why randmisation result in the results of running paxtest is quality bits?Address space randomization is enhanced randomized bits?
Anonymous mapping randomisation test : 33 quality bits (guessed)
Heap randomisation test (ET_EXEC) : 22 quality bits (guessed)
Heap randomisation test (PIE) : 40 quality bits (guessed)
Main executable randomisation (ET_EXEC) : 33 quality bits (guessed)
Main executable randomisation (PIE) : 33 quality bits (guessed)
Shared library randomisation test : 33 quality bits (guessed)
VDSO randomisation test : 33 quality bits (guessed)
Stack randomisation test (SEGMEXEC) : 40 quality bits (guessed)
Stack randomisation test (PAGEEXEC) : 40 quality bits (guessed)
Arg/env randomisation test (SEGMEXEC) : 44 quality bits (guessed)
Arg/env randomisation test (PAGEEXEC) : 44 quality bits (guessed)
Randomization under memory exhaustion @~0: 33 bits (guessed)
Randomization under memory exhaustion @0 : 33 bits (guessed)
randmisation in the results of paxtest
4 posts
• Page 1 of 1
randmisation in the results of paxtest
by lynliuyan » Tue Jun 16, 2015 11:22 pm
- lynliuyan
- Posts: 18
- Joined: Wed Mar 04, 2015 11:47 pm
Re: randmisation in the results of paxtest
by PaX Team » Wed Jun 17, 2015 5:21 am
randomization measurement isn't exact science, the original algo was written with the PaX style region based randomization in mind and even there it can be off by one bit (e.g., the executable randomization bits should really be 32 as you can verify it from the PaX code). for other schemes it can overestimate the number of bits even more so to provide numbers closer to reality, last year spender added a tweak that tries to do a better estimate (see randbody.c and the weak_bits estimate for the gory details) and added 'quality' to the printed output (not saying that it suddenly became exact science though 
).
).- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
Re: randmisation in the results of paxtest
by lynliuyan » Thu Jun 18, 2015 10:44 pm
I don't understand the code of randbody.c
for( i = 0; i < COUNT; i++ ) {
fp = popen( testprog, "r" );
......
ret = fscanf( fp, "%lx", &tmp );
results[i] = tmp;
and &= tmp;
or |= tmp;
pclose( fp );
}
What is the purpose of this code is?
for( i = 0; i < COUNT; i++ ) {
fp = popen( testprog, "r" );
......
ret = fscanf( fp, "%lx", &tmp );
results[i] = tmp;
and &= tmp;
or |= tmp;
pclose( fp );
}
What is the purpose of this code is?
- lynliuyan
- Posts: 18
- Joined: Wed Mar 04, 2015 11:47 pm
Re: randmisation in the results of paxtest
by PaX Team » Fri Jun 19, 2015 5:34 am
it executes a test program (the various get* ones, you can run them by hand) COUNT times which prints out an address that is read back via fscanf. this address is stored in an array and we also compute a bitwise min/max value of these measurements via logical and/or (this is the part of the algo that assumes the PaX style ASLR approach).
- PaX Team
- Posts: 2310
- Joined: Mon Mar 18, 2002 4:35 pm
4 posts
• Page 1 of 1