Commit ae7c1a6b authored by Loic's avatar Loic
Browse files

update to paxtest 0.9.15

parent 12e41334
debian/changelog
\ No newline at end of file
paxtest (0.9.15-1) stable; urgency=low
* Change default location of logfile & add info to log file,
from Javier Fernandez-Sanguino (jfs@debian.org)
* Squelch _FORTIFY_SOURCE redefinition warning and various other
compiler warnings, from Kees Cook
(keescook@chromium.org)
* Validate that ET_DYN is separately randomized from shlibs
From Kees Cook (with fixes from Brad Spengler)
* Show output during result collection, from Kees Cook
* Free/HardenedBSD support, from Oliver Pinter (oliver.pinter@hardenedbsd.org)
* Two build fixes from David Sterba (dave@jikos.cz)
* Use correct address for PIE, didn't affect PaX results as it uses the same
entropy levels for PIE and mmap, from Ismael Ripoll and Hector Marco-Gisbert
paxtest (0.9.14-1) stable; urgency=low
* Various fixes/cleanups including ensuring an overflowing strcpy/memcpy isn't
optimized away, from Mathias Krause (mathias.krause@secunet.com)
* Updated the representative results
paxtest (0.9.13-1) stable; urgency=low
* Added VDSO randomization test
* Added basic entropy quality testing, subtracts weak bits from entropy count
* Increased iterations for all randomization tests but the exhaustion tests
paxtest (0.9.12-1) stable; urgency=low
* Added ARM support
paxtest (0.9.11-1) stable; urgency=low
* Added display of exhaustion tests
paxtest (0.9.10-1) stable; urgency=low
* Fixed compilation problem reported on forums
* Added display of argv/env randomization
paxtest (0.9.9-1) stable; urgency=low
* added SPARC/64 support
* added PPC/64 support (return to function tests should be ignored for PPC64)
* added 32/64bit target support
* added shellode.h to easily support additional architectures
* made paxctl generate the PT_PAX_FLAGS header for binaries that
didn't have one
paxtest (0.9.7-1) stable; urgency=low
* Fixed some tests on OpenBSD and FreeBSD (thanks to paxtest@hunger.hu
and mux@freebsd.org)
* Fixed return address acquisition, still gcc specific
* Switched to paxctl on gentoo
* Fixed setting up LD_LIBRARY_PATH in genpaxtest (Peter S. Mazinger)
* Added uClibc support (Peter S. Mazinger)
* Fixed the executable shared library data/bss tests (thanks to
paxtest@hunger.hu)
paxtest (0.9.6-1) stable; urgency=low
* Made the do_mprotect() call in body.c optional, thereby introducing two
modes: script kiddie mode (which does not perform the do_mprotect()) and
blackhat mode, which does.
* Added a README file
* Added Adamantix paxtest results
* Removed -etdyn from the Adamantix make file
* Replaced mprotect() in body.c with pthread calls (which eventually have
the same result)
* Added a nested function, to measure the effect of nested functions on the
level of protection.
* Added paxtest result from Gentoo hardened (thanks to Ned Ludd)
* Added a new Makefile for Gentoo (thanks to Ned Ludd)
* Fixed spelling errors (thanks to pageexec@freemail.hu)
-- Peter Busser <peter@devbox.adamantix.org> Wed, 25 Feb 2004 20:24:53 +0200
paxtest (0.9.5-1) unstable; urgency=low
* Fixed the shlibbss and shlibdata tests (pageexec@freemail.hu)
* Non-executable page tests expose incomplete implementations
(pageexec@freemail.hu)
-- Peter Busser <peter@adamantix.org> Tue, 04 Nov 2003 16:37:26 +0200
paxtest (0.9.4-1) unstable; urgency=low
* Fixed mprotanon (pageexec@freemail.hu)
* Fixed rettofunc[12] (pageexec@freemail.hu)
* Fixed shared library data/bss tests (pageexec@freemail.hu)
* Introduced return-to-libc detection as proof-of-concept
(pageexec@freemail.hu)
-- Peter Busser <peter@adamantix.org> Tue, 22 Oct 2003 21:00:05 +0200
paxtest (0.9.3-1) unstable; urgency=low
* Changed e-mail addresses in source files to peter@adamantix.org
* Added copyright message printing in the run script.
* Upgraded to chpax v0.5 (pageexec@freemail.hu)
* Split randheap in two parts, one as ET_EXEC and the other as ET_DYN
-- Peter Busser <peter@adamantix.org> Sun, 12 Oct 2003 10:58:52 +0200
paxtest (0.9.0-1) unstable; urgency=low
* Initial Release.
-- Peter Busser <peter@trusteddebian.org> Mon, 19 May 2003 13:44:39 +0200
......@@ -19,6 +19,9 @@ linux64:
openbsd:
gmake -f Makefile.OpenBSD
freebsd:
make -f Makefile.FreeBSD
clean:
make -f Makefile.psm clean
#!/usr/bin/env make
CC=cc
ASFLAGS=
CC_PIE=
CFLAGS=
LDFLAGS=
SHLDFLAGS=
ifndef RUNDIR
RUNDIR=.
endif
ASFLAGS+= --noexecstack
CFLAGS+= -O2
CFLAGS+= -DRUNDIR=\"${RUNDIR}\"
CFLAGS+= -fno-stack-protector
CFLAGS+= -D_FORTIFY_SOURCE=0
LDFLAGS+= -lpthread
CC_PIE+= -fPIE -fPIC
EXEC_TESTS= \
anonmap \
execbss \
execdata \
execheap \
execstack
MPROT_TESTS= \
mprotanon \
mprotbss \
mprotdata \
mprotheap \
mprotstack
SHLIB_TESTS= \
shlibbss \
shlibdata
MPROTSH_TESTS= \
mprotshbss \
mprotshdata \
writetext
RAND_TESTS= \
randamap \
randheap1 \
randheap2 \
randmain1 \
randmain2 \
randshlib \
randvdso \
randstack1 \
randstack2 \
randarg1 \
randarg2
FAST_RAND_TESTS= \
randexhaust1 \
randexhaust2
RET_TESTS= \
rettofunc1 \
rettofunc2
RETX_TESTS= \
rettofunc1x \
rettofunc2x
TESTS:= \
${EXEC_TESTS} \
${SHLIB_TESTS} \
${MPROT_TESTS} \
${MPROTSH_TESTS} \
${RAND_TESTS} \
${FAST_RAND_TESTS} \
${RET_TESTS} \
${RETX_TESTS}
UTILS= getamap \
getheap1 \
getheap2 \
getmain1 \
getmain2 \
getshlib \
getvdso \
getstack1 \
getstack2 \
getarg1 \
getarg2 \
getexhaust1 \
getexhaust2
SHLIBS= shlibtest.so \
shlibtest2.so
all: ${SHLIBS} ${TESTS} ${UTILS} paxtest
ifdef DESTDIR
ifdef BINDIR
ifdef RUNDIR
install: all
mkdir -p ${DESTDIR}/${RUNDIR}
cp ${SHLIBS} ${TESTS} ${UTILS} ${DESTDIR}/${RUNDIR}
mkdir -p ${DESTDIR}/${BINDIR}
cp paxtest ${DESTDIR}/${BINDIR}
chmod 755 ${DESTDIR}/${BINDIR}/paxtest
endif
endif
endif
body.o: body.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
rettofunc1x.o: rettofunc1x.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
rettofunc2x.o: rettofunc2x.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
paxtest: ${TESTS} genpaxtest
sh genpaxtest ${CC} ${TESTS}
anonmap: body.o anonmap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execbss: body.o execbss.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execdata: body.o execdata.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execheap: body.o execheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execstack: body.o execstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getheap1: getheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getheap2: getheap.o
${CC} ${SHLDFLAGS} -pie -fPIE -o ${.TARGET} ${.ALLSRC}
getheap.o: getheap.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
getamap.o: getamap.c
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getmain1: getmain.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getmain2: getmain2.o
${CC} ${SHLDFLAGS} -pie -fPIE -o ${.TARGET} ${.ALLSRC}
getmain2.o: getmain.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
getshlib: getshlib.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getstack1: getstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getstack2: getstack1
rm -f ${.TARGET}
cp getstack1 ${.TARGET}
chmod +x ${.TARGET}
getarg1: getarg.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getarg2: getarg1
rm -f ${.TARGET}
cp getarg1 ${.TARGET}
chmod +x ${.TARGET}
mprotanon: body.o mprotanon.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotbss: body.o mprotbss.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotheap: body.o mprotheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotdata: body.o mprotdata.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotshbss: body.o mprotshbss.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotshdata: body.o mprotshdata.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotstack: body.o mprotstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randamap: randbody.o randamap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randarg1: randbody.o randarg1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randarg2: randbody.o randarg2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randheap1: randbody.o randheap1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randheap2: randbody.o randheap2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randexhaust1: fastrandbody.o randexhaust1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randexhaust2: fastrandbody.o randexhaust2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randmain1: randbody.o randmain1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randmain2: randbody.o randmain2.o
${CC} ${LDFLAGS} ${SHLDFLAGS} -o ${.TARGET} ${.ALLSRC}
randshlib: randbody.o randshlib.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randstack1: randbody.o randstack1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randstack2: randbody.o randstack2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randvdso: randbody.o randvdso.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc1: body.o rettofunc1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc1x: body.o rettofunc1x.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc2: body.o rettofunc2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc2x: body.o rettofunc2x.o
${CC} ${LDFLAGS} -fPIE -pie -o ${.TARGET} ${.ALLSRC}
shlibtest.o: shlibtest.c
${CC} ${CFLAGS} -fPIC -c ${.IMPSRC} -o ${.TARGET}
shlibtest2.o: shlibtest2.c
${CC} ${CFLAGS} -fPIC -c ${.IMPSRC} -o ${.TARGET}
shlibtest.so: shlibtest.o
${CC} ${SHLDFLAGS} -shared -o ${.TARGET} ${.ALLSRC}
shlibtest2.so: shlibtest2.o
${CC} ${SHLDFLAGS} -shared -o ${.TARGET} ${.ALLSRC}
shlibbss: body.o shlibbss.o shlibtest.so shlibtest2.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
shlibdata: body.o shlibdata.o shlibtest.so shlibtest2.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
writetext: body.o writetext.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
clean:
-rm -f *.o *.s *~ core *.core
-rm -f ${SHLIBS} ${TESTS} ${UTILS}
-rm -f paxtest paxtest.log a.out
-rm -f paxbin
......@@ -7,7 +7,7 @@ ifndef RUNDIR
RUNDIR=.
endif
CFLAGS+=-DRUNDIR=\"${RUNDIR}\" -fno-stack-protector -ftrampolines
CFLAGS+=-O2 -DRUNDIR=\"${RUNDIR}\" -fno-stack-protector -ftrampolines
LDFLAGS+=-lpthread
......@@ -74,7 +74,7 @@ endif
endif
paxtest: $(TESTS) genpaxtest
sh genpaxtest $(TESTS)
sh genpaxtest $(CC) $(TESTS)
anonmap: body.o anonmap.o
......
......@@ -65,7 +65,7 @@ endif
# The Hardened GCC compiler has stack protector on by default, this
# could interfere with the results of this test.
CFLAGS := $(OPT_FLAGS) -D_FORTIFY_SOURCE=0 -DRUNDIR=\"${RUNDIR}\" $(CC_SSP) $(CC_TRAMPOLINES)
CFLAGS := $(OPT_FLAGS) -U_FORTIFY_SOURCE -DRUNDIR=\"${RUNDIR}\" $(CC_SSP) $(CC_TRAMPOLINES)
ifneq ($(THEARCH),)
CFLAGS += $(THEARCH)
......@@ -77,14 +77,14 @@ EXEC_TESTS = anonmap execbss execdata execheap execstack
MPROT_TESTS = mprotanon mprotbss mprotdata mprotheap mprotstack
SHLIB_TESTS = shlibbss shlibdata
MPROTSH_TESTS = mprotshbss mprotshdata writetext
RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randvdso randstack1 randstack2 randarg1 randarg2
RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randvdso randstack1 randstack2 randarg1 randarg2 randshlibdelta1 randshlibdelta2
FAST_RAND_TESTS = randexhaust1 randexhaust2
RET_TESTS = rettofunc1 rettofunc2
RETX_TESTS = rettofunc1x rettofunc2x
TESTS = $(EXEC_TESTS) $(SHLIB_TESTS) $(MPROT_TESTS) $(MPROTSH_TESTS) $(RAND_TESTS) $(FAST_RAND_TESTS) $(RET_TESTS) $(RETX_TESTS)
UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getvdso getstack1 getstack2 getarg1 getarg2 getexhaust1 getexhaust2
UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getvdso getstack1 getstack2 getarg1 getarg2 getexhaust1 getexhaust2 getshlibdelta1 getshlibdelta2
SHLIBS= shlibtest.so shlibtest2.so
......@@ -128,7 +128,7 @@ chpax: $(CHPAXSRC:.c=.o)
$(CC) $(LDFLAGS) -o $@ $^
paxtest: $(TESTS) genpaxtest
sh genpaxtest $(TESTS)
sh genpaxtest $(CC) $(TESTS)
.S.o:
$(CC) $(CFLAGS) $(CC_PIE) $(ASFLAGS) -o $@ -c $<
......@@ -168,9 +168,17 @@ getmain1: getmain1.o
-$(PAXBIN) -C $@
$(PAXBIN) -SPRXM $@
getshlibdelta1: getshlibdelta1.o
$(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $< $(DL)
-$(PAXBIN) -C $@
$(PAXBIN) -SPRXM $@
getheap2 getmain2: getheap2.o getmain2.o
$(CC) $(LDFLAGS) $(LD_PIE) -o $@ $@.o || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@)
getshlibdelta2: getshlibdelta2.o
$(CC) $(LDFLAGS) $(LD_PIE) -o $@ $@.o $(DL) || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@)
getshlib: getshlib.o
$(CC) $(LDFLAGS) -o $@ $< $(DL)
......
......@@ -50,7 +50,7 @@ or
./paxtest blackhat (to run paxtest in blackhat mode)
This will create a file paxtest.log in the current directory.
This will create a file paxtest.log in the user's home directory.
Kiddie and blackhat mode:
......
......@@ -16,6 +16,7 @@
#include <sys/wait.h>
#include <pthread.h>
#include <unistd.h>
#include <string.h>
#include "body.h"
......@@ -29,14 +30,18 @@ int main( int argc, char *argv[] )
{
int status;
char *mode;
/* This defaults to 1 as a safety mechanism. It is better to fail in
/*
* This defaults to 1 as a safety mechanism. It is better to fail in
* blackhat mode, because kiddie mode can produce overly optimistic
* results.
*/
int paxtest_mode = 1;
#ifndef __clang__
/* Dummy nested function */
void dummy(void) {}
#endif
mode = getenv( "PAXTEST_MODE" );
if( mode == NULL ) {
......@@ -45,7 +50,12 @@ int main( int argc, char *argv[] )
if( strcmp(mode,"0") == 0 ) {
paxtest_mode = 0;
} else if( strcmp(mode,"1") == 0 ) {
#ifdef __clang__
printf("INFO: The blackhat mode not supported due to missing nested function support in clang.\n");
paxtest_mode = 0;
#else
paxtest_mode = 1;
#endif
}
}
......@@ -53,6 +63,9 @@ int main( int argc, char *argv[] )
fflush( stdout );
if( fork() == 0 ) {
#ifdef __clang__
doit();
#else
/* Perform a dirty (but not unrealistic) trick to circumvent
* the kernel protection.
*/
......@@ -64,6 +77,7 @@ int main( int argc, char *argv[] )
} else {
doit();
}
#endif
} else {
wait( &status );
if( WIFEXITED(status) == 0 ) {
......
......@@ -16,23 +16,32 @@ fi
cat << __here__ > paxtest
#!/bin/sh
if [ \$# = 1 ]
if [ \$# = 1 -o \$# = 2 ]
then
if [ "\$1" = "kiddie" ]
then
PAXTEST_MODE=0
shift
elif [ "\$1" = "blackhat" ]
then
PAXTEST_MODE=1
shift
else
echo "usage: paxtest [kiddie|blackhat]"
echo "usage: paxtest [kiddie|blackhat] [logfile]"
exit 1
fi
else
echo "usage: paxtest [kiddie|blackhat]"
echo "usage: paxtest [kiddie|blackhat] [logfile]"
exit 1
fi
LOG=\$HOME/paxtest.log
[ -n "\$1" ] && LOG=\$1
touch "\$LOG"
if [ ! -e "\$LOG" ]; then
echo "Could not create logfile in \$LOG" >&2
exit 1
fi
export PAXTEST_MODE
if [ "\${LD_LIBRARY_PATH}" = "" ]
......@@ -43,26 +52,38 @@ else
fi
export LD_LIBRARY_PATH
cat <<__end__ | tee paxtest.log
PaXtest - Copyright(c) 2003-2014 by Peter Busser <peter@adamantix.org> and Brad Spengler <spender@grsecurity.net>
cat <<__end__ | tee \$LOG
PaXtest - Copyright(c) 2003-2016 by Peter Busser <peter@adamantix.org> and Brad Spengler <spender@grsecurity.net>
Released under the GNU Public Licence version 2 or later
__end__
echo "Mode: \$1" >>paxtest.log
uname -a >>paxtest.log
echo >>paxtest.log
echo "Mode: \$PAXTEST_MODE" >>\$LOG
if [ "\$PAXTEST_MODE" -eq 0 ]; then
echo -n "Kiddie" >>\$LOG
fi
if [ "\$PAXTEST_MODE" -eq 1 ]; then
echo -n "Blackhat" >>\$LOG
fi
echo >>\$LOG
echo "Kernel: " >>\$LOG
uname -a >>\$LOG
echo >>\$LOG
if [ -e /usr/bin/lsb_release ]; then
echo "Relase information: " >>\$LOG
lsb_release -a 2>/dev/null >>\$LOG
fi
echo "Test results:" >>\$LOG
echo 'Writing output to paxtest.log'
echo "Writing output to \$LOG"
echo 'It may take a while for the tests to complete'
echo "Test results:"
for i in $*
do
${RUNDIR}/\$i
done >>paxtest.log 2>&1
echo "Test results:"
cat paxtest.log
${RUNDIR}/\$i || echo
done 2>&1 | tee -a \$LOG
echo
......
......@@ -7,7 +7,7 @@
#include <stdio.h>
#include <stdlib.h>
void foo(void)
void __attribute__ ((noinline)) foo(void)
{
printf( "%p\n", __builtin_return_address(0) );
}
......
......@@ -14,6 +14,9 @@
#ifdef __OpenBSD__
#undef RTLD_DEFAULT
#define RTLD_DEFAULT "libc.so"
#elif defined(__FreeBSD__)
#undef RTLD_DEFAULT
#define RTLD_DEFAULT "libc.so.7"
#endif
int main( int argc, char *argv[] )
......
/* getshlibdelta.c - Get the delta between a function in .text and a function in a
* shared library and print it
*
* Copyright (c)2003 by Peter Busser <peter@adamantix.org>
* Copyright (c)2014 by Kees Cook <keescook@chromium.org>
* This file has been released under the GNU Public Licence version 2 or later