On Tue, 4 Nov 2003 [EMAIL PROTECTED] wrote: > second, paxtest had some bugs which Exec-Shield exposed and made > Exec-Shield appear better than it is. i've fixed them here and > expect to release 0.9.5 today or so. the results now look like:
i downloaded the new 0.9.5 paxtest package and amongst other changes it has the following oneliner change: --- paxtest-0.9.4/body.c +++ paxtest-0.9.5/body.c @@ -29,6 +29,7 @@ fflush( stdout ); if( fork() == 0 ) { + do_mprotect((unsigned long)argv & ~4095U, 4096, PROT_READ|PROT_WRITE|PROT_EXEC); doit(); } else { wait( &status ); this intentionally calls mprotect(PROT_EXEC) for the highest possible address one can think of. This call has no useful purpose at all. In other words, this is a specific, underhand cheat to trigger 'Vulnerable' messages for all items when running paxtest on exec-shield kernels. Bravo! frankly, i've never experienced anything like this in my many years in the Linux world. You so far gave the impression of a reasonable and balanced person but this is as low as it gets. Shame on you. here are the paxtest-0.9.5 results with that single purpose-less line removed, for the categories that matter to me: Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Anonymous mapping randomisation test : 8 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 13 bits (guessed) Main executable randomisation (ET_EXEC) : No randomisation Main executable randomisation (ET_DYN) : 12 bits (guessed) Shared library randomisation test : 12 bits (guessed) Stack randomisation test (SEGMEXEC) : 17 bits (guessed) Stack randomisation test (PAGEEXEC) : 17 bits (guessed) Executable shared library bss : Vulnerable Executable shared library data : Vulnerable Ingo