Commit ae7c1a6b authored by Loic's avatar Loic
Browse files

update to paxtest 0.9.15

parent 12e41334
debian/changelog
\ No newline at end of file
paxtest (0.9.15-1) stable; urgency=low
* Change default location of logfile & add info to log file,
from Javier Fernandez-Sanguino (jfs@debian.org)
* Squelch _FORTIFY_SOURCE redefinition warning and various other
compiler warnings, from Kees Cook
(keescook@chromium.org)
* Validate that ET_DYN is separately randomized from shlibs
From Kees Cook (with fixes from Brad Spengler)
* Show output during result collection, from Kees Cook
* Free/HardenedBSD support, from Oliver Pinter (oliver.pinter@hardenedbsd.org)
* Two build fixes from David Sterba (dave@jikos.cz)
* Use correct address for PIE, didn't affect PaX results as it uses the same
entropy levels for PIE and mmap, from Ismael Ripoll and Hector Marco-Gisbert
paxtest (0.9.14-1) stable; urgency=low
* Various fixes/cleanups including ensuring an overflowing strcpy/memcpy isn't
optimized away, from Mathias Krause (mathias.krause@secunet.com)
* Updated the representative results
paxtest (0.9.13-1) stable; urgency=low
* Added VDSO randomization test
* Added basic entropy quality testing, subtracts weak bits from entropy count
* Increased iterations for all randomization tests but the exhaustion tests
paxtest (0.9.12-1) stable; urgency=low
* Added ARM support
paxtest (0.9.11-1) stable; urgency=low
* Added display of exhaustion tests
paxtest (0.9.10-1) stable; urgency=low
* Fixed compilation problem reported on forums
* Added display of argv/env randomization
paxtest (0.9.9-1) stable; urgency=low
* added SPARC/64 support
* added PPC/64 support (return to function tests should be ignored for PPC64)
* added 32/64bit target support
* added shellode.h to easily support additional architectures
* made paxctl generate the PT_PAX_FLAGS header for binaries that
didn't have one
paxtest (0.9.7-1) stable; urgency=low
* Fixed some tests on OpenBSD and FreeBSD (thanks to paxtest@hunger.hu
and mux@freebsd.org)
* Fixed return address acquisition, still gcc specific
* Switched to paxctl on gentoo
* Fixed setting up LD_LIBRARY_PATH in genpaxtest (Peter S. Mazinger)
* Added uClibc support (Peter S. Mazinger)
* Fixed the executable shared library data/bss tests (thanks to
paxtest@hunger.hu)
paxtest (0.9.6-1) stable; urgency=low
* Made the do_mprotect() call in body.c optional, thereby introducing two
modes: script kiddie mode (which does not perform the do_mprotect()) and
blackhat mode, which does.
* Added a README file
* Added Adamantix paxtest results
* Removed -etdyn from the Adamantix make file
* Replaced mprotect() in body.c with pthread calls (which eventually have
the same result)
* Added a nested function, to measure the effect of nested functions on the
level of protection.
* Added paxtest result from Gentoo hardened (thanks to Ned Ludd)
* Added a new Makefile for Gentoo (thanks to Ned Ludd)
* Fixed spelling errors (thanks to pageexec@freemail.hu)
-- Peter Busser <peter@devbox.adamantix.org> Wed, 25 Feb 2004 20:24:53 +0200
paxtest (0.9.5-1) unstable; urgency=low
* Fixed the shlibbss and shlibdata tests (pageexec@freemail.hu)
* Non-executable page tests expose incomplete implementations
(pageexec@freemail.hu)
-- Peter Busser <peter@adamantix.org> Tue, 04 Nov 2003 16:37:26 +0200
paxtest (0.9.4-1) unstable; urgency=low
* Fixed mprotanon (pageexec@freemail.hu)
* Fixed rettofunc[12] (pageexec@freemail.hu)
* Fixed shared library data/bss tests (pageexec@freemail.hu)
* Introduced return-to-libc detection as proof-of-concept
(pageexec@freemail.hu)
-- Peter Busser <peter@adamantix.org> Tue, 22 Oct 2003 21:00:05 +0200
paxtest (0.9.3-1) unstable; urgency=low
* Changed e-mail addresses in source files to peter@adamantix.org
* Added copyright message printing in the run script.
* Upgraded to chpax v0.5 (pageexec@freemail.hu)
* Split randheap in two parts, one as ET_EXEC and the other as ET_DYN
-- Peter Busser <peter@adamantix.org> Sun, 12 Oct 2003 10:58:52 +0200
paxtest (0.9.0-1) unstable; urgency=low
* Initial Release.
-- Peter Busser <peter@trusteddebian.org> Mon, 19 May 2003 13:44:39 +0200
...@@ -19,6 +19,9 @@ linux64: ...@@ -19,6 +19,9 @@ linux64:
openbsd: openbsd:
gmake -f Makefile.OpenBSD gmake -f Makefile.OpenBSD
freebsd:
make -f Makefile.FreeBSD
clean: clean:
make -f Makefile.psm clean make -f Makefile.psm clean
#!/usr/bin/env make
CC=cc
ASFLAGS=
CC_PIE=
CFLAGS=
LDFLAGS=
SHLDFLAGS=
ifndef RUNDIR
RUNDIR=.
endif
ASFLAGS+= --noexecstack
CFLAGS+= -O2
CFLAGS+= -DRUNDIR=\"${RUNDIR}\"
CFLAGS+= -fno-stack-protector
CFLAGS+= -D_FORTIFY_SOURCE=0
LDFLAGS+= -lpthread
CC_PIE+= -fPIE -fPIC
EXEC_TESTS= \
anonmap \
execbss \
execdata \
execheap \
execstack
MPROT_TESTS= \
mprotanon \
mprotbss \
mprotdata \
mprotheap \
mprotstack
SHLIB_TESTS= \
shlibbss \
shlibdata
MPROTSH_TESTS= \
mprotshbss \
mprotshdata \
writetext
RAND_TESTS= \
randamap \
randheap1 \
randheap2 \
randmain1 \
randmain2 \
randshlib \
randvdso \
randstack1 \
randstack2 \
randarg1 \
randarg2
FAST_RAND_TESTS= \
randexhaust1 \
randexhaust2
RET_TESTS= \
rettofunc1 \
rettofunc2
RETX_TESTS= \
rettofunc1x \
rettofunc2x
TESTS:= \
${EXEC_TESTS} \
${SHLIB_TESTS} \
${MPROT_TESTS} \
${MPROTSH_TESTS} \
${RAND_TESTS} \
${FAST_RAND_TESTS} \
${RET_TESTS} \
${RETX_TESTS}
UTILS= getamap \
getheap1 \
getheap2 \
getmain1 \
getmain2 \
getshlib \
getvdso \
getstack1 \
getstack2 \
getarg1 \
getarg2 \
getexhaust1 \
getexhaust2
SHLIBS= shlibtest.so \
shlibtest2.so
all: ${SHLIBS} ${TESTS} ${UTILS} paxtest
ifdef DESTDIR
ifdef BINDIR
ifdef RUNDIR
install: all
mkdir -p ${DESTDIR}/${RUNDIR}
cp ${SHLIBS} ${TESTS} ${UTILS} ${DESTDIR}/${RUNDIR}
mkdir -p ${DESTDIR}/${BINDIR}
cp paxtest ${DESTDIR}/${BINDIR}
chmod 755 ${DESTDIR}/${BINDIR}/paxtest
endif
endif
endif
body.o: body.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
rettofunc1x.o: rettofunc1x.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
rettofunc2x.o: rettofunc2x.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
paxtest: ${TESTS} genpaxtest
sh genpaxtest ${CC} ${TESTS}
anonmap: body.o anonmap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execbss: body.o execbss.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execdata: body.o execdata.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execheap: body.o execheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
execstack: body.o execstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getheap1: getheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getheap2: getheap.o
${CC} ${SHLDFLAGS} -pie -fPIE -o ${.TARGET} ${.ALLSRC}
getheap.o: getheap.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
getamap.o: getamap.c
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getmain1: getmain.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getmain2: getmain2.o
${CC} ${SHLDFLAGS} -pie -fPIE -o ${.TARGET} ${.ALLSRC}
getmain2.o: getmain.c
${CC} ${CFLAGS} -fPIC -o ${.TARGET} -c ${.ALLSRC}
getshlib: getshlib.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getstack1: getstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getstack2: getstack1
rm -f ${.TARGET}
cp getstack1 ${.TARGET}
chmod +x ${.TARGET}
getarg1: getarg.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
getarg2: getarg1
rm -f ${.TARGET}
cp getarg1 ${.TARGET}
chmod +x ${.TARGET}
mprotanon: body.o mprotanon.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotbss: body.o mprotbss.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotheap: body.o mprotheap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotdata: body.o mprotdata.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotshbss: body.o mprotshbss.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotshdata: body.o mprotshdata.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
mprotstack: body.o mprotstack.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randamap: randbody.o randamap.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randarg1: randbody.o randarg1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randarg2: randbody.o randarg2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randheap1: randbody.o randheap1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randheap2: randbody.o randheap2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randexhaust1: fastrandbody.o randexhaust1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randexhaust2: fastrandbody.o randexhaust2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randmain1: randbody.o randmain1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randmain2: randbody.o randmain2.o
${CC} ${LDFLAGS} ${SHLDFLAGS} -o ${.TARGET} ${.ALLSRC}
randshlib: randbody.o randshlib.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randstack1: randbody.o randstack1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randstack2: randbody.o randstack2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
randvdso: randbody.o randvdso.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc1: body.o rettofunc1.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc1x: body.o rettofunc1x.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc2: body.o rettofunc2.o
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
rettofunc2x: body.o rettofunc2x.o
${CC} ${LDFLAGS} -fPIE -pie -o ${.TARGET} ${.ALLSRC}
shlibtest.o: shlibtest.c
${CC} ${CFLAGS} -fPIC -c ${.IMPSRC} -o ${.TARGET}
shlibtest2.o: shlibtest2.c
${CC} ${CFLAGS} -fPIC -c ${.IMPSRC} -o ${.TARGET}
shlibtest.so: shlibtest.o
${CC} ${SHLDFLAGS} -shared -o ${.TARGET} ${.ALLSRC}
shlibtest2.so: shlibtest2.o
${CC} ${SHLDFLAGS} -shared -o ${.TARGET} ${.ALLSRC}
shlibbss: body.o shlibbss.o shlibtest.so shlibtest2.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
shlibdata: body.o shlibdata.o shlibtest.so shlibtest2.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
writetext: body.o writetext.o shlibtest.so
${CC} ${LDFLAGS} -o ${.TARGET} ${.ALLSRC}
clean:
-rm -f *.o *.s *~ core *.core
-rm -f ${SHLIBS} ${TESTS} ${UTILS}
-rm -f paxtest paxtest.log a.out
-rm -f paxbin
...@@ -7,7 +7,7 @@ ifndef RUNDIR ...@@ -7,7 +7,7 @@ ifndef RUNDIR
RUNDIR=. RUNDIR=.
endif endif
CFLAGS+=-DRUNDIR=\"${RUNDIR}\" -fno-stack-protector -ftrampolines CFLAGS+=-O2 -DRUNDIR=\"${RUNDIR}\" -fno-stack-protector -ftrampolines
LDFLAGS+=-lpthread LDFLAGS+=-lpthread
...@@ -74,7 +74,7 @@ endif ...@@ -74,7 +74,7 @@ endif
endif endif
paxtest: $(TESTS) genpaxtest paxtest: $(TESTS) genpaxtest
sh genpaxtest $(TESTS) sh genpaxtest $(CC) $(TESTS)
anonmap: body.o anonmap.o anonmap: body.o anonmap.o
......
...@@ -65,7 +65,7 @@ endif ...@@ -65,7 +65,7 @@ endif
# The Hardened GCC compiler has stack protector on by default, this # The Hardened GCC compiler has stack protector on by default, this
# could interfere with the results of this test. # could interfere with the results of this test.
CFLAGS := $(OPT_FLAGS) -D_FORTIFY_SOURCE=0 -DRUNDIR=\"${RUNDIR}\" $(CC_SSP) $(CC_TRAMPOLINES) CFLAGS := $(OPT_FLAGS) -U_FORTIFY_SOURCE -DRUNDIR=\"${RUNDIR}\" $(CC_SSP) $(CC_TRAMPOLINES)
ifneq ($(THEARCH),) ifneq ($(THEARCH),)
CFLAGS += $(THEARCH) CFLAGS += $(THEARCH)
...@@ -77,14 +77,14 @@ EXEC_TESTS = anonmap execbss execdata execheap execstack ...@@ -77,14 +77,14 @@ EXEC_TESTS = anonmap execbss execdata execheap execstack
MPROT_TESTS = mprotanon mprotbss mprotdata mprotheap mprotstack MPROT_TESTS = mprotanon mprotbss mprotdata mprotheap mprotstack
SHLIB_TESTS = shlibbss shlibdata SHLIB_TESTS = shlibbss shlibdata
MPROTSH_TESTS = mprotshbss mprotshdata writetext MPROTSH_TESTS = mprotshbss mprotshdata writetext
RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randvdso randstack1 randstack2 randarg1 randarg2 RAND_TESTS = randamap randheap1 randheap2 randmain1 randmain2 randshlib randvdso randstack1 randstack2 randarg1 randarg2 randshlibdelta1 randshlibdelta2
FAST_RAND_TESTS = randexhaust1 randexhaust2 FAST_RAND_TESTS = randexhaust1 randexhaust2
RET_TESTS = rettofunc1 rettofunc2 RET_TESTS = rettofunc1 rettofunc2
RETX_TESTS = rettofunc1x rettofunc2x RETX_TESTS = rettofunc1x rettofunc2x
TESTS = $(EXEC_TESTS) $(SHLIB_TESTS) $(MPROT_TESTS) $(MPROTSH_TESTS) $(RAND_TESTS) $(FAST_RAND_TESTS) $(RET_TESTS) $(RETX_TESTS) TESTS = $(EXEC_TESTS) $(SHLIB_TESTS) $(MPROT_TESTS) $(MPROTSH_TESTS) $(RAND_TESTS) $(FAST_RAND_TESTS) $(RET_TESTS) $(RETX_TESTS)
UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getvdso getstack1 getstack2 getarg1 getarg2 getexhaust1 getexhaust2 UTILS= getamap getheap1 getheap2 getmain1 getmain2 getshlib getvdso getstack1 getstack2 getarg1 getarg2 getexhaust1 getexhaust2 getshlibdelta1 getshlibdelta2
SHLIBS= shlibtest.so shlibtest2.so SHLIBS= shlibtest.so shlibtest2.so
...@@ -128,7 +128,7 @@ chpax: $(CHPAXSRC:.c=.o) ...@@ -128,7 +128,7 @@ chpax: $(CHPAXSRC:.c=.o)
$(CC) $(LDFLAGS) -o $@ $^ $(CC) $(LDFLAGS) -o $@ $^
paxtest: $(TESTS) genpaxtest paxtest: $(TESTS) genpaxtest
sh genpaxtest $(TESTS) sh genpaxtest $(CC) $(TESTS)
.S.o: .S.o:
$(CC) $(CFLAGS) $(CC_PIE) $(ASFLAGS) -o $@ -c $< $(CC) $(CFLAGS) $(CC_PIE) $(ASFLAGS) -o $@ -c $<
...@@ -168,9 +168,17 @@ getmain1: getmain1.o ...@@ -168,9 +168,17 @@ getmain1: getmain1.o
-$(PAXBIN) -C $@ -$(PAXBIN) -C $@
$(PAXBIN) -SPRXM $@ $(PAXBIN) -SPRXM $@
getshlibdelta1: getshlibdelta1.o
$(CC) $(LDFLAGS) $(LD_ETEXEC) -o $@ $< $(DL)
-$(PAXBIN) -C $@
$(PAXBIN) -SPRXM $@
getheap2 getmain2: getheap2.o getmain2.o getheap2 getmain2: getheap2.o getmain2.o
$(CC) $(LDFLAGS) $(LD_PIE) -o $@ $@.o || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@) $(CC) $(LDFLAGS) $(LD_PIE) -o $@ $@.o || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@)
getshlibdelta2: getshlibdelta2.o
$(CC) $(LDFLAGS) $(LD_PIE) -o $@ $@.o $(DL) || (echo -e "#!/bin/sh\necho $@ pie not implemented" > $@; chmod +x $@)
getshlib: getshlib.o getshlib: getshlib.o
$(CC) $(LDFLAGS) -o $@ $< $(DL) $(CC) $(LDFLAGS) -o $@ $< $(DL)
......
...@@ -50,7 +50,7 @@ or ...@@ -50,7 +50,7 @@ or
./paxtest blackhat (to run paxtest in blackhat mode) ./paxtest blackhat (to run paxtest in blackhat mode)
This will create a file paxtest.log in the current directory. This will create a file paxtest.log in the user's home directory.
Kiddie and blackhat mode: Kiddie and blackhat mode:
......
...@@ -16,6 +16,7 @@ ...@@ -16,6 +16,7 @@
#include <sys/wait.h> #include <sys/wait.h>
#include <pthread.h> #include <pthread.h>
#include <unistd.h> #include <unistd.h>
#include <string.h>
#include "body.h" #include "body.h"
...@@ -29,14 +30,18 @@ int main( int argc, char *argv[] ) ...@@ -29,14 +30,18 @@ int main( int argc, char *argv[] )
{ {
int status; int status;
char *mode; char *mode;
/* This defaults to 1 as a safety mechanism. It is better to fail in
/*
* This defaults to 1 as a safety mechanism. It is better to fail in
* blackhat mode, because kiddie mode can produce overly optimistic * blackhat mode, because kiddie mode can produce overly optimistic
* results. * results.
*/ */
int paxtest_mode = 1; int paxtest_mode = 1;
#ifndef __clang__
/* Dummy nested function */ /* Dummy nested function */
void dummy(void) {} void dummy(void) {}
#endif
mode = getenv( "PAXTEST_MODE" ); mode = getenv( "PAXTEST_MODE" );
if( mode == NULL ) { if( mode == NULL ) {
...@@ -45,7 +50,12 @@ int main( int argc, char *argv[] ) ...@@ -45,7 +50,12 @@ int main( int argc, char *argv[] )
if( strcmp(mode,"0") == 0 ) { if( strcmp(mode,"0") == 0 ) {
paxtest_mode = 0; paxtest_mode = 0;
} else if( strcmp(mode,"1") == 0 ) { } else if( strcmp(mode,"1") == 0 ) {
#ifdef __clang__
printf("INFO: The blackhat mode not supported due to missing nested function support in clang.\n");
paxtest_mode = 0;
#else
paxtest_mode = 1; paxtest_mode = 1;
#endif
} }
} }
...@@ -53,6 +63,9 @@ int main( int argc, char *argv[] ) ...@@ -53,6 +63,9 @@ int main( int argc, char *argv[] )
fflush( stdout ); fflush( stdout );
if( fork() == 0 ) { if( fork() == 0 ) {
#ifdef __clang__
doit();
#else
/* Perform a dirty (but not unrealistic) trick to circumvent /* Perform a dirty (but not unrealistic) trick to circumvent
* the kernel protection. * the kernel protection.
*/ */
...@@ -64,6 +77,7 @@ int main( int argc, char *argv[] ) ...@@ -64,6 +77,7 @@ int main( int argc, char *argv[] )
} else { } else {
doit(); doit();
} }
#endif
} else { } else {
wait( &status ); wait( &status );
if( WIFEXITED(status) == 0 ) { if( WIFEXITED(status) == 0 ) {
......
...@@ -16,23 +16,32 @@ fi ...@@ -16,23 +16,32 @@ fi
cat << __here__ > paxtest cat << __here__ > paxtest
#!/bin/sh #!/bin/sh
if [ \$# = 1 ] if [ \$# = 1 -o \$# = 2 ]
then then
if [ "\$1" = "kiddie" ] if [ "\$1" = "kiddie" ]
then then
PAXTEST_MODE=0 PAXTEST_MODE=0
shift
elif [ "\$1" = "blackhat" ] elif [ "\$1" = "blackhat" ]
then then
PAXTEST_MODE=1 PAXTEST_MODE=1
shift
else else
echo "usage: paxtest [kiddie|blackhat]" echo "usage: paxtest [kiddie|blackhat] [logfile]"
exit 1 exit 1
fi fi
else else
echo "usage: paxtest [kiddie|blackhat]" echo "usage: paxtest [kiddie|blackhat] [logfile]"
exit 1 exit 1
fi fi
LOG=\$HOME/paxtest.log
[ -n "\$1" ] && LOG=\$1
touch "\$LOG"