grsecurity forums

by **ben** » Mon Feb 23, 2004 2:16 am

I use the linux 2.4.25 kernel and grsecurity-2.0-rc5-2.4.25.patch

but it seems that the pax did not work,thanks for your help

Code: Select all: root@TEST/tmp/paxtest-0.9.5# uname -a Linux TEST 2.4.25-grsec #8 SMP Mon Feb 23 12:57:57 CST 2004 i686 i686 i386 GNU/Linux root@TEST/tmp/grsec/paxtest-0.9.5# ./paxtest PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Executable anonymous mapping : Vulnerable Executable bss : Vulnerable Executable data : Vulnerable Executable heap : Vulnerable Executable stack : Vulnerable Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : 16 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 25 bits (guessed) Main executable randomisation (ET_EXEC) : No randomisation Main executable randomisation (ET_DYN) : 17 bits (guessed) Shared library randomisation test : 16 bits (guessed) Stack randomisation test (SEGMEXEC) : 24 bits (guessed) Stack randomisation test (PAGEEXEC) : 24 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (strcpy, RANDEXEC) : Vulnerable Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Vulnerable Executable shared library bss : Vulnerable Executable shared library data : Vulnerable Writable text segments : Vulnerable

and this is my .config file about grsecurity

Code: Select all: # Grsecurity # CONFIG_GRKERNSEC=y CONFIG_CRYPTO=y CONFIG_CRYPTO_SHA256=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MID is not set # CONFIG_GRKERNSEC_HI is not set CONFIG_GRKERNSEC_CUSTOM=y # # PaX Control # # CONFIG_GRKERNSEC_PAX_SOFTMODE is not set CONFIG_GRKERNSEC_PAX_EI_PAX=y CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS=y CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y # CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set # CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set # # Address Space Protection # # CONFIG_GRKERNSEC_PAX_NOEXEC is not set CONFIG_GRKERNSEC_PAX_ASLR=y CONFIG_GRKERNSEC_PAX_RANDKSTACK=y CONFIG_GRKERNSEC_PAX_RANDUSTACK=y CONFIG_GRKERNSEC_PAX_RANDMMAP=y CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_IO=y CONFIG_RTC=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_HIDESYM=y # # Role Based Access Control Options # CONFIG_GRKERNSEC_ACL_HIDEKERN=y CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y CONFIG_GRKERNSEC_CHROOT_CHMOD=y CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y # # Kernel Auditing # CONFIG_GRKERNSEC_AUDIT_GROUP=y CONFIG_GRKERNSEC_AUDIT_GID=500 CONFIG_GRKERNSEC_EXECLOG=y CONFIG_GRKERNSEC_RESLOG=y CONFIG_GRKERNSEC_CHROOT_EXECLOG=y CONFIG_GRKERNSEC_AUDIT_CHDIR=y CONFIG_GRKERNSEC_AUDIT_MOUNT=y CONFIG_GRKERNSEC_AUDIT_IPC=y CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y # # Executable Protections # CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_DMESG=y CONFIG_GRKERNSEC_RANDPID=y CONFIG_GRKERNSEC_TPE=y CONFIG_GRKERNSEC_TPE_ALL=y CONFIG_GRKERNSEC_TPE_GID=500 # # Network Protections # CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_RANDISN=y CONFIG_GRKERNSEC_RANDID=y CONFIG_GRKERNSEC_RANDSRC=y CONFIG_GRKERNSEC_RANDRPC=y # CONFIG_GRKERNSEC_SOCKET is not set # # Sysctl support # # CONFIG_GRKERNSEC_SYSCTL is not set # # Logging options # CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=4

by **personman** » Mon Feb 23, 2004 2:35 am

Try enabling CONFIG_GRKERNSEC_PAX_NOEXEC and some other options which will be available once you do.

:wink:

by **ben** » Mon Feb 23, 2004 4:11 am

so faint!!!

I should have seen this entry,personman,thans for your help

but when I use this .config ,the result seems not perfect

Code: Select all: Anonymous mapping randomisation test : 16 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 25 bits (guessed) Main executable randomisation (ET_EXEC) : 16 bits (guessed) Main executable randomisation (ET_DYN) : 17 bits (guessed) Shared library randomisation test : 16 bits (guessed) Stack randomisation test (SEGMEXEC) : 23 bits (guessed) Stack randomisation test (PAGEEXEC) : 24 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (memcpy) : Vulnerable

Code: Select all: # # Grsecurity # CONFIG_GRKERNSEC=y CONFIG_CRYPTO=y CONFIG_CRYPTO_SHA256=y # CONFIG_GRKERNSEC_LOW is not set # CONFIG_GRKERNSEC_MID is not set # CONFIG_GRKERNSEC_HI is not set CONFIG_GRKERNSEC_CUSTOM=y # # PaX Control # # CONFIG_GRKERNSEC_PAX_SOFTMODE is not set CONFIG_GRKERNSEC_PAX_EI_PAX=y CONFIG_GRKERNSEC_PAX_PT_PAX_FLAGS=y CONFIG_GRKERNSEC_PAX_NO_ACL_FLAGS=y # CONFIG_GRKERNSEC_PAX_HAVE_ACL_FLAGS is not set # CONFIG_GRKERNSEC_PAX_HOOK_ACL_FLAGS is not set # # Address Space Protection # CONFIG_GRKERNSEC_PAX_NOEXEC=y CONFIG_GRKERNSEC_PAX_PAGEEXEC=y CONFIG_GRKERNSEC_PAX_SEGMEXEC=y CONFIG_GRKERNSEC_PAX_EMUTRAMP=y CONFIG_GRKERNSEC_PAX_EMUSIGRT=y CONFIG_GRKERNSEC_PAX_MPROTECT=y CONFIG_GRKERNSEC_PAX_NOELFRELOCS=y CONFIG_GRKERNSEC_PAX_ASLR=y CONFIG_GRKERNSEC_PAX_RANDKSTACK=y CONFIG_GRKERNSEC_PAX_RANDUSTACK=y CONFIG_GRKERNSEC_PAX_RANDMMAP=y CONFIG_GRKERNSEC_PAX_RANDEXEC=y CONFIG_GRKERNSEC_KMEM=y CONFIG_GRKERNSEC_IO=y CONFIG_RTC=y CONFIG_GRKERNSEC_PROC_MEMMAP=y CONFIG_GRKERNSEC_HIDESYM=y # # Role Based Access Control Options # CONFIG_GRKERNSEC_ACL_HIDEKERN=y CONFIG_GRKERNSEC_ACL_MAXTRIES=3 CONFIG_GRKERNSEC_ACL_TIMEOUT=30 # # Filesystem Protections # CONFIG_GRKERNSEC_PROC=y CONFIG_GRKERNSEC_PROC_USER=y CONFIG_GRKERNSEC_PROC_ADD=y CONFIG_GRKERNSEC_LINK=y CONFIG_GRKERNSEC_FIFO=y CONFIG_GRKERNSEC_CHROOT=y CONFIG_GRKERNSEC_CHROOT_MOUNT=y CONFIG_GRKERNSEC_CHROOT_DOUBLE=y CONFIG_GRKERNSEC_CHROOT_PIVOT=y CONFIG_GRKERNSEC_CHROOT_CHDIR=y CONFIG_GRKERNSEC_CHROOT_CHMOD=y CONFIG_GRKERNSEC_CHROOT_FCHDIR=y CONFIG_GRKERNSEC_CHROOT_MKNOD=y CONFIG_GRKERNSEC_CHROOT_SHMAT=y CONFIG_GRKERNSEC_CHROOT_UNIX=y CONFIG_GRKERNSEC_CHROOT_FINDTASK=y CONFIG_GRKERNSEC_CHROOT_NICE=y CONFIG_GRKERNSEC_CHROOT_SYSCTL=y CONFIG_GRKERNSEC_CHROOT_CAPS=y # # Kernel Auditing # CONFIG_GRKERNSEC_AUDIT_GROUP=y CONFIG_GRKERNSEC_AUDIT_GID=500 CONFIG_GRKERNSEC_EXECLOG=y CONFIG_GRKERNSEC_RESLOG=y CONFIG_GRKERNSEC_CHROOT_EXECLOG=y CONFIG_GRKERNSEC_AUDIT_CHDIR=y CONFIG_GRKERNSEC_AUDIT_MOUNT=y CONFIG_GRKERNSEC_AUDIT_IPC=y CONFIG_GRKERNSEC_SIGNAL=y CONFIG_GRKERNSEC_FORKFAIL=y CONFIG_GRKERNSEC_TIME=y CONFIG_GRKERNSEC_PROC_IPADDR=y # # Executable Protections # CONFIG_GRKERNSEC_EXECVE=y CONFIG_GRKERNSEC_DMESG=y CONFIG_GRKERNSEC_RANDPID=y CONFIG_GRKERNSEC_TPE=y CONFIG_GRKERNSEC_TPE_ALL=y CONFIG_GRKERNSEC_TPE_GID=500 # # Network Protections # CONFIG_GRKERNSEC_RANDNET=y CONFIG_GRKERNSEC_RANDISN=y CONFIG_GRKERNSEC_RANDID=y CONFIG_GRKERNSEC_RANDSRC=y CONFIG_GRKERNSEC_RANDRPC=y # CONFIG_GRKERNSEC_SOCKET is not set # # Sysctl support # CONFIG_GRKERNSEC_SYSCTL=y # # Logging options # CONFIG_GRKERNSEC_FLOODTIME=10 CONFIG_GRKERNSEC_FLOODBURST=4

Code: Select all: PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Killed Executable bss (mprotect) : Killed Executable data (mprotect) : Killed Executable heap (mprotect) : Killed Executable shared library bss (mprotect) : Killed Executable shared library data (mprotect): Killed Executable stack (mprotect) : Killed Anonymous mapping randomisation test : 16 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 25 bits (guessed) Main executable randomisation (ET_EXEC) : 16 bits (guessed) Main executable randomisation (ET_DYN) : 17 bits (guessed) Shared library randomisation test : 16 bits (guessed) Stack randomisation test (SEGMEXEC) : 23 bits (guessed) Stack randomisation test (PAGEEXEC) : 24 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (strcpy, RANDEXEC) : Killed Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Killed Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Killed

Code: Select all: root@TEST/# sysctl -a | grep grsec kernel.grsecurity.grsec_lock = 1 kernel.grsecurity.chroot_findtask = 1 kernel.grsecurity.rand_rpc = 1 kernel.grsecurity.dmesg = 1 kernel.grsecurity.audit_ipc = 1 kernel.grsecurity.audit_mount = 1 kernel.grsecurity.audit_chdir = 1 kernel.grsecurity.audit_gid = 1 kernel.grsecurity.audit_group = 1 kernel.grsecurity.rand_isns = 1 kernel.grsecurity.rand_tcp_src_ports = 1 kernel.grsecurity.rand_ip_ids = 1 kernel.grsecurity.rand_pids = 1 kernel.grsecurity.tpe_restrict_all = 1 kernel.grsecurity.tpe_gid = 1 kernel.grsecurity.tpe = 1 kernel.grsecurity.chroot_deny_sysctl = 1 kernel.grsecurity.chroot_caps = 1 kernel.grsecurity.chroot_execlog = 1 kernel.grsecurity.chroot_restrict_nice = 1 kernel.grsecurity.chroot_deny_mknod = 1 kernel.grsecurity.chroot_deny_chmod = 1 kernel.grsecurity.chroot_enforce_chdir = 1 kernel.grsecurity.chroot_deny_pivot = 1 kernel.grsecurity.chroot_deny_chroot = 1 kernel.grsecurity.chroot_deny_fchdir = 1 kernel.grsecurity.chroot_deny_mount = 1 kernel.grsecurity.chroot_deny_unix = 1 kernel.grsecurity.chroot_deny_shmat = 1 kernel.grsecurity.timechange_logging = 1 kernel.grsecurity.forkfail_logging = 1 kernel.grsecurity.signal_logging = 1 kernel.grsecurity.exec_logging = 1 kernel.grsecurity.execve_limiting = 1 kernel.grsecurity.fifo_restrictions = 1 kernel.grsecurity.linking_restrictions = 1 kernel.osrelease = 2.4.25-grsec

by **ben** » Mon Feb 23, 2004 5:44 am

but I do the same thing in one debian sid host, the result is different from in fedora

Code: Select all: PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later It may take a while for the tests to complete Test results: PaXtest - Copyright(c) 2003 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Killed Executable bss (mprotect) : Killed Executable data (mprotect) : Killed Executable heap (mprotect) : Killed Executable shared library bss (mprotect) : Killed Executable shared library data (mprotect): Killed Executable stack (mprotect) : Killed Anonymous mapping randomisation test : 16 bits (guessed) Heap randomisation test (ET_EXEC) : 13 bits (guessed) Heap randomisation test (ET_DYN) : 25 bits (guessed) Main executable randomisation (ET_EXEC) : 16 bits (guessed) Main executable randomisation (ET_DYN) : 17 bits (guessed) Shared library randomisation test : 16 bits (guessed) Stack randomisation test (SEGMEXEC) : 23 bits (guessed) Stack randomisation test (PAGEEXEC) : 24 bits (guessed) Return to function (strcpy) : Vulnerable Return to function (strcpy, RANDEXEC) : Return to function (memcpy) : Vulnerable Return to function (memcpy, RANDEXEC) : Killed Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Killed

Code: Select all: kernel.grsecurity.grsec_lock = 1 kernel.grsecurity.chroot_findtask = 1 kernel.grsecurity.rand_rpc = 1 kernel.grsecurity.dmesg = 1 kernel.grsecurity.audit_ipc = 1 kernel.grsecurity.audit_chdir = 1 kernel.grsecurity.audit_gid = 1 kernel.grsecurity.audit_group = 1 kernel.grsecurity.rand_isns = 1 kernel.grsecurity.rand_tcp_src_ports = 1 kernel.grsecurity.rand_ip_ids = 1 kernel.grsecurity.rand_pids = 1 kernel.grsecurity.tpe_restrict_all = 0 kernel.grsecurity.tpe_gid = 0 kernel.grsecurity.tpe = 0 kernel.grsecurity.chroot_deny_sysctl = 1 kernel.grsecurity.chroot_caps = 1 kernel.grsecurity.chroot_execlog = 1 kernel.grsecurity.chroot_restrict_nice = 1 kernel.grsecurity.chroot_deny_mknod = 1 kernel.grsecurity.chroot_deny_chmod = 1 kernel.grsecurity.chroot_enforce_chdir = 1 kernel.grsecurity.chroot_deny_pivot = 1 kernel.grsecurity.chroot_deny_chroot = 1 kernel.grsecurity.chroot_deny_fchdir = 1 kernel.grsecurity.chroot_deny_mount = 1 kernel.grsecurity.chroot_deny_unix = 1 kernel.grsecurity.chroot_deny_shmat = 1 kernel.grsecurity.timechange_logging = 1 kernel.grsecurity.forkfail_logging = 1 kernel.grsecurity.signal_logging = 1 kernel.grsecurity.exec_logging = 0 kernel.grsecurity.execve_limiting = 1 kernel.grsecurity.fifo_restrictions = 1 kernel.grsecurity.linking_restrictions = 1 kernel.osrelease = 2.4.25-grsec

grsecurity forums

pax did not work ?

pax did not work ?

pax did not work ?