Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
PAX ASLR: fix mmap randomization which breaked by 3d154ea commit
After 3d154ea commit the paxtest's output are this: PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org> Released under the GNU Public Licence version 2 or later Mode: kiddie FreeBSD 11.0-CURRENT FreeBSD 11.0-CURRENT #3 d6b9ed4(op/hardened/current/aslr-devel)-dirty: Fri Aug 8 17:06:55 CEST 2014 op@pandora-d:/tmp/amd64-objdir/usr/data/source/git/opBSD/opBSD.git/sys/GENERIC amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : No randomisation Heap randomisation test (ET_EXEC) : 2 bits (guessed) Heap randomisation test (PIE) : 12 bits (guessed) Main executable randomisation (ET_EXEC) : No randomisation Main executable randomisation (PIE) : 21 bits (guessed) Shared library randomisation test : No randomisation Stack randomisation test (SEGMEXEC) : 15 bits (guessed) Stack randomisation test (PAGEEXEC) : 16 bits (guessed) Arg/env randomisation test (SEGMEXEC) : 17 bits (guessed) Arg/env randomisation test (PAGEEXEC) : 17 bits (guessed) Randomization under memory exhaustion @~0: No randomisation Randomization under memory exhaustion @0 : No randomisation Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Killed Return to function (memcpy, PIE) : Killed Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable After partially revert the mentioned commit, the paxtest's output fixed: FreeBSD pandora-d 10.0-STABLE FreeBSD 10.0-STABLE #72 6fd52c6(op/stable/10/opbsd-aslr): Sat Aug 9 02:33:44 CEST 2014 root@pandora-d:/usr/obj/usr/src/sys/OP-ASLR amd64 Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect): Vulnerable Executable stack (mprotect) : Vulnerable Anonymous mapping randomisation test : 21 bits (guessed) Heap randomisation test (ET_EXEC) : 11 bits (guessed) Heap randomisation test (PIE) : 12 bits (guessed) Main executable randomisation (ET_EXEC) : No randomisation Main executable randomisation (PIE) : 21 bits (guessed) Shared library randomisation test : 21 bits (guessed) Stack randomisation test (SEGMEXEC) : 15 bits (guessed) Stack randomisation test (PAGEEXEC) : 16 bits (guessed) Arg/env randomisation test (SEGMEXEC) : 17 bits (guessed) Arg/env randomisation test (PAGEEXEC) : 16 bits (guessed) Randomization under memory exhaustion @~0: 22 bits (guessed) Randomization under memory exhaustion @0 : 21 bits (guessed) Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Killed Return to function (memcpy, PIE) : Killed Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Vulnerable Signed-off-by: Oliver Pinter <oliver.pntr@gmail.com>
- Loading branch information