FreeBSD 7.2
Oliver Pinter
oliver.pntr at gmail.com
Mon May 18 16:41:24 UTC 2009
Hi all!
here is an paxtest output:
http://www.grsecurity.net/~paxguy1/paxtest-0.9.7-pre5.tar.gz
[oliver at oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest
usage: paxtest [kiddie|blackhat]
[oliver at oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
__________Mode: kiddie________
FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36
CEST 2009 root at oliverp:/usr/obj/usr/src/sys/stable amd64
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
>>>>>>>>> Executable shared library bss (mprotect) : Vulnerable <<<<<<<<<<
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect) : Vulnerable
Anonymous mapping randomisation test : No randomisation
Heap randomisation test (ET_EXEC) : No randomisation
Main executable randomisation (ET_EXEC) : No randomisation
Shared library randomisation test : No randomisation
Stack randomisation test (SEGMEXEC) : No randomisation
Stack randomisation test (PAGEEXEC) : No randomisation
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (strcpy, RANDEXEC) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Vulnerable
[oliver at oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
____________Mode: blackhat__________
FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36
CEST 2009 root at oliverp:/usr/obj/usr/src/sys/stable amd64
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
>>>>>>>>> Executable shared library bss (mprotect) : Killed <<<<<<<<<<<<<<<<<<
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect) : Vulnerable
Anonymous mapping randomisation test : No randomisation
Heap randomisation test (ET_EXEC) : No randomisation
Main executable randomisation (ET_EXEC) : No randomisation
Shared library randomisation test : No randomisation
Stack randomisation test (SEGMEXEC) : No randomisation
Stack randomisation test (PAGEEXEC) : No randomisation
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (strcpy, RANDEXEC) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Vulnerable
[oliver at oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
__________________Mode: kiddie____________
FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36
CEST 2009 root at oliverp:/usr/obj/usr/src/sys/stable amd64
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
>>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable <<<<<<<<<<<<<<<<<<<
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect) : Vulnerable
Anonymous mapping randomisation test : No randomisation
Heap randomisation test (ET_EXEC) : No randomisation
Main executable randomisation (ET_EXEC) : No randomisation
Shared library randomisation test : No randomisation
Stack randomisation test (SEGMEXEC) : No randomisation
Stack randomisation test (PAGEEXEC) : No randomisation
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (strcpy, RANDEXEC) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Vulnerable
oliver at oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter at adamantix.org>
Released under the GNU Public Licence version 2 or later
___________Mode: blackhat_______
FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36
CEST 2009 root at oliverp:/usr/obj/usr/src/sys/stable amd64
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
>>>>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable<<<<<<<<<
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect) : Vulnerable
Anonymous mapping randomisation test : No randomisation
Heap randomisation test (ET_EXEC) : No randomisation
Main executable randomisation (ET_EXEC) : No randomisation
Shared library randomisation test : No randomisation
Stack randomisation test (SEGMEXEC) : No randomisation
Stack randomisation test (PAGEEXEC) : No randomisation
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (strcpy, RANDEXEC) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Vulnerable
Return to function (memcpy, RANDEXEC) : Vulnerable
Executable shared library bss : Killed
Executable shared library data : Killed
Writable text segments : Vulnerable
--------------------
sum
kiddie 1st: Executable shared library bss (mprotect) : Vulnerable
blackhat 1st: Executable shared library bss (mprotect) : Killed
kiddie 2nd: Executable shared library bss (mprotect) : Vulnerable
blackhat 2nd: Executable shared library bss (mprotect) : Vulnerable
it is the interesst part, when in kiddie mode is vulnarable, and in
black mode is too vulnarable, but in first run not..
the running order is: kiddie, blackbat, kiddie, blackhat
ps.:
sorry for the bad english
More information about the freebsd-security
mailing list