API tools faq
paste
Advertisement
Guest User

paxtest on Darwin citadel.local 14.4.0 Darwin Kernel Versio

a guest
Jul 26th, 2015
359
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.88 KB | None | 0 0
raw download clone embed print report
  1. citadel:paxtest-freebsd-master ac$ ./paxtest kiddie
  2. PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
  3. Released under the GNU Public Licence version 2 or later
  4.  
  5. Writing output to paxtest.log
  6. It may take a while for the tests to complete
  7. Test results:
  8. PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
  9. Released under the GNU Public Licence version 2 or later
  10.  
  11. Mode: kiddie
  12. Darwin citadel.local 14.4.0 Darwin Kernel Version 14.4.0: Thu May 28 11:35:04 PDT 2015; root:xnu-2782.30.5~1/RELEASE_X86_64 x86_64
  13.  
  14. Executable anonymous mapping : Killed
  15. Executable bss : Killed
  16. Executable data : Killed
  17. Executable heap : Killed
  18. Executable stack : Killed
  19. Executable anonymous mapping (mprotect) : Vulnerable
  20. Executable bss (mprotect) : Vulnerable
  21. Executable data (mprotect) : Vulnerable
  22. Executable heap (mprotect) : Vulnerable
  23. Executable shared library bss (mprotect) : Vulnerable
  24. Executable shared library data (mprotect): Vulnerable
  25. Executable stack (mprotect) : Vulnerable
  26. Anonymous mapping randomisation test : 16 bits (guessed)
  27. Heap randomisation test (ET_EXEC) : 15 bits (guessed)
  28. Main executable randomisation (ET_EXEC) : 16 bits (guessed)
  29. ./getshlib: Undefined error: 0
  30. Shared library randomisation test :
  31. Stack randomisation test (SEGMEXEC) : 16 bits (guessed)
  32. Stack randomisation test (PAGEEXEC) : 16 bits (guessed)
  33. Arg/env randomisation test (SEGMEXEC) : 17 bits (guessed)
  34. Arg/env randomisation test (PAGEEXEC) : 16 bits (guessed)
  35. Return to function (strcpy) : paxtest: return address contains a NULL byte.
  36. Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
  37. Return to function (memcpy) : Killed
  38. Return to function (memcpy, PIE) : Killed
  39. Executable shared library bss : Killed
  40. Executable shared library data : Killed
  41. Writable text segments : Vulnerable
  42.  
  43. citadel:paxtest-freebsd-master ac$ ./paxtest blackhat
  44. PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
  45. Released under the GNU Public Licence version 2 or later
  46.  
  47. Writing output to paxtest.log
  48. It may take a while for the tests to complete
  49. Test results:
  50. PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
  51. Released under the GNU Public Licence version 2 or later
  52.  
  53. Mode: blackhat
  54. Darwin citadel.local 14.4.0 Darwin Kernel Version 14.4.0: Thu May 28 11:35:04 PDT 2015; root:xnu-2782.30.5~1/RELEASE_X86_64 x86_64
  55.  
  56. Executable anonymous mapping : Killed
  57. Executable bss : Killed
  58. Executable data : Killed
  59. Executable heap : Killed
  60. Executable stack : Killed
  61. Executable anonymous mapping (mprotect) : Vulnerable
  62. Executable bss (mprotect) : Vulnerable
  63. Executable data (mprotect) : Vulnerable
  64. Executable heap (mprotect) : Vulnerable
  65. Executable shared library bss (mprotect) : Vulnerable
  66. Executable shared library data (mprotect): Vulnerable
  67. Executable stack (mprotect) : Vulnerable
  68. Anonymous mapping randomisation test : 16 bits (guessed)
  69. Heap randomisation test (ET_EXEC) : 15 bits (guessed)
  70. Main executable randomisation (ET_EXEC) : 16 bits (guessed)
  71. ./getshlib: Undefined error: 0
  72. Shared library randomisation test :
  73. Stack randomisation test (SEGMEXEC) : 16 bits (guessed)
  74. Stack randomisation test (PAGEEXEC) : 16 bits (guessed)
  75. Arg/env randomisation test (SEGMEXEC) : 16 bits (guessed)
  76. Arg/env randomisation test (PAGEEXEC) : 16 bits (guessed)
  77. Return to function (strcpy) : paxtest: return address contains a NULL byte.
  78. Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
  79. Return to function (memcpy) : Killed
  80. Return to function (memcpy, PIE) : Killed
  81. Executable shared library bss : Killed
  82. Executable shared library data : Killed
  83. Writable text segments : Vulnerable
  84.  
  85. citadel:paxtest-freebsd-master ac$
  86.  
  87. diff -urN paxtest-freebsd-master/Makefile paxtest-freebsd-master.osx/Makefile
  88. --- paxtest-freebsd-master/Makefile 2014-03-24 03:52:17.000000000 +0200
  89. +++ paxtest-freebsd-master.osx/Makefile 2015-07-26 18:00:11.000000000 +0300
  90. @@ -1,4 +1,4 @@
  91. -#!/usr/bin/make
  92. +#!/usr/bin/env gmake
  93. #
  94. # PaXtest master makefile
  95. # Copyright(c) 2003 by Peter Busser <peter@adamantix.org>
  96. @@ -22,6 +22,9 @@
  97. freebsd:
  98. make -f Makefile.FreeBSD
  99.  
  100. +osx:
  101. + make -f Makefile.OSX
  102. +
  103. clean:
  104. make -f Makefile.FreeBSD clean
  105.  
  106. diff -urN paxtest-freebsd-master/Makefile.OSX paxtest-freebsd-master.osx/Makefile.OSX
  107. --- paxtest-freebsd-master/Makefile.OSX 1970-01-01 02:00:00.000000000 +0200
  108. +++ paxtest-freebsd-master.osx/Makefile.OSX 2015-07-26 17:35:00.000000000 +0300
  109. @@ -0,0 +1,188 @@
  110. +#!/usr/bin/gmake
  111. +
  112. +CC=gcc
  113. +CFLAGS=
  114. +LDFLAGS=
  115. +ifndef RUNDIR
  116. +RUNDIR=.
  117. +endif
  118. +
  119. +CFLAGS+=-DRUNDIR=\"${RUNDIR}\" -fno-stack-protector #-ftrampolines
  120. +LDFLAGS+=-lpthread
  121. +
  122. +
  123. +TESTS= anonmap \
  124. + execbss \
  125. + execdata \
  126. + execheap \
  127. + execstack \
  128. + mprotanon \
  129. + mprotbss \
  130. + mprotdata \
  131. + mprotheap \
  132. + mprotshbss \
  133. + mprotshdata \
  134. + mprotstack \
  135. + randamap \
  136. + randheap1 \
  137. + randmain1 \
  138. + randshlib \
  139. + randstack1 \
  140. + randstack2 \
  141. + randarg1 \
  142. + randarg2 \
  143. + rettofunc1 \
  144. + rettofunc1x \
  145. + rettofunc2 \
  146. + rettofunc2x \
  147. + shlibbss \
  148. + shlibdata \
  149. + writetext
  150. +
  151. +UTILS= getamap \
  152. + getheap1 \
  153. + getheap2 \
  154. + getmain1 \
  155. + getmain2 \
  156. + getshlib \
  157. + getstack1 \
  158. + getstack2 \
  159. + getarg1 \
  160. + getarg2
  161. +
  162. +SHLIBS= shlibtest.so \
  163. + shlibtest2.so
  164. +
  165. +all: $(SHLIBS) $(TESTS) $(UTILS) paxtest
  166. +
  167. +clean:
  168. + -rm -f *.o *.s *~ core
  169. + -rm -f $(SHLIBS) $(TESTS) $(UTILS)
  170. + -rm -f paxtest paxtest.log a.out
  171. +
  172. +ifdef DESTDIR
  173. +ifdef BINDIR
  174. +ifdef RUNDIR
  175. +install: all
  176. + mkdir -p $(DESTDIR)/$(RUNDIR)
  177. + cp $(SHLIBS) $(TESTS) $(UTILS) $(DESTDIR)/$(RUNDIR)
  178. + mkdir -p $(DESTDIR)/$(BINDIR)
  179. + cp paxtest $(DESTDIR)/$(BINDIR)
  180. + chmod 755 $(DESTDIR)/$(BINDIR)/paxtest
  181. +endif
  182. +endif
  183. +endif
  184. +
  185. +paxtest: $(TESTS) genpaxtest
  186. + sh genpaxtest $(TESTS)
  187. +
  188. +anonmap: body.o anonmap.o
  189. +
  190. +execbss: body.o execbss.o
  191. +
  192. +execdata: body.o execdata.o
  193. +
  194. +execheap: body.o execheap.o
  195. +
  196. +execstack: body.o execstack.o
  197. +
  198. +getheap1: getheap.o
  199. + $(CC) $(LDFLAGS) -o $@ $+
  200. +
  201. +getheap2: getheap.o
  202. + $(CC) -shared -o $@ $+
  203. +
  204. +getheap.o: getheap.c
  205. + $(CC) $(CFLAGS) -fPIC -o $@ -c $<
  206. +
  207. +getamap.o: getamap.c
  208. +
  209. +getmain1: getmain.o
  210. + $(CC) $(LDFLAGS) -o $@ $+
  211. +
  212. +getmain2: getmain2.o
  213. + $(CC) -shared -o $@ $+
  214. +
  215. +getmain2.o: getmain.c
  216. + $(CC) $(CFLAGS) -fPIC -o $@ -c $<
  217. +
  218. +getshlib: getshlib.o
  219. +
  220. +getstack1: getstack.o
  221. + $(CC) $(LDFLAGS) -o $@ $+
  222. +
  223. +getstack2: getstack1
  224. + rm -f $@
  225. + cp getstack1 $@
  226. + chmod +x $@
  227. +
  228. +getarg1: getarg.o
  229. + $(CC) $(LDFLAGS) -o $@ $+
  230. +
  231. +getarg2: getarg1
  232. + rm -f $@
  233. + cp getarg1 $@
  234. + chmod +x $@
  235. +
  236. +mprotanon: body.o mprotanon.o
  237. +
  238. +mprotbss: body.o mprotbss.o
  239. +
  240. +mprotheap: body.o mprotheap.o
  241. +
  242. +mprotdata: body.o mprotdata.o
  243. +
  244. +mprotshbss: body.o mprotshbss.o shlibtest.so
  245. +
  246. +mprotshdata: body.o mprotshdata.o shlibtest.so
  247. +
  248. +mprotstack: body.o mprotstack.o
  249. +
  250. +randamap: randbody.o randamap.o
  251. +
  252. +randarg1: randbody.o randarg1.o
  253. +
  254. +randarg2: randbody.o randarg2.o
  255. +
  256. +randheap1: randbody.o randheap1.o
  257. +
  258. +randheap2: randbody.o randheap2.o
  259. +
  260. +randmain1: randbody.o randmain1.o
  261. +
  262. +randmain2: randbody.o randmain2.o
  263. +
  264. +randshlib: randbody.o randshlib.o
  265. +
  266. +randstack1: randbody.o randstack1.o
  267. +
  268. +randstack2: randbody.o randstack2.o
  269. +
  270. +rettofunc1: body.o rettofunc1.o
  271. +
  272. +rettofunc1x: body.o rettofunc1x.o
  273. + $(CC) $(LDFLAGS) -o $@ $+
  274. +
  275. +rettofunc2: body.o rettofunc2.o
  276. +
  277. +rettofunc2x: body.o rettofunc2x.o
  278. + $(CC) $(LDFLAGS) -o $@ $+
  279. +
  280. +shlibtest.o: shlibtest.c
  281. + $(CC) $(CFLAGS) -fPIC -c $< -o $@
  282. +
  283. +shlibtest2.o: shlibtest2.c
  284. + $(CC) $(CFLAGS) -fPIC -c $< -o $@
  285. +
  286. +shlibtest.so: shlibtest.o
  287. + $(CC) $(SHLDFLAGS) -shared -o $@ $+
  288. +
  289. +shlibtest2.so: shlibtest2.o
  290. + $(CC) $(SHLDFLAGS) -shared -o $@ $+
  291. +
  292. +shlibbss: body.o shlibbss.o shlibtest.so shlibtest2.so
  293. +
  294. +shlibdata: body.o shlibdata.o shlibtest.so shlibtest2.so
  295. +
  296. +writetext: body.o writetext.o shlibtest.so
  297. +
  298. diff -urN paxtest-freebsd-master/body.c paxtest-freebsd-master.osx/body.c
  299. --- paxtest-freebsd-master/body.c 2014-03-24 03:52:17.000000000 +0200
  300. +++ paxtest-freebsd-master.osx/body.c 2015-07-26 17:41:40.000000000 +0300
  301. @@ -16,6 +16,7 @@
  302. #include <sys/wait.h>
  303. #include <pthread.h>
  304. #include <unistd.h>
  305. +#include <string.h>
  306.  
  307. extern int doit( void );
  308. extern const char testname[];
  309. @@ -26,6 +27,11 @@
  310. return NULL;
  311. }
  312.  
  313. +#if 1
  314. +/* Dummy nested function */
  315. +void dummy(void) {}
  316. +#endif
  317. +
  318. int main( int argc, char *argv[] )
  319. {
  320. int status;
  321. @@ -36,8 +42,10 @@
  322. */
  323. int paxtest_mode = 1;
  324.  
  325. +#if 0
  326. /* Dummy nested function */
  327. void dummy(void) {}
  328. +#endif
  329.  
  330. mode = getenv( "PAXTEST_MODE" );
  331. if( mode == NULL ) {
  332. diff -urN paxtest-freebsd-master/targets paxtest-freebsd-master.osx/targets
  333. --- paxtest-freebsd-master/targets 2014-03-24 03:52:17.000000000 +0200
  334. +++ paxtest-freebsd-master.osx/targets 2015-07-26 17:26:53.000000000 +0300
  335. @@ -8,5 +8,7 @@
  336.  
  337. freebsd FreeBSD
  338.  
  339. +osx OS X
  340. +
  341. clean Clean up
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!