Date: Mon, 18 May 2009 18:08:40 +0200 From: Oliver Pinter <oliver.pntr@gmail.com> To: freebsd-security@freebsd.org Subject: FreeBSD 7.2 Message-ID: <6101e8c40905180908x6d80b279n919fdcc3890e69f6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all! here is an paxtest output: http://www.grsecurity.net/~paxguy1/paxtest-0.9.7-pre5.tar.gz [oliver@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest usage: paxtest [kiddie|blackhat] [oliver@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later __________Mode: kiddie________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 root@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>> Executable shared library bss (mprotect) : Vulnerable <<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable [oliver@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later ____________Mode: blackhat__________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 root@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>> Executable shared library bss (mprotect) : Killed <<<<<<<<<<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable [oliver@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later __________________Mode: kiddie____________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 root@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable <<<<<<<<<<<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable oliver@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later ___________Mode: blackhat_______ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 root@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable -------------------- sum kiddie 1st: Executable shared library bss (mprotect) : Vulnerable blackhat 1st: Executable shared library bss (mprotect) : Killed kiddie 2nd: Executable shared library bss (mprotect) : Vulnerable blackhat 2nd: Executable shared library bss (mprotect) : Vulnerable it is the interesst part, when in kiddie mode is vulnarable, and in black mode is too vulnarable, but in first run not.. the running order is: kiddie, blackbat, kiddie, blackhat ps.: sorry for the bad english
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6101e8c40905180908x6d80b279n919fdcc3890e69f6>