The same paxtest on a rockpi4c+, but with older kernel and under slarm64, even a bit lower ASLR randomization, Is interesting also that seems they "kicked" segmentation... slarm64 is unable to exec gentoo hardened binaries surely because of PIE ( the "tripletes are aarch64-unknown-linux-gnu in gentoo aarch64-slackware-linux in slarm64). > stack randomization test (SEGMEXEC) : Skipped, not applicable > Arg/env randomization test (SEGMEXEC) : Skipped, not applicable Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Killed Executable bss (mprotect) : Killed Executable data (mprotect) : Killed Executable heap (mprotect) : Killed Executable stack (mprotect) : Killed Executable shared library bss (mprotect) : Killed Executable shared library data (mprotect): Killed Writable text segments : Vulnerable Anonymous mapping randomization test : 18 quality bits (guessed) Anonymous huge mapping randomization test: 14 quality bits (guessed) Heap randomization test (ET_EXEC) : 18 quality bits (guessed) Heap randomization test (PIE) : 18 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 14 quality bits (guessed) Big main executable randomization (PIE) : 9 quality bits (guessed) File mapping randomization test : 18 quality bits (guessed) File huge mapping randomization test : 9 quality bits (guessed) Shared library randomization test : 14 quality bits (guessed) Big shared library randomization test : 9 quality bits (guessed) VDSO randomization test : 18 quality bits (guessed) Stack randomization test (SEGMEXEC) : Skipped, not applicable Stack randomization test (PAGEEXEC) : 26 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : Skipped, not applicable Arg/env randomization test (PAGEEXEC) : 18 quality bits (guessed) Offset to library randomisation (ET_EXEC): 14 quality bits (guessed) Offset to library randomisation (ET_DYN) : 14 quality bits (guessed) Randomization under memory exhaustion @~0: 18 bits (guessed) Randomization under memory exhaustion @0 : 18 bits (guessed) Return to function (strcpy) : paxtest: return address contains a NULL byte. Return to function (memcpy) : Killed Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte. Return to function (memcpy, PIE) : Killed El 23/7/25 a las 23:51, Javier Martinez escribió: > > > I installed one hardened gentoo in a rockpi4c+ with one RSBAC kernel > (everything works, 3d accel also, just wifi firmware kills itself > periodically but world is not perfect..... > > Do you see something that got specially your attention in the paxtest > output? (low ASLR entropy apart....) > > Anyone that owns one AARCH64 system can compare his paxtests results > paxtest with mine? > > Comentaries? Sugestions? > > > Executable anonymous mapping             : Killed > Executable bss                           : Killed > Executable data                          : Killed > Executable heap                          : Killed > Executable stack                         : Killed > Executable shared library bss            : Killed > Executable shared library data           : Killed > Executable anonymous mapping (mprotect)  : Killed > Executable bss (mprotect)                : Killed > Executable data (mprotect)               : Killed > Executable heap (mprotect)               : Killed > Executable stack (mprotect)              : Killed > Executable shared library bss (mprotect) : Killed > Executable shared library data (mprotect): Killed > Writable text segments                   : Vulnerable > Anonymous mapping randomization test     : 18 quality bits (guessed) > Heap randomization test (ET_EXEC)        : 18 quality bits (guessed) > Heap randomization test (PIE)            : 18 quality bits (guessed) > Main executable randomization (ET_EXEC)  : 14 quality bits (guessed) > Main executable randomization (PIE)      : 14 quality bits (guessed) > Shared library randomization test        : 14 quality bits (guessed) > VDSO randomization test                  : 18 quality bits (guessed) > Stack randomization test (SEGMEXEC)      : 26 quality bits (guessed) > Stack randomization test (PAGEEXEC)      : 26 quality bits (guessed) > Arg/env randomization test (SEGMEXEC)    : 18 quality bits (guessed) > Arg/env randomization test (PAGEEXEC)    : 18 quality bits (guessed) > Offset to library randomisation (ET_EXEC): 14 quality bits (guessed) > Offset to library randomisation (ET_DYN) : 14 quality bits (guessed) > Randomization under memory exhaustion @~0: 18 bits (guessed) > Randomization under memory exhaustion @0 : 18 bits (guessed) > Return to function (strcpy)              : paxtest: return address > contains a NULL byte. > Return to function (memcpy)              : Killed > Return to function (strcpy, PIE)         : paxtest: return address > contains a NULL byte. > Return to function (memcpy, PIE)         : Killed >