Closed ghost closed 7 years ago
You aren't even running the test with this project in the first place as demonstrated by the kernel version and the results you partially cut off on the bottom. It would probably be a good idea to understand the tests that you're running and actually run them against the project that you're bashing instead of something else. The mprotect tests pass with either PaX MPROTECT without soft mode enabled or SELinux without the memory protection features (execmem, execheap, execstack, execmod) disabled.
By the way, PaX doesn't fully pass paxtest since it's userspace that's responsible for implementing something to pass the Return to function (strcpy)
and Return to function (memcpy, PIE)
tests. The paxtest suite is also not a test of kernel self-protection in any way, it's a test of userspace hardening some of which is via the kernel. Most of PaX is focused on kernel self protection. This is only a test of earlier features (ASLR, MPROTECT / SELinux memory protections) and it hasn't been expanded much even in that area.
https://aur.archlinux.org/packages/linux-libre-hardened/ - this is the kernel which i'm ran (in the sources list has this project patch)
so, if pax test a userspace - come out this project don't protect that from exploits mitigation?
https://wiki.archlinux.org/index.php?title=PaX&oldid=473942#Testing_the_userspace_features
by the way, i have nothing against the project - it's just a (security) note
Read the responses I wrote. The tests pass with linux-hardened and a nearly empty stub SELinux policy where everything is unconfined beyond the memory protection features. If you don't enable the relevant security features, they won't pass. The same thing applies to PaX / grsecurity. The linux-grsec package on Arch Linux didn't pass those tests without paxd installed which disabled soft mode.
by the way, i have nothing against the project - it's just a (security) note
It's not a security note, it's your misunderstanding and reluctance to read the responses explaining it to you.
And as I already said, it's pretty clear you aren't using this from "4.10.16" and the entropy output. This project has never released a patch for 4.10. Not only are you misunderstanding what you're testing, but you are not testing this project.
PaXtest - Copyright(c) 2003-2016 by Peter Busser peter@adamantix.org and Brad Spengler spender@grsecurity.net Released under the GNU Public Licence version 2 or later
Mode: 1 Blackhat Kernel: Linux 4.10.16-gnu-1-hardened SMP x86_64 GNU/Linux
Test results: /usr/bin/paxtest: string 69: /usr/lib/paxtest/gcc: no such file
Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) :
p.s.
you call this "hardened kernel" ;)