[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NSA software in Debian

On Jan 22, 2014, at 10:51 AM, Kevin Olbrich <kolbrich@dolphin-it.de> wrote:

> 
> Okay but this missmatch does not automatically mean it is not working.
> Can you check if the features are present? Maybe the patch is still compatible with a newer kernel?
> 

Hi Kevin,

I installed the i386 architecture and installed the `paxtest' suite.  My results were fairly disappointing, to be honest:

> $ sudo paxtest blackhat
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
> 
> Writing output to /root/paxtest.log
> It may take a while for the tests to complete
> Test results:
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
> 
> Mode: Blackhat
> Linux pinguino 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
> 
> Executable anonymous mapping             : Killed
> Executable bss                           : Killed
> Executable data                          : Killed
> Executable heap                          : Killed
> Executable stack                         : Killed
> Executable shared library bss            : Killed
> Executable shared library data           : Killed
> Executable anonymous mapping (mprotect)  : Vulnerable
> Executable bss (mprotect)                : Vulnerable
> Executable data (mprotect)               : Vulnerable
> Executable heap (mprotect)               : Vulnerable
> Executable stack (mprotect)              : Vulnerable
> Executable shared library bss (mprotect) : Vulnerable
> Executable shared library data (mprotect): Vulnerable
> Writable text segments                   : Vulnerable
> Anonymous mapping randomisation test     : 9 bits (guessed)
> Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
> Heap randomisation test (PIE)            : 16 bits (guessed)
> Main executable randomisation (ET_EXEC)  : No randomisation
> Main executable randomisation (PIE)      : 8 bits (guessed)
> Shared library randomisation test        : 10 bits (guessed)
> Stack randomisation test (SEGMEXEC)      : 19 bits (guessed)
> Stack randomisation test (PAGEEXEC)      : 19 bits (guessed)
> Return to function (strcpy)              : Vulnerable
> Return to function (memcpy)              : Vulnerable
> Return to function (strcpy, PIE)         : Vulnerable
> Return to function (memcpy, PIE)         : Vulnerable

and in "kiddie" mode, pretty much the same:

> $ paxtest kiddie
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
> 
> Writing output to /home/andrew/paxtest.log
> It may take a while for the tests to complete
> Test results:
> PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
> Released under the GNU Public Licence version 2 or later
> 
> Mode: Kiddie
> Linux pinguino 3.2.0-4-amd64 #1 SMP Debian 3.2.51-1 x86_64 GNU/Linux
> 
> Executable anonymous mapping             : Killed
> Executable bss                           : Killed
> Executable data                          : Killed
> Executable heap                          : Killed
> Executable stack                         : Killed
> Executable shared library bss            : Killed
> Executable shared library data           : Killed
> Executable anonymous mapping (mprotect)  : Vulnerable
> Executable bss (mprotect)                : Vulnerable
> Executable data (mprotect)               : Vulnerable
> Executable heap (mprotect)               : Vulnerable
> Executable stack (mprotect)              : Vulnerable
> Executable shared library bss (mprotect) : Vulnerable
> Executable shared library data (mprotect): Vulnerable
> Writable text segments                   : Vulnerable
> Anonymous mapping randomisation test     : 9 bits (guessed)
> Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
> Heap randomisation test (PIE)            : 16 bits (guessed)
> Main executable randomisation (ET_EXEC)  : No randomisation
> Main executable randomisation (PIE)      : 8 bits (guessed)
> Shared library randomisation test        : 10 bits (guessed)
> Stack randomisation test (SEGMEXEC)      : 19 bits (guessed)
> Stack randomisation test (PAGEEXEC)      : 19 bits (guessed)
> Return to function (strcpy)              : Vulnerable
> Return to function (memcpy)              : Vulnerable
> Return to function (strcpy, PIE)         : Vulnerable
> Return to function (memcpy, PIE)         : Vulnerable
> 

Looking online for "paxtest," I found the following debian-security discussion mirroring this, from 2011:

    <https://lists.debian.org/debian-security/2011/09/msg00012.html>

A followup there links to the following bug, "linux-2.6: [RFC] Add a grsec featureset to Debian kernels":

    <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605090>

Perhaps patching a vanilla kernel would yield better results for me.

Cheers,
Andrew
Reply to: