[gentoo-user] Re: Paxtest in Rockpi4c+ AARCH64

[Javier Martinez <tazok.id0@gmail.com>]

[-- Attachment #1.1.1: Type: text/plain, Size: 5916 bytes --]

The same paxtest on a rockpi4c+, but with older kernel and under 
slarm64, even a bit lower ASLR randomization, Is interesting also that 
seems they "kicked" segmentation... slarm64 is unable to exec gentoo 
hardened binaries surely because of PIE ( the "tripletes are 
aarch64-unknown-linux-gnu in gentoo aarch64-slackware-linux in slarm64).

> stack randomization test (SEGMEXEC)      : Skipped, not applicable
> Arg/env randomization test (SEGMEXEC)    : Skipped, not applicable



Executable anonymous mapping             : Killed
Executable bss                           : Killed
Executable data                          : Killed
Executable heap                          : Killed
Executable stack                         : Killed
Executable shared library bss            : Killed
Executable shared library data           : Killed
Executable anonymous mapping (mprotect)  : Killed
Executable bss (mprotect)                : Killed
Executable data (mprotect)               : Killed
Executable heap (mprotect)               : Killed
Executable stack (mprotect)              : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments                   : Vulnerable
Anonymous mapping randomization test     : 18 quality bits (guessed)
Anonymous huge mapping randomization test: 14 quality bits (guessed)
Heap randomization test (ET_EXEC)        : 18 quality bits (guessed)
Heap randomization test (PIE)            : 18 quality bits (guessed)
Main executable randomization (ET_EXEC)  : No randomization
Main executable randomization (PIE)      : 14 quality bits (guessed)
Big main executable randomization (PIE)  : 9 quality bits (guessed)
File mapping randomization test          : 18 quality bits (guessed)
File huge mapping randomization test     : 9 quality bits (guessed)
Shared library randomization test        : 14 quality bits (guessed)
Big shared library randomization test    : 9 quality bits (guessed)
VDSO randomization test                  : 18 quality bits (guessed)
Stack randomization test (SEGMEXEC)      : Skipped, not applicable
Stack randomization test (PAGEEXEC)      : 26 quality bits (guessed)
Arg/env randomization test (SEGMEXEC)    : Skipped, not applicable
Arg/env randomization test (PAGEEXEC)    : 18 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 14 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 14 quality bits (guessed)
Randomization under memory exhaustion @~0: 18 bits (guessed)
Randomization under memory exhaustion @0 : 18 bits (guessed)
Return to function (strcpy)              : paxtest: return address 
contains a NULL byte.
Return to function (memcpy)              : Killed
Return to function (strcpy, PIE)         : paxtest: return address 
contains a NULL byte.
Return to function (memcpy, PIE)         : Killed



El 23/7/25 a las 23:51, Javier Martinez escribió:
> 
> 
> I installed one hardened gentoo in a rockpi4c+ with one RSBAC kernel 
> (everything works, 3d accel also, just wifi firmware kills itself 
> periodically but world is not perfect.....
> 
> Do you see something that got specially your attention in the paxtest 
> output? (low ASLR entropy apart....)
> 
> Anyone that owns one AARCH64 system can compare his paxtests results 
> paxtest with mine?
> 
> Comentaries? Sugestions?
> 
> 
> Executable anonymous mapping             : Killed
> Executable bss                           : Killed
> Executable data                          : Killed
> Executable heap                          : Killed
> Executable stack                         : Killed
> Executable shared library bss            : Killed
> Executable shared library data           : Killed
> Executable anonymous mapping (mprotect)  : Killed
> Executable bss (mprotect)                : Killed
> Executable data (mprotect)               : Killed
> Executable heap (mprotect)               : Killed
> Executable stack (mprotect)              : Killed
> Executable shared library bss (mprotect) : Killed
> Executable shared library data (mprotect): Killed
> Writable text segments                   : Vulnerable
> Anonymous mapping randomization test     : 18 quality bits (guessed)
> Heap randomization test (ET_EXEC)        : 18 quality bits (guessed)
> Heap randomization test (PIE)            : 18 quality bits (guessed)
> Main executable randomization (ET_EXEC)  : 14 quality bits (guessed)
> Main executable randomization (PIE)      : 14 quality bits (guessed)
> Shared library randomization test        : 14 quality bits (guessed)
> VDSO randomization test                  : 18 quality bits (guessed)
> Stack randomization test (SEGMEXEC)      : 26 quality bits (guessed)
> Stack randomization test (PAGEEXEC)      : 26 quality bits (guessed)
> Arg/env randomization test (SEGMEXEC)    : 18 quality bits (guessed)
> Arg/env randomization test (PAGEEXEC)    : 18 quality bits (guessed)
> Offset to library randomisation (ET_EXEC): 14 quality bits (guessed)
> Offset to library randomisation (ET_DYN) : 14 quality bits (guessed)
> Randomization under memory exhaustion @~0: 18 bits (guessed)
> Randomization under memory exhaustion @0 : 18 bits (guessed)
> Return to function (strcpy)              : paxtest: return address 
> contains a NULL byte.
> Return to function (memcpy)              : Killed
> Return to function (strcpy, PIE)         : paxtest: return address 
> contains a NULL byte.
> Return to function (memcpy, PIE)         : Killed
> 


[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3145 bytes --]

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]