Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
PAXtest for the first time
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
samota
n00b
n00b


Joined: 18 Jan 2010
Posts: 6

PostPosted: Fri Feb 19, 2010 8:40 am    Post subject: PAXtest for the first time Reply with quote

Hi people

This is my firs time with Gentoo-Hardened and after doing a paxtest I get this.

Somebody could explain me what It means?

Thank you very much.

Code:
XXX ~ # paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later

Mode: blackhat
Linux Noveu 2.6.28-hardened-r9 #1 SMP Thu Feb 18 14:41:44 Local time zone must be set--see zic  x86_64 Intel(R) Pentium(R) D CPU 3.40GHz GenuineIntel GNU/Linux

Executable anonymous mapping             : Vulnerable
Executable bss                           : Vulnerable
Executable data                          : Vulnerable
Executable heap                          : Vulnerable
Executable stack                         : Vulnerable
Executable anonymous mapping (mprotect)  : Vulnerable
Executable bss (mprotect)                : Vulnerable
Executable data (mprotect)               : Vulnerable
Executable heap (mprotect)               : Vulnerable
Executable stack (mprotect)              : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments                   : Killed
Anonymous mapping randomisation test     : 33 bits (guessed)
Heap randomisation test (ET_EXEC)        : 40 bits (guessed)
Heap randomisation test (ET_DYN)         : 40 bits (guessed)
Main executable randomisation (ET_EXEC)  : 32 bits (guessed)
Main executable randomisation (ET_DYN)   : 32 bits (guessed)
Shared library randomisation test        : 33 bits (guessed)
Stack randomisation test (SEGMEXEC)      : No randomisation
Stack randomisation test (PAGEEXEC)      : 40 bits (guessed)
Return to function (strcpy)              : *** buffer overflow detected ***: rettofunc1 - terminated
rettofunc1: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy)              : *** buffer overflow detected ***: rettofunc2 - terminated
rettofunc2: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (strcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc1x - terminated
rettofunc1x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Return to function (memcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc2x - terminated
rettofunc2x: buffer overflow attack in function <unknown> - terminated
Report to http://bugs.gentoo.org/
Killed
Executable shared library bss            : Vulnerable
Executable shared library data           : Vulnerable
Back to top
View user's profile Send private message
Sadako
Advocate
Advocate


Joined: 05 Aug 2004
Posts: 3789
Location: sleeping in the bathtub

PostPosted: Fri Feb 19, 2010 2:47 pm    Post subject: Reply with quote

Could you post the output of `grep '_GRKERNSEC_\|_PAX'` on your running kernel .config (or /proc/config.gz if enabled), along with `gcc-config -l`?
_________________
"You have to invite me in"
Back to top
View user's profile Send private message
samota
n00b
n00b


Joined: 18 Jan 2010
Posts: 6

PostPosted: Fri Feb 19, 2010 9:40 pm    Post subject: Reply with quote

Hopeless wrote:
Could you post the output of `grep '_GRKERNSEC_\|_PAX'` on your running kernel .config (or /proc/config.gz if enabled), along with `gcc-config -l`?



Thank you for your answer

####################################################
# Security options
#

#
# Grsecurity
#
CONFIG_GRKERNSEC=y
# CONFIG_GRKERNSEC_LOW is not set
# CONFIG_GRKERNSEC_MEDIUM is not set
# CONFIG_GRKERNSEC_HIGH is not set
# CONFIG_GRKERNSEC_HARDENED_SERVER is not set
# CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set
CONFIG_GRKERNSEC_CUSTOM=y

#
# Address Space Protection
#
# CONFIG_GRKERNSEC_KMEM is not set
# CONFIG_GRKERNSEC_IO is not set
# CONFIG_GRKERNSEC_PROC_MEMMAP is not set
# CONFIG_GRKERNSEC_BRUTE is not set
# CONFIG_GRKERNSEC_MODSTOP is not set
CONFIG_GRKERNSEC_HIDESYM=y

#
# Role Based Access Control Options
#
CONFIG_GRKERNSEC_ACL_HIDEKERN=y
CONFIG_GRKERNSEC_ACL_MAXTRIES=3
CONFIG_GRKERNSEC_ACL_TIMEOUT=30

#
# Filesystem Protections
#
CONFIG_GRKERNSEC_PROC=y
# CONFIG_GRKERNSEC_PROC_USER is not set
CONFIG_GRKERNSEC_PROC_USERGROUP=y
CONFIG_GRKERNSEC_PROC_GID=10
CONFIG_GRKERNSEC_PROC_ADD=y
CONFIG_GRKERNSEC_LINK=y
CONFIG_GRKERNSEC_FIFO=y
CONFIG_GRKERNSEC_CHROOT=y
CONFIG_GRKERNSEC_CHROOT_MOUNT=y
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y
CONFIG_GRKERNSEC_CHROOT_PIVOT=y
CONFIG_GRKERNSEC_CHROOT_CHDIR=y
CONFIG_GRKERNSEC_CHROOT_CHMOD=y
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y
CONFIG_GRKERNSEC_CHROOT_MKNOD=y
CONFIG_GRKERNSEC_CHROOT_SHMAT=y
CONFIG_GRKERNSEC_CHROOT_UNIX=y
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y
CONFIG_GRKERNSEC_CHROOT_NICE=y
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y
CONFIG_GRKERNSEC_CHROOT_CAPS=y

#
# Kernel Auditing
#
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set
CONFIG_GRKERNSEC_EXECLOG=y
CONFIG_GRKERNSEC_RESLOG=y
CONFIG_GRKERNSEC_CHROOT_EXECLOG=y
CONFIG_GRKERNSEC_AUDIT_CHDIR=y
CONFIG_GRKERNSEC_AUDIT_MOUNT=y
CONFIG_GRKERNSEC_AUDIT_IPC=y
CONFIG_GRKERNSEC_SIGNAL=y
CONFIG_GRKERNSEC_FORKFAIL=y
CONFIG_GRKERNSEC_TIME=y
CONFIG_GRKERNSEC_PROC_IPADDR=y
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

#
# Executable Protections
#
CONFIG_GRKERNSEC_EXECVE=y
CONFIG_GRKERNSEC_DMESG=y
CONFIG_GRKERNSEC_TPE=y
CONFIG_GRKERNSEC_TPE_ALL=y
# CONFIG_GRKERNSEC_TPE_INVERT is not set
CONFIG_GRKERNSEC_TPE_GID=100

#
# Network Protections
#
# CONFIG_GRKERNSEC_RANDNET is not set
# CONFIG_GRKERNSEC_SOCKET is not set

#
# Sysctl support
#
# CONFIG_GRKERNSEC_SYSCTL is not set

#
# Logging Options
#
CONFIG_GRKERNSEC_FLOODTIME=10
CONFIG_GRKERNSEC_FLOODBURST=4

#
# PaX
#
CONFIG_PAX=y

#
# PaX Control
#
# CONFIG_PAX_SOFTMODE is not set
CONFIG_PAX_EI_PAX=y
CONFIG_PAX_PT_PAX_FLAGS=y
CONFIG_PAX_NO_ACL_FLAGS=y
# CONFIG_PAX_HAVE_ACL_FLAGS is not set
# CONFIG_PAX_HOOK_ACL_FLAGS is not set

#
# Non-executable pages
#
CONFIG_PAX_NOEXEC=y
CONFIG_PAX_PAGEEXEC=y
CONFIG_PAX_EMUTRAMP=y
CONFIG_PAX_MPROTECT=y
# CONFIG_PAX_NOELFRELOCS is not set
# CONFIG_PAX_KERNEXEC is not set

#
# Address Space Layout Randomization
#
CONFIG_PAX_ASLR=y
CONFIG_PAX_RANDUSTACK=y
CONFIG_PAX_RANDMMAP=y

#
# Miscellaneous hardening features
#
# CONFIG_PAX_MEMORY_SANITIZE is not set
# CONFIG_PAX_REFCOUNT is not set
# CONFIG_KEYS is not set
CONFIG_SECURITY=y
CONFIG_SECURITYFS=y
# CONFIG_SECURITY_NETWORK is not set
CONFIG_SECURITY_FILE_CAPABILITIES=y
# CONFIG_SECURITY_ROOTPLUG is not set
CONFIG_SECURITY_DEFAULT_MMAP_MIN_ADDR=65536
CONFIG_CRYPTO=y

###############################################

XXX ~ # gcc-config -l
[1] x86_64-pc-linux-gnu-4.3.4 *
[2] x86_64-pc-linux-gnu-4.3.4-hardenednopie
[3] x86_64-pc-linux-gnu-4.3.4-vanilla
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Sun Feb 21, 2010 5:31 am    Post subject: Reply with quote

ok, so...a few things

-if this is a server, would highly recommend you select the "Hardened Server" option when configuring your kernel; it does a lot of the hard decision-making for you

-if you want to do a custom grsec/pax setup, you're still missing a ton of stuff (see my .config snippet below)

-you're using stock standard GCC (unless you're running the hardened GCC 4.x from one of the overlays, which I highly doubt). You need this for SSP specifically.

In order to use the hardened GCC stuff, among other things, you should set your profile accordingly - note mine:

Code:

gentoob0x log # eselect profile list
Available profile symlink targets:
  [1]   default/linux/amd64/10.0
  [2]   default/linux/amd64/10.0/desktop
  [3]   default/linux/amd64/10.0/developer
  [4]   default/linux/amd64/10.0/no-multilib
  [5]   default/linux/amd64/10.0/server
  [6]   hardened/linux/amd64/10.0 *
  [7]   hardened/linux/amd64/10.0/no-multilib
  [8]   selinux/2007.0/amd64
  [9]   selinux/2007.0/amd64/hardened
  [10]  selinux/v2refpolicy/amd64
  [11]  selinux/v2refpolicy/amd64/desktop
  [12]  selinux/v2refpolicy/amd64/developer
  [13]  selinux/v2refpolicy/amd64/hardened
  [14]  selinux/v2refpolicy/amd64/server


One would normally, after having built out a hardened-sources kernel, and selecting a hardened profile, rebuild their toolchain (gcc, binutils, libc - see following links), then rebuild world

links - http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml and http://www.gentoo.org/proj/en/hardened/grsecurity.xml

For reference, this is my relevant info

Code:

# gcc-config -l
 [1] x86_64-pc-linux-gnu-3.4.6 *
 [2] x86_64-pc-linux-gnu-3.4.6-hardenednopie
 [3] x86_64-pc-linux-gnu-3.4.6-hardenednopiessp
 [4] x86_64-pc-linux-gnu-3.4.6-hardenednossp
 [5] x86_64-pc-linux-gnu-3.4.6-vanilla


Code:

Mode: blackhat
Linux gentoob0x 2.6.28-hardened-r9 #3 SMP Sun Aug 16 21:05:07 CDT 2009 x86_64 AMD Phenom(tm) 9950 Quad-Core Processor AuthenticAMD GNU/Linux

Executable anonymous mapping             : Killed
Executable bss                           : Killed
Executable data                          : Killed
Executable heap                          : Killed
Executable stack                         : Killed
Executable anonymous mapping (mprotect)  : Killed
Executable bss (mprotect)                : Killed
Executable data (mprotect)               : Killed
Executable heap (mprotect)               : Killed
Executable stack (mprotect)              : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments                   : Killed
Anonymous mapping randomisation test     : 33 bits (guessed)
Heap randomisation test (ET_EXEC)        : 40 bits (guessed)
Heap randomisation test (ET_DYN)         : 40 bits (guessed)
Main executable randomisation (ET_EXEC)  : 33 bits (guessed)
Main executable randomisation (ET_DYN)   : 33 bits (guessed)
Shared library randomisation test        : 33 bits (guessed)
Stack randomisation test (SEGMEXEC)      : No randomisation
Stack randomisation test (PAGEEXEC)      : 40 bits (guessed)
Return to function (strcpy)              : Killed
Return to function (memcpy)              : Killed
Return to function (strcpy, RANDEXEC)    : Killed
Return to function (memcpy, RANDEXEC)    : Killed
Executable shared library bss            : Killed
Executable shared library data           : Killed


Code:

CONFIG_GRKERNSEC=y                                       
# CONFIG_GRKERNSEC_LOW is not set                         
# CONFIG_GRKERNSEC_MEDIUM is not set                     
# CONFIG_GRKERNSEC_HIGH is not set                       
CONFIG_GRKERNSEC_HARDENED_SERVER=y                       
# CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set       
# CONFIG_GRKERNSEC_CUSTOM is not set                     
CONFIG_GRKERNSEC_KMEM=y                                   
CONFIG_GRKERNSEC_IO=y                                     
CONFIG_GRKERNSEC_PROC_MEMMAP=y                           
CONFIG_GRKERNSEC_BRUTE=y                                 
CONFIG_GRKERNSEC_MODSTOP=y                               
CONFIG_GRKERNSEC_HIDESYM=y                               
CONFIG_GRKERNSEC_ACL_HIDEKERN=y                           
CONFIG_GRKERNSEC_ACL_MAXTRIES=3                           
CONFIG_GRKERNSEC_ACL_TIMEOUT=30                           
CONFIG_GRKERNSEC_PROC=y                                   
CONFIG_GRKERNSEC_PROC_USER=y                             
CONFIG_GRKERNSEC_PROC_USERGROUP=y                         
CONFIG_GRKERNSEC_PROC_GID=10                             
CONFIG_GRKERNSEC_PROC_ADD=y                               
CONFIG_GRKERNSEC_LINK=y                                   
CONFIG_GRKERNSEC_FIFO=y                                   
CONFIG_GRKERNSEC_CHROOT=y                                 
CONFIG_GRKERNSEC_CHROOT_MOUNT=y                           
CONFIG_GRKERNSEC_CHROOT_DOUBLE=y                         
CONFIG_GRKERNSEC_CHROOT_PIVOT=y                           
CONFIG_GRKERNSEC_CHROOT_CHDIR=y                           
CONFIG_GRKERNSEC_CHROOT_CHMOD=y                           
CONFIG_GRKERNSEC_CHROOT_FCHDIR=y                         
CONFIG_GRKERNSEC_CHROOT_MKNOD=y                           
CONFIG_GRKERNSEC_CHROOT_SHMAT=y                           
CONFIG_GRKERNSEC_CHROOT_UNIX=y                           
CONFIG_GRKERNSEC_CHROOT_FINDTASK=y                       
CONFIG_GRKERNSEC_CHROOT_NICE=y                           
CONFIG_GRKERNSEC_CHROOT_SYSCTL=y                         
CONFIG_GRKERNSEC_CHROOT_CAPS=y                           
# CONFIG_GRKERNSEC_AUDIT_GROUP is not set                 
# CONFIG_GRKERNSEC_EXECLOG is not set                     
CONFIG_GRKERNSEC_RESLOG=y                                 
# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set             
# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set                 
CONFIG_GRKERNSEC_AUDIT_MOUNT=y                           
# CONFIG_GRKERNSEC_AUDIT_IPC is not set                   
CONFIG_GRKERNSEC_SIGNAL=y                                 
CONFIG_GRKERNSEC_FORKFAIL=y                               
CONFIG_GRKERNSEC_TIME=y                                   
CONFIG_GRKERNSEC_PROC_IPADDR=y                           
# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set               
CONFIG_GRKERNSEC_EXECVE=y                                 
CONFIG_GRKERNSEC_DMESG=y                                 
CONFIG_GRKERNSEC_TPE=y                                   
CONFIG_GRKERNSEC_TPE_ALL=y                               
CONFIG_GRKERNSEC_TPE_INVERT=y                             
CONFIG_GRKERNSEC_TPE_GID=10                               
CONFIG_GRKERNSEC_RANDNET=y                               
# CONFIG_GRKERNSEC_SOCKET is not set                     
CONFIG_GRKERNSEC_SYSCTL=y                                 
CONFIG_GRKERNSEC_SYSCTL_ON=y                             
CONFIG_GRKERNSEC_FLOODTIME=10                             
CONFIG_GRKERNSEC_FLOODBURST=4                             
CONFIG_PAX=y                                             
# CONFIG_PAX_SOFTMODE is not set                         
CONFIG_PAX_EI_PAX=y                                       
CONFIG_PAX_PT_PAX_FLAGS=y                                 
# CONFIG_PAX_NO_ACL_FLAGS is not set                     
CONFIG_PAX_HAVE_ACL_FLAGS=y                               
# CONFIG_PAX_HOOK_ACL_FLAGS is not set                   
CONFIG_PAX_NOEXEC=y                                       
CONFIG_PAX_PAGEEXEC=y                                     
# CONFIG_PAX_EMUTRAMP is not set                         
CONFIG_PAX_MPROTECT=y                                     
CONFIG_PAX_NOELFRELOCS=y                                 
CONFIG_PAX_ASLR=y                                         
CONFIG_PAX_RANDUSTACK=y                                   
CONFIG_PAX_RANDMMAP=y                                     
CONFIG_PAX_MEMORY_SANITIZE=y                             
CONFIG_PAX_REFCOUNT=y

_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
samota
n00b
n00b


Joined: 18 Jan 2010
Posts: 6

PostPosted: Sun Feb 21, 2010 5:25 pm    Post subject: Reply with quote

Thank you

Im gonna change sthgs and post it here as It goes.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum