Flaw resides in BTB helps bypass ASLR
Hello, http://news.softpedia.com/news/researchers-bypass-aslr-protection-on-intel-ha swell-cpu-509460.shtml paper: http://www.cs.ucr.edu/~nael/pubs/micro16.pdf[http://www.cs.ucr.edu/~nael/pubs /micro16.pdf] could we somehow prevent this attack on OpenBSD?
Re: SSHowDowN
wow, thanks for the reply! "At the time I was running an AnonCVS server and I had realized that the anonymously connecting clients could use port forwarding to bounce TCP connections off the server." was this fixed meanwhile? Sent: Tuesday, October 18, 2016 at 5:01 PM From: "Christian Weisgerber" <na...@mips.inka.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 2016-10-18, "Peter Janos" <peterjan...@mail.com> wrote: > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? It has always been like this. OpenSSH inherited it from Ylønen-SSH. In the beginning, OpenSSH didn't even have a configuration option to disable port forwarding. Sixteen years ago Markus committed the diff I had submitted that added the AllowTcpForwarding option. ---> CVSROOT: /cvs Module name: src Changes by: mar...@cvs.openbsd.org 2000/10/14 06:12:09 Modified files: usr.bin/ssh : servconf.c servconf.h serverloop.c session.c sshd.8 Log message: AllowTcpForwarding; from naddy@ <--- At the time I was running an AnonCVS server and I had realized that the anonymously connecting clients could use port forwarding to bounce TCP connections off the server. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: SSHowDowN
having the username for password is yes, almost the biggest retarded idiotism in 2016, but disabling AllowTcpForwarding by default could help a little and a little in this case is big. I hope this admin user doesn't have permission to change shell, etc.. And in this general case (iot) , they have /sbin/nologin, so hopefully not. That's why AllowTcpForwarding=no by default could help in general. heck, it even has a CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1653 Sent: Tuesday, October 18, 2016 at 11:05 AM From: "Christian Gruhl" <cgr...@uni-kassel.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:56 AM, Peter Janos wrote: > sometimes I send mails in HTML format, sorry for that, mail.com has this by > default.. > > so the PDF also states that the "admin" user had /sbin/nologin for shell > > -- > http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 ... > Note that disabling TCP forwarding does not improve security unless users are > also denied shell access > > so having AllowTcpForwarding=NO would help. > > Why is it yes by default? someone requested it to be yes? does anybody know? > > Thanks. See the DenyUsers option for sshd_config: http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5[http://man.openbsd. org/OpenBSD-current/man5/sshd_config.5] That should allow you to prevent the forwarding as well. Using tcp forwarding is allows to establish secure tunnels between systems that are not directly reachable without the need for a full blown vpn. But this is just my opinion.
Re: SSHowDowN
sometimes I send mails in HTML format, sorry for that, mail.com has this by default.. so the PDF also states that the "admin" user had /sbin/nologin for shell -- http://man.openbsd.org/OpenBSD-current/man5/sshd_config.5 AllowTcpForwarding Specifies whether TCP forwarding is permitted. The available options are yes (the default) or all to allow TCP forwarding, no to prevent all TCP forwarding, local to allow local (from the perspective of ssh(1)) forwarding only or remote to allow remote forwarding only. Note that disabling TCP forwarding does not improve security unless users are also denied shell access, as they can always install their own forwarders. -- -->> Note that disabling TCP forwarding does not improve security unless users are also denied shell access so having AllowTcpForwarding=NO would help. Why is it yes by default? someone requested it to be yes? does anybody know? Thanks. Sent: Tuesday, October 18, 2016 at 10:46 AM From: "Christian Gruhl" <cgr...@uni-kassel.de> To: misc@openbsd.org Subject: Re: SSHowDowN On 10/18/2016 10:41 AM, Sol��ne Rapenne wrote: > Le 2016-10-18 10:35, Peter Janos a ��crit : >> shouldn't the default be "no" for the AllowTcpForwarding? Why is an >> insecure option "yes" by default? >> https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshow down-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pd f >> >> Thanks. > > from sshd_config(5) > > AllowTcpForwarding > Specifies whether TCP forwarding is permitted. The available > options are yes (the default) or all to allow TCP > forwarding, no > to prevent all TCP forwarding, local to allow local (from the > perspective of ssh(1)) forwarding only or remote to allow > remote > forwarding only. Note that disabling TCP forwarding does not > improve security unless users are also denied shell access, as > they can always install their own forwarders. > Also the article states that "We checked our factory-defaulted device and noticed that the ���admin:admin��� credential pair allows us to connect to the web-based configuration interface." Using such a weak password is more likely the problem, than the enabled TCP forward. [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
SSHowDowN
shouldn't the default be "no" for the AllowTcpForwarding? Why is an insecure option "yes" by default? https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf Thanks.
Re: What are the security features in OpenBSD 6.0 that are by default disabled?
use S for extras security at the expense of performance. Use other options only if you know what you are doing and have specific needs. BTW, ssh and sshd enable S by themselves. -Otto -> so "S" is the best way, Thanks! :) Sent: Friday, October 14, 2016 at 12:20 PM From: "Otto Moerbeek" <o...@drijf.net> To: "Peter Janos" <peterjan...@mail.com> Cc: "openbsd misc" <misc@openbsd.org> Subject: Re: What are the security features in OpenBSD 6.0 that are by default disabled? On Fri, Oct 14, 2016 at 09:21:24AM +0200, Peter Janos wrote: > Hello, > > I know some features that can give additional security isn't turned on due to > because of the bad quality of the code in ports and some also decreases > performance (or disables a feature, ex.: screenlock doesn't work if nosuid > set, but if feature not used, nousid can be used). > > I only know about these "security hardenings", hopefully all are ok (if not, > please say/argue!): > > == > ln -s GJU /etc/malloc.conf $ man man.conf | grep security -Otto
Fw: RE: RE: OpenBSD PaX Test question
if anyone interested, correction for the pax topic Sent: Tuesday, October 11, 2016 at 3:57 PM From: "W. Dean Freeman" <wdfree...@acumensecurity.net> To: "'Peter Janos'" <peterjan...@mail.com> Subject: RE: RE: OpenBSD PaX Test questionIncreasing the stack gap size isn't necessarily bad or good. Basically, you're adjusting the run-time value of a gap page that gets inserted at the top of a new stack frame, so that when an attacker is analyzing a binary and attempting to write an exploit, there is an unknown-at-compile-time number of bytes which have to be included when building the exploit and attempting to over-write the return address to the previous stack frame. It's just one of a series of mitigations against buffer overflows (like stack canaries, W^X, etc. You're also here adjusting the amount of room there is to play with when randomzing addresses for ASLR, at least as is my understanding. So, I doubt it hurts anything, but given the general strength of ASLR, stack gaps, stack cookies, the new W^X feature, etc. I'm not sure it's really necessary. If you really want to play with something fun that may ferret out bugs either in your code or in things you get from ports, turn on memory junking in the /etc/malloc.conf. For a discussion on some fun around that, see here: https://www.youtube.com/watch?v=YYf1U0xcHmk To the second question, there isn't any magic to what I'm doing in that program and between screenshots from GDB and a description of what's going on, you should be able to reconstruct it. There are three basic tests: 1. Attempt to mmap(2) a page of memory with permissions PROT_WRITE|PROT_EXEC ** on OpenBSD, this will cause the program to abort. On HardenedBSD or NetBSD, you'll get a writable page of memory back ** If you get the page back, I put a bit of do-nothing shell code into the mapped buffer, then write a function pointer to it and attempt to execute in order to cause a page fault there and record the violation is caught properly, proving that I didn't get W|X memory 2. attempt to map a page of memory as writable then mprotect() to W|X. With PaX, the page stays writable. OpenBSD will abort the processes here ** I did share a version with Red Hat through technical community channels, which included proof via live shell code that even if you turn off execmem allocation in SELinux, that you get no protection around mprotect and can still get a shell here. 3. Attempt to map a page of memory as executable and then mprotect() to W|X. Again, OpenBSD will abort this but PaX just gives you back what you had originally I may be able to share the tool, but it basically just does a subset of what is in the paxtest, geared directly at three sub-cases for one security functional requirement which isn't even mandatory right now. However, RedHat didn't want to burn political capital with the Linux kernel devs pushing for it when OpenBSD didn't even turn it on. Now that they have, there may be a better case to be made in that regard. - W. Dean Freeman, CISSP, CSSLP, GCIH Lead Security Engineer Mobile: +1.8048158786 wdfree...@acumensecurity.net http://www.acumensecurity.net -Original Message- From: Peter Janos [mailto:peterjan...@mail.com] Sent: Tuesday, October 11, 2016 2:23 AM To: W. Dean Freeman <wdfree...@acumensecurity.net> Subject: Re: RE: OpenBSD PaX Test question Only two question: == 1) Increasing kern.stackgap_random=262144 to kern.stackgap_random=16777216 increases the "14 quality bits" to "20 quality bits". Stack randomization test (SEGMEXEC) : 20 quality bits (guessed) Stack randomization test (PAGEEXEC) : 20 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 20 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 20 quality bits (guessed is this a wise thing to do? Does setting the kern.stackgap_random to 16777216 increases security? == 2) Can we have the cc-memtest binary or source? Or it is not public. http://blog.acumensecurity.net/revisiting-wx-with-openbsd-6-0/ == Many Thanks! > Sent: Monday, October 10, 2016 at 5:46 PM > From: "W. Dean Freeman" <wdfree...@acumensecurity.net> > To: "'Peter Janos'" <peterjan...@mail.com> > Subject: RE: OpenBSD PaX Test question > > Sure, go ahead. > > > > > > > > From: Peter Janos [mailto:peterjan...@mail.com] > Sent: Monday, October 10, 2016 11:46 AM > To: W. Dean Freeman <wdfree...@acumensecurity.net> > Subject: Re: OpenBSD PaX Test question > > > > can I post this as an anser on stackexchange? > > Thank you! > > Sent: Monday, October 10, 2016 at 4:36 PM > From: "W. Dean Freeman" <wdfree...@acumensecurity.net > <mailto:wdfree...@acumensecurity.net> > > To: peterjan...@mail.com <mailto:peterj
Re: What are the security features in OpenBSD 6.0 that are by default disabled?
remote supervisor/console solutions are still turned on while the server is off, so simply powering off the OS isn't enough.there were/will be many bugs for these remote console solutions too Sent: Friday, October 14, 2016 at 9:48 PM From: "Raul Miller"To: "thrph.i...@gmail.com" Cc: "OpenBSD general usage list" Subject: Re: What are the security features in OpenBSD 6.0 that are by default disabled?On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com wrote: > " The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. " Powered off works surprisingly well for some other operating systems. -- Raul
What are the security features in OpenBSD 6.0 that are by default disabled?
Hello, I know some features that can give additional security isn't turned on due to because of the bad quality of the code in ports and some also decreases performance (or disables a feature, ex.: screenlock doesn't work if nosuid set, but if feature not used, nousid can be used). I only know about these "security hardenings", hopefully all are ok (if not, please say/argue!): == ln -s GJU /etc/malloc.conf == Remove wxallowed from /etc/fstab == echo 'kern.stackgap_random=16777216' >> /etc/sysctl.conf == Remove all SUID and SGID permissions and all FS must have "nosuid". == Add noexec, nodev where you can in fstab, but can be bypassed.. == All filesystems that are only modified during software install and removal need to be read-only. They can be only rw if sw install/removal happens. == Remove all files that is not needed for the machine to operate/do its purpose. == echo "sysctl kern.securelevel=2" > /etc/rc.securelevel == Make as many files immutable with "chflags schg filenamehere" as you can. == If using X (so desktop) only use dangerous softwares (webbrowser, any viewer software: pdf, video, audio, torrent client, etc.) with another (limited) user! == The purpose of this mail to find more... what are the other security features that are disabled in the default install? - ps.: it would be nice to have a feature in the default installer to install with full disc encryption :) we still have to escape to shell during install and ex.: install60.iso (S)hell dmesg | grep MB # or: sysctl hw.disknames dd if=/dev/urandom of=/dev/rsd0c bs=1m # not needed, only for paranoids dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 fdisk -iy sd0 disklabel -E sd0 a a enter enter RAID w q bioctl -c C -l /dev/sd0a -r 2000 softraid0 # use a random high iteration number x > 10 000 000 exit Start install to the newly created bioctl/crypt raid device: sdX, where X is ex.: 2... with a random (but very high) number for iteration, afaik iteration only counts when typing in the password, much higher iteration would slow down brute-force attackers. - Many thanks.
New OpenSSL double-free and invalid free vulnerabilities in X509 parsing
Hello gods, http://seclists.org/fulldisclosure/2016/Oct/62 -> https://github.com/guidovranken/openssl-x509-vulnerabilities a little bit old, but LibreSSL got this? The original X509_NAME decode free code was buggy: this could result in double free or leaks if a malloc failure occurred. Simplify and fix the logic. Thanks to Guido Vranken for reporting this issue. Reviewed-by: Matt Caswell(Merged from #1691) Thanks!
Re: Fix paxtest output on OpenBSD 6.0?
It went out twice, sorry. First I sent the below mail, but after even hours it didn't showed up, I thought maybe length restriction, so I sent the mail again without the below "RAW" part, with that it was displayed in a few minutes. Whatever, the paxtest compares are here in a picture too (mirror urls), more readable to the human eye: https://s22.postimg.org/f169vbabl/paxtest_openbsd.pnghttps://i.imgsafe.org/22cb7604d4.pnghttps://lut.im/C3F0KIhF6O/GPjZ5bRQrTK8fLpg.png Is W^X causing the "Vulnerable" lines? Is it still ok, because of "bad test"? or is it really a security problem?? install60.iso Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, PIE) : Vulnerable Increasing kern.stackgap_random=262144 to kern.stackgap_random=16777216 increases the: Stack randomization test (SEGMEXEC) : 14 quality bits (guessed) Stack randomization test (PAGEEXEC) : 14 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 14 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 14 quality bits (guessed) "to 20 quality bits". Thanks! Sent: Sunday, October 02, 2016 at 12:12 PM From: "Peter Janos" <peterjan...@mail.com> To: misc@openbsd.org Subject: Fix paxtest output on OpenBSD 6.0?Fix paxtest output on OpenBSD 6.0? Hallo :) Also I included a few other OS. Mirror for the post is here: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz If anyone has outputs for NetBSD and DragonFlyBSD, please post. Always used blackhat mode. ## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mapping Killed debian-8.6.0-amd64-CD-1.txt Executable anonymous mapping Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mapping Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mapping Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mapping Killed linuxmint-18-cinnamon-64bit.txt Executable anonymous mapping Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mapping Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txt Executable anonymous mapping Killed ubuntu-16.04.1-server-amd64.txt Executable anonymous mapping Killed ### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable bss Killed ubuntu-16.04.1-desktop-amd64.txt Executable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-
Fix paxtest output on OpenBSD 6.0?
Fix paxtest output on OpenBSD 6.0? Hallo :) Also I included a few other OS. Mirror for the post is here: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz If anyone has outputs for NetBSD and DragonFlyBSD, please post. Always used blackhat mode. ## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mappingKilled debian-8.6.0-amd64-CD-1.txt Executable anonymous mappingKilled Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mappingKilled Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mappingKilled linuxmint-18-cinnamon-64bit.txt Executable anonymous mappingKilled openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mappingKilled SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txtExecutable anonymous mappingKilled ubuntu-16.04.1-server-amd64.txt Executable anonymous mappingKilled ### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable bss Killed ubuntu-16.04.1-desktop-amd64.txtExecutable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data Killed install60.txt Executable data Killed linuxmint-18-cinnamon-64bit.txt Executable data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable data Killed ubuntu-16.04.1-desktop-amd64.txtExecutable data Killed ubuntu-16.04.1-server-amd64.txt Executable data Killed ### CentOS-7-x86_64-Everything-1511.txt Executable heap Killed debian-8.6.0-amd64-CD-1.txt Executable heap Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable heap Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap Killed install60.txt Executable heap Killed linuxmint-18-cinnamon-64bit.txt Executable heap Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable heap Killed ubuntu-16.04.1-desktop-amd64.txtExecutable heap Killed
Fix paxtest output on OpenBSD 6.0?
Hallo :) Also I included a few other OS. Mirror for the post: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz If anyone has outputs for NetBSD and DragonFlyBSD, please post. Always used blackhat mode. ## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mappingKilled debian-8.6.0-amd64-CD-1.txt Executable anonymous mappingKilled Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mappingKilled Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mappingKilled FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mappingKilled HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mappingKilled linuxmint-18-cinnamon-64bit.txt Executable anonymous mappingKilled openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mappingKilled SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txtExecutable anonymous mappingKilled ubuntu-16.04.1-server-amd64.txt Executable anonymous mappingKilled ### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable bss Killed ubuntu-16.04.1-desktop-amd64.txtExecutable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data Killed install60.txt Executable data Killed linuxmint-18-cinnamon-64bit.txt Executable data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable data Killed ubuntu-16.04.1-desktop-amd64.txtExecutable data Killed ubuntu-16.04.1-server-amd64.txt Executable data Killed ### CentOS-7-x86_64-Everything-1511.txt Executable heap Killed debian-8.6.0-amd64-CD-1.txt Executable heap Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap Killed Fedora-Workstation-netinst-x86_64-24-1.2.txtExecutable heap Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap Killed install60.txt Executable heap Killed linuxmint-18-cinnamon-64bit.txt Executable heap Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txtExecutable heap Killed ubuntu-16.04.1-desktop-amd64.txtExecutable heap Killed ubuntu-16.04.1-server-amd64.txt Executable heap Killed