG_GRKERNSEC_PROC_USER=y
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
# CONFIG_GRKERNSEC_ROFS is not set
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y
#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
# CONFIG_GRKERNSEC_EXECLOG is not set
CONFIG_GRKERNSEC_RESLOG=y
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set
# CONFIG_GRKERNSEC_AUDIT_PTRACE is not set
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set
#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
# CONFIG_GRKERNSEC_HARDEN_PTRACE is not set
# CONFIG_GRKERNSEC_TPE is not set
#
# Network Protections
#
CONFIG_GRKERNSEC_RANDNET=y
# CONFIG_GRKERNSEC_BLACKHOLE is not set
# CONFIG_GRKERNSEC_SOCKET is not set
#
# Sysctl support
#
CONFIG_GRKERNSEC_SYSCTL=y
CONFIG_GRKERNSEC_SYSCTL_ON=y
#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4
#
# PaX
#
CONFIG_PAX=y
#
# PaX Control
#
CONFIG_PAX_SOFTMODE=y
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set
#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
# CONFIG_PAX_EMUTRAMP is not set
CONFIG_PAX_MPROTECT=y
CONFIG_PAX_NOELFRELOCS=y
CONFIG_PAX_KERNEXEC=y
#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y
#
# Miscellaneous hardening features
#
CONFIG_PAX_MEMORY_SANITIZE=y
CONFIG_PAX_REFCOUNT=y
CONFIG_PAX_USERCOPY=y
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
# CONFIG_SECURITYFS is not set
CONFIG_SECURITY_NETWORK=y
# CONFIG_SECURITY_NETWORK_XFRM is not set
# CONFIG_SECURITY_PATH is not set
CONFIG_SECURITY_FILE_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
# CONFIG_INTEL_TXT is not set
# CONFIG_SECURITY_SMACK is not set
# CONFIG_SECURITY_TOMOYO is not set
# CONFIG_IMA is not set
CONFIG_XOR_BLOCKS=m
CONFIG_ASYNC_CORE=m
CONFIG_ASYNC_MEMCPY=m
CONFIG_ASYNC_XOR=m
CONFIG_ASYNC_PQ=m
CONFIG_ASYNC_RAID6_RECOV=m
CONFIG_ASYNC_TX_DISABLE_PQ_VAL_DMA=y
CONFIG_ASYNC_TX_DISABLE_XOR_VAL_DMA=y
CONFIG_CRYPTO=y
Кто-нибудь может подсказать в чем может быть дело?