paxtest tests not failing on kvm guest
Posted: Tue Feb 03, 2015 8:41 pm
Good evening,
Been playing with grsec for years on baremetal and just spun up a new VM using proxmox/kvm.
Fresh copy of debian 7.8 and downloaded/compiled:
Kernel 3.2.66 (vanilla from kernel.org)
grsecurity-3.0-3.2.66-201502021851.patch
enabled grsec:
config method (automatic)
usage type (server)
Virtualization Type (guest)
Virtualization Software(KVM)
Required Priorities (Security)
when I run paxtest (0.9.13) after rebooting with new grsec kernel. most tests show vulnerable:
Mode: kiddie
Linux box01 3.2.66-grsec #1 SMP Tue Feb 3 15:15:14 CST 2015 x86_64 GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Killed
Executable shared library bss : Vulnerable
Executable shared library data : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Killed
Anonymous mapping randomisation test : 29 quality bits (guessed)
Heap randomisation test (ET_EXEC) : 22 quality bits (guessed)
Heap randomisation test (PIE) : 35 quality bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (PIE) : 27 quality bits (guessed)
Shared library randomisation test : 29 quality bits (guessed)
VDSO randomisation test : 29 quality bits (guessed)
Stack randomisation test (SEGMEXEC) : 35 quality bits (guessed)
Stack randomisation test (PAGEEXEC) : 35 quality bits (guessed)
Arg/env randomisation test (SEGMEXEC) : 39 quality bits (guessed)
Arg/env randomisation test (PAGEEXEC) : 39 quality bits (guessed)
Randomization under memory exhaustion @~0: 29 bits (guessed)
Randomization under memory exhaustion @0 : 29 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) :
I can see that dmesg is restricted and sysctl -a | grep grsecurity dumping alot of variables.
Am I missing something?
eric
Been playing with grsec for years on baremetal and just spun up a new VM using proxmox/kvm.
Fresh copy of debian 7.8 and downloaded/compiled:
Kernel 3.2.66 (vanilla from kernel.org)
grsecurity-3.0-3.2.66-201502021851.patch
enabled grsec:
config method (automatic)
usage type (server)
Virtualization Type (guest)
Virtualization Software(KVM)
Required Priorities (Security)
when I run paxtest (0.9.13) after rebooting with new grsec kernel. most tests show vulnerable:
Mode: kiddie
Linux box01 3.2.66-grsec #1 SMP Tue Feb 3 15:15:14 CST 2015 x86_64 GNU/Linux
Executable anonymous mapping : Vulnerable
Executable bss : Vulnerable
Executable data : Vulnerable
Executable heap : Vulnerable
Executable stack : Killed
Executable shared library bss : Vulnerable
Executable shared library data : Vulnerable
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Killed
Anonymous mapping randomisation test : 29 quality bits (guessed)
Heap randomisation test (ET_EXEC) : 22 quality bits (guessed)
Heap randomisation test (PIE) : 35 quality bits (guessed)
Main executable randomisation (ET_EXEC) : No randomisation
Main executable randomisation (PIE) : 27 quality bits (guessed)
Shared library randomisation test : 29 quality bits (guessed)
VDSO randomisation test : 29 quality bits (guessed)
Stack randomisation test (SEGMEXEC) : 35 quality bits (guessed)
Stack randomisation test (PAGEEXEC) : 35 quality bits (guessed)
Arg/env randomisation test (SEGMEXEC) : 39 quality bits (guessed)
Arg/env randomisation test (PAGEEXEC) : 39 quality bits (guessed)
Randomization under memory exhaustion @~0: 29 bits (guessed)
Randomization under memory exhaustion @0 : 29 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) :
I can see that dmesg is restricted and sysctl -a | grep grsecurity dumping alot of variables.
Am I missing something?
eric