grsecurity forums

[int80]

Apologies up front if this subject has already been covered, and I've just not found the proper answer.

Upon running paxtest in either mode [kiddie|blackhat], the randomisation results appear as follows:

Code: Select all

Anonymous mapping randomisation test     : 17 bits (guessed)
Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
Heap randomisation test (ET_DYN)         : 23 bits (guessed)
Main executable randomisation (ET_EXEC)  : 17 bits (guessed)
Main executable randomisation (ET_DYN)   : 17 bits (guessed)
Shared library randomisation test        : 17 bits (guessed)
Stack randomisation test (SEGMEXEC)      : 23 bits (guessed)
Stack randomisation test (PAGEEXEC)      : 23 bits (guessed)

The output from uname is:

Code: Select all

Linux hostname 2.6.23.9-grsec #1 SMP Thu Jan 3 04:21:04 EST 2008 i686 GNU/Linux

In what ways can the randomisation results be improved such that they cannot be guessed? Or am I misinterpreting the results? If this has been answered somewhere, please feel free to post relevant links. Thanks.

[PaX Team]

In what ways can the randomisation results be improved such that they cannot be guessed? Or am I misinterpreting the results?

yes you are . the 'guessed' refers to the fact that the entropy observed by the various tests wasn't calculated precisely, but rather a simple algorithm estimated (read: guessed) its amount (so it can be off by a bit, or even more depending on how the randomization scheme works, the algo was tailored for PaX style ASLR).

[int80]

Thanks for the response. I saw your reply shortly after you posted it, but have been side-tracked with other things. Sorry about my misunderstanding, and thanks again for the information.