paxtest

[Thomas Klausner <wiz%NetBSD.org@localhost>]

Hi!

I've just created a package for paxtest in wip. It's a tool to test
some pax features.

I've started the paxtest program in 'paxtest kiddie' mode (the one
looking for simple vulnerabilities).

I see:

PaXtest - Copyright(c) 2003-2014 by Peter Busser <peter%adamantix.org@localhost> and Brad Spengler <spender%grsecurity.net@localhost>
Released under the GNU Public Licence version 2 or later

Writing output to paxtest.log
It may take a while for the tests to complete

and CTRL-T reports:

load: 1.06  cmd: getshlib 27612 [0x7f7ff7c0d348/11] 16453.99u 107901.91s 99% 456k

i.e. that getshlib is working at 99% CPU for over a day now.


The paxtest.log output file contains:

PaXtest - Copyright(c) 2003-2014 by Peter Busser <peter%adamantix.org@localhost> and Brad Spengler <spender%grsecurity.net@localhost>
Released under the GNU Public Licence version 2 or later

Mode: kiddie
NetBSD yt.nih.at 7.99.29 NetBSD 7.99.29 (KVOTHE) #145: Sun May  1 22:47:36 CEST 2016  GENERIC amd64

Executable anonymous mapping             : Killed
Executable bss                           : Killed
Executable data                          : Killed
Executable heap                          : Killed
Executable stack                         : Vulnerable
Executable anonymous mapping (mprotect)  : Vulnerable
Executable bss (mprotect)                : Vulnerable
Executable data (mprotect)               : Vulnerable
Executable heap (mprotect)               : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect)              : Vulnerable
Anonymous mapping randomization test     : 32 quality bits (guessed)
Heap randomization test (ET_EXEC)        : 23 quality bits (guessed)
Main executable randomization (ET_EXEC)  : No randomization

Is this a problem with the test program or our pax implementation?

I see quite a number of Vulnerable entries, is someone working on
improving this?

Cheers,
 Thomas