FS#52089 : [linux-grsec] paxtest: Main executable randomization (ET

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#52089 - [linux-grsec] paxtest: Main executable randomization (ET_EXEC) : No randomization

Attached to Project: Community Packages
Opened by Joe Gabinsky (SpuriousStar) - Friday, 09 December 2016, 12:09 GMT
Last edited by Doug Newgard (Scimmia) - Friday, 09 December 2016, 14:54 GMT

Task Type	Support Request
Category	Packages
Status	Closed
Assigned To	No-one
Architecture	All
Severity	Low
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

After executing paxtest with linux-grsec kernel, output indicates that there is no randomization in main executable. That differs from output showed in wiki https://wiki.archlinux.org/index.php/PaX . I don't know if it's desired behaviour.

Additional info:
* linux-grsec 4.8.12, paxd daemon installed
* paxtest log:

paxtest blackhat

Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Killed
Anonymous mapping randomization test : 28 quality bits (guessed)
Heap randomization test (ET_EXEC) : 22 quality bits (guessed)
Heap randomization test (PIE) : 35 quality bits (guessed)
Main executable randomization (ET_EXEC) : No randomization
Main executable randomization (PIE) : 27 quality bits (guessed)
Shared library randomization test : 28 quality bits (guessed)
VDSO randomization test : 28 quality bits (guessed)
Stack randomization test (SEGMEXEC) : 35 quality bits (guessed)
Stack randomization test (PAGEEXEC) : 35 quality bits (guessed)
Arg/env randomization test (SEGMEXEC) : 39 quality bits (guessed)
Arg/env randomization test (PAGEEXEC) : 39 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 28 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 27 quality bits (guessed)
Randomization under memory exhaustion @~0: 28 bits (guessed)
Randomization under memory exhaustion @0 : 28 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Vulnerable
Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) : Vulnerable

This task depends upon

Closed by Doug Newgard (Scimmia)
Friday, 09 December 2016, 14:54 GMT
Reason for closing: Not a bug

Comments (2)
Related Tasks (0/0)

Comment by Brad Spengler (spendergrsec) - Friday, 09 December 2016, 12:51 GMT

It is expected. ET_EXEC randomization was only possible in the past via the RANDEXEC feature which was removed in favor of simply using ET_DYN (PIE) binaries. Perhaps the results from the page you linked were created with a version of paxtest where it didn't override a gcc forcing PIE on every binary. Either way, the results you see are correct.

-Brad

Comment by Joe Gabinsky (SpuriousStar) - Friday, 09 December 2016, 12:58 GMT

Thank you for explanation

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Community Packages

FS#52089 - [linux-grsec] paxtest: Main executable randomization (ET_EXEC) : No randomization

Details

Loading...