Hi all! here is an paxtest output:
http://www.grsecurity.net/~paxguy1/paxtest-0.9.7-pre5.tar.gz [oli...@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest usage: paxtest [kiddie|blackhat] [oli...@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later __________Mode: kiddie________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 r...@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>> Executable shared library bss (mprotect) : Vulnerable <<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable [oli...@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later ____________Mode: blackhat__________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 r...@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>> Executable shared library bss (mprotect) : Killed <<<<<<<<<<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable [oli...@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest kiddie PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later __________________Mode: kiddie____________ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 r...@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable >>>>>>>>>>><<<<<<<<<<<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable oli...@oliverp /tmp/paxtest-0.9.7-pre5]$ ./paxtest blackhat PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003,2004 by Peter Busser <[email protected]> Released under the GNU Public Licence version 2 or later ___________Mode: blackhat_______ FreeBSD oliverp 7.2-STABLE FreeBSD 7.2-STABLE #20: Sat May 9 21:13:36 CEST 2009 r...@oliverp:/usr/obj/usr/src/sys/stable amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable >>>>>>>>>>>>>Executable shared library bss (mprotect) : Vulnerable<<<<<<<<< Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : No randomisation Main executable randomisation (ET_EXEC) : No randomisation Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : No randomisation Stack randomisation test (PAGEEXEC) : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, RANDEXEC) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable -------------------- sum kiddie 1st: Executable shared library bss (mprotect) : Vulnerable blackhat 1st: Executable shared library bss (mprotect) : Killed kiddie 2nd: Executable shared library bss (mprotect) : Vulnerable blackhat 2nd: Executable shared library bss (mprotect) : Vulnerable it is the interesst part, when in kiddie mode is vulnarable, and in black mode is too vulnarable, but in first run not.. the running order is: kiddie, blackbat, kiddie, blackhat ps.: sorry for the bad english _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
