Hi! I've just created a package for paxtest in wip. It's a tool to test some pax features.
I've started the paxtest program in 'paxtest kiddie' mode (the one looking for simple vulnerabilities). I see: PaXtest - Copyright(c) 2003-2014 by Peter Busser <[email protected]> and Brad Spengler <[email protected]> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete and CTRL-T reports: load: 1.06 cmd: getshlib 27612 [0x7f7ff7c0d348/11] 16453.99u 107901.91s 99% 456k i.e. that getshlib is working at 99% CPU for over a day now. The paxtest.log output file contains: PaXtest - Copyright(c) 2003-2014 by Peter Busser <[email protected]> and Brad Spengler <[email protected]> Released under the GNU Public Licence version 2 or later Mode: kiddie NetBSD yt.nih.at 7.99.29 NetBSD 7.99.29 (KVOTHE) #145: Sun May 1 22:47:36 CEST 2016 GENERIC amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomization test : 32 quality bits (guessed) Heap randomization test (ET_EXEC) : 23 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Is this a problem with the test program or our pax implementation? I see quite a number of Vulnerable entries, is someone working on improving this? Cheers, Thomas
