История изменений
Исправление SANyaSmol, (текущая версия) :
xubuntu 21.04
uname -a Linux aspire 5.11.0-34-generic #36-Ubuntu SMP Thu Aug 26 19:22:09 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Поменяй на каталог доступный у тебя на запись:
из под юзера
paxtest blackhat ${HOME}/test
PaXtest - Copyright(c) 2003-2016 by Peter Busser <peter@adamantix.org> and Brad Spengler <spender@grsecurity.net>
Released under the GNU Public Licence version 2 or later
Writing output to /home/*/test
It may take a while for the tests to complete
Test results:
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomization test : 28 quality bits (guessed)
Heap randomization test (ET_EXEC) : 28 quality bits (guessed)
Heap randomization test (PIE) : 28 quality bits (guessed)
Main executable randomization (ET_EXEC) : 28 quality bits (guessed)
Main executable randomization (PIE) : 28 quality bits (guessed)
Shared library randomization test : 28 quality bits (guessed)
VDSO randomization test : 20 quality bits (guessed)
Stack randomization test (SEGMEXEC) : 30 quality bits (guessed)
Stack randomization test (PAGEEXEC) : 30 quality bits (guessed)
Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed)
Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 28 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 28 quality bits (guessed)
Randomization under memory exhaustion @~0: 28 bits (guessed)
Randomization under memory exhaustion @0 : 28 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) : Killed
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Должно быть Killed, ядро патчить и пересоберать надо.
Не, не. Уже забыл как это делается )
Глянь checksec -k
Из под рута
checksec --kernel
* Kernel protection information:
Description - List the status of kernel protection mechanisms. Rather than
inspect kernel mechanisms that may aid in the prevention of exploitation of
userspace processes, this option lists the status of kernel configuration
options that harden the kernel itself against attack.
Kernel config:
/boot/config-5.11.0-34-generic
Warning: The config on disk may not represent running kernel config!
Running kernel: 5.11.0-34-generic
Vanilla Kernel ASLR: Full
NX protection: Disabled
Protected symlinks: Enabled
Protected hardlinks: Enabled
Protected fifos: Disabled
Protected regular: Enabled
Ipv4 reverse path filtering: Disabled
Kernel heap randomization: Enabled
GCC stack protector support: Enabled
GCC stack protector strong: Enabled
SLAB freelist randomization: Enabled
Virtually-mapped kernel stack: Enabled
Restrict /dev/mem access: Enabled
Restrict I/O access to /dev/mem: Disabled
Enforce read-only kernel data: Enabled
Enforce read-only module data: Enabled
Exec Shield: Unsupported
Hardened Usercopy: Enabled
Harden str/mem functions: Enabled
Restrict /dev/kmem access: Enabled
* X86 only:
Address space layout randomization: Enabled
* SELinux: Disabled
SELinux infomation available here:
http://selinuxproject.org/
* grsecurity / PaX: No GRKERNSEC
The grsecurity / PaX patchset is available here:
http://grsecurity.net/
20 quality bits (guessed)
Мало! Или у тебя 32битная система?
Нет, 64. НАверно потому чо проц дохлый старый? .
PS. .. Нет, на 3900x те же цифры, проверил специально
Еще интересен тест рандома,
dd if=/dev/urandom status=none |rngtest -c 100000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 2000000032
rngtest: FIPS 140-2 successes: 99921
rngtest: FIPS 140-2 failures: 79
rngtest: FIPS 140-2(2001-10-10) Monobit: 12
rngtest: FIPS 140-2(2001-10-10) Poker: 9
rngtest: FIPS 140-2(2001-10-10) Runs: 33
rngtest: FIPS 140-2(2001-10-10) Long run: 25
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=3.424; avg=1055.831; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=2.224; avg=53.346; max=60.169)Mibits/s
rngtest: Program run time: 38176106 microseconds
Исходная версия SANyaSmol, :
xubuntu 21.04
uname -a Linux aspire 5.11.0-34-generic #36-Ubuntu SMP Thu Aug 26 19:22:09 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
Поменяй на каталог доступный у тебя на запись:
из под юзера
paxtest blackhat ${HOME}/test
PaXtest - Copyright(c) 2003-2016 by Peter Busser <peter@adamantix.org> and Brad Spengler <spender@grsecurity.net>
Released under the GNU Public Licence version 2 or later
Writing output to /home/*/test
It may take a while for the tests to complete
Test results:
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomization test : 28 quality bits (guessed)
Heap randomization test (ET_EXEC) : 28 quality bits (guessed)
Heap randomization test (PIE) : 28 quality bits (guessed)
Main executable randomization (ET_EXEC) : 28 quality bits (guessed)
Main executable randomization (PIE) : 28 quality bits (guessed)
Shared library randomization test : 28 quality bits (guessed)
VDSO randomization test : 20 quality bits (guessed)
Stack randomization test (SEGMEXEC) : 30 quality bits (guessed)
Stack randomization test (PAGEEXEC) : 30 quality bits (guessed)
Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed)
Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 28 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 28 quality bits (guessed)
Randomization under memory exhaustion @~0: 28 bits (guessed)
Randomization under memory exhaustion @0 : 28 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) : Killed
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Должно быть Killed, ядро патчить и пересоберать надо.
Не, не. Уже забыл как это делается )
Глянь checksec -k
Из под рута
checksec --kernel
* Kernel protection information:
Description - List the status of kernel protection mechanisms. Rather than
inspect kernel mechanisms that may aid in the prevention of exploitation of
userspace processes, this option lists the status of kernel configuration
options that harden the kernel itself against attack.
Kernel config:
/boot/config-5.11.0-34-generic
Warning: The config on disk may not represent running kernel config!
Running kernel: 5.11.0-34-generic
Vanilla Kernel ASLR: Full
NX protection: Disabled
Protected symlinks: Enabled
Protected hardlinks: Enabled
Protected fifos: Disabled
Protected regular: Enabled
Ipv4 reverse path filtering: Disabled
Kernel heap randomization: Enabled
GCC stack protector support: Enabled
GCC stack protector strong: Enabled
SLAB freelist randomization: Enabled
Virtually-mapped kernel stack: Enabled
Restrict /dev/mem access: Enabled
Restrict I/O access to /dev/mem: Disabled
Enforce read-only kernel data: Enabled
Enforce read-only module data: Enabled
Exec Shield: Unsupported
Hardened Usercopy: Enabled
Harden str/mem functions: Enabled
Restrict /dev/kmem access: Enabled
* X86 only:
Address space layout randomization: Enabled
* SELinux: Disabled
SELinux infomation available here:
http://selinuxproject.org/
* grsecurity / PaX: No GRKERNSEC
The grsecurity / PaX patchset is available here:
http://grsecurity.net/
20 quality bits (guessed)
Мало! Или у тебя 32битная система?
Нет, 64. НАверно потому чо проц дохлый старый? .
Еще интересен тест рандома,
dd if=/dev/urandom status=none |rngtest -c 100000
rngtest 5
Copyright (c) 2004 by Henrique de Moraes Holschuh
This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
rngtest: starting FIPS tests...
rngtest: bits received from input: 2000000032
rngtest: FIPS 140-2 successes: 99921
rngtest: FIPS 140-2 failures: 79
rngtest: FIPS 140-2(2001-10-10) Monobit: 12
rngtest: FIPS 140-2(2001-10-10) Poker: 9
rngtest: FIPS 140-2(2001-10-10) Runs: 33
rngtest: FIPS 140-2(2001-10-10) Long run: 25
rngtest: FIPS 140-2(2001-10-10) Continuous run: 0
rngtest: input channel speed: (min=3.424; avg=1055.831; max=4768.372)Mibits/s
rngtest: FIPS tests speed: (min=2.224; avg=53.346; max=60.169)Mibits/s
rngtest: Program run time: 38176106 microseconds