Re: NSA software in Debian
On Jan 22, 2014, at 10:51 AM, Kevin Olbrich <kolbrich@dolphin-it.de> wrote:
>
> Okay but this missmatch does not automatically mean it is not working.
> Can you check if the features are present? Maybe the patch is still compatible with a newer kernel?
>
Hi Kevin,
I installed the i386 architecture and installed the `paxtest' suite. My results were fairly disappointing, to be honest:
> $ sudo paxtest blackhat
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
>
> Writing output to /root/paxtest.log
> It may take a while for the tests to complete
> Test results:
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
>
> Mode: Blackhat
> Linux pinguino 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
>
> Executable anonymous mapping : Killed
> Executable bss : Killed
> Executable data : Killed
> Executable heap : Killed
> Executable stack : Killed
> Executable shared library bss : Killed
> Executable shared library data : Killed
> Executable anonymous mapping (mprotect) : Vulnerable
> Executable bss (mprotect) : Vulnerable
> Executable data (mprotect) : Vulnerable
> Executable heap (mprotect) : Vulnerable
> Executable stack (mprotect) : Vulnerable
> Executable shared library bss (mprotect) : Vulnerable
> Executable shared library data (mprotect): Vulnerable
> Writable text segments : Vulnerable
> Anonymous mapping randomisation test : 9 bits (guessed)
> Heap randomisation test (ET_EXEC) : 13 bits (guessed)
> Heap randomisation test (PIE) : 16 bits (guessed)
> Main executable randomisation (ET_EXEC) : No randomisation
> Main executable randomisation (PIE) : 8 bits (guessed)
> Shared library randomisation test : 10 bits (guessed)
> Stack randomisation test (SEGMEXEC) : 19 bits (guessed)
> Stack randomisation test (PAGEEXEC) : 19 bits (guessed)
> Return to function (strcpy) : Vulnerable
> Return to function (memcpy) : Vulnerable
> Return to function (strcpy, PIE) : Vulnerable
> Return to function (memcpy, PIE) : Vulnerable
and in "kiddie" mode, pretty much the same:
> $ paxtest kiddie
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
>
> Writing output to /home/andrew/paxtest.log
> It may take a while for the tests to complete
> Test results:
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
>
> Mode: Kiddie
> Linux pinguino 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
>
> Executable anonymous mapping : Killed
> Executable bss : Killed
> Executable data : Killed
> Executable heap : Killed
> Executable stack : Killed
> Executable shared library bss : Killed
> Executable shared library data : Killed
> Executable anonymous mapping (mprotect) : Vulnerable
> Executable bss (mprotect) : Vulnerable
> Executable data (mprotect) : Vulnerable
> Executable heap (mprotect) : Vulnerable
> Executable stack (mprotect) : Vulnerable
> Executable shared library bss (mprotect) : Vulnerable
> Executable shared library data (mprotect): Vulnerable
> Writable text segments : Vulnerable
> Anonymous mapping randomisation test : 9 bits (guessed)
> Heap randomisation test (ET_EXEC) : 13 bits (guessed)
> Heap randomisation test (PIE) : 16 bits (guessed)
> Main executable randomisation (ET_EXEC) : No randomisation
> Main executable randomisation (PIE) : 8 bits (guessed)
> Shared library randomisation test : 10 bits (guessed)
> Stack randomisation test (SEGMEXEC) : 19 bits (guessed)
> Stack randomisation test (PAGEEXEC) : 19 bits (guessed)
> Return to function (strcpy) : Vulnerable
> Return to function (memcpy) : Vulnerable
> Return to function (strcpy, PIE) : Vulnerable
> Return to function (memcpy, PIE) : Vulnerable
>
Looking online for "paxtest," I found the following debian-security discussion mirroring this, from 2011:
<https://lists.debian.org/debian-security/2011/09/msg00012.html>
A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec featureset to Debian kernels":
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090>
Perhaps patching a vanilla kernel would yield better results for me.
Cheers,
Andrew
Reply to: