* [gentoo-user] Paxtest in Rockpi4c+ AARCH64
@ 2025-07-23 21:51 Javier Martinez
2025-07-23 22:19 ` [gentoo-user] " Javier Martinez
0 siblings, 1 reply; 2+ messages in thread
From: Javier Martinez @ 2025-07-23 21:51 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1.1.1: Type: text/plain, Size: 2515 bytes --]
I installed one hardened gentoo in a rockpi4c+ with one RSBAC kernel
(everything works, 3d accel also, just wifi firmware kills itself
periodically but world is not perfect.....
Do you see something that got specially your attention in the paxtest
output? (low ASLR entropy apart....)
Anyone that owns one AARCH64 system can compare his paxtests results
paxtest with mine?
Comentaries? Sugestions?
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Vulnerable
Anonymous mapping randomization test : 18 quality bits (guessed)
Heap randomization test (ET_EXEC) : 18 quality bits (guessed)
Heap randomization test (PIE) : 18 quality bits (guessed)
Main executable randomization (ET_EXEC) : 14 quality bits (guessed)
Main executable randomization (PIE) : 14 quality bits (guessed)
Shared library randomization test : 14 quality bits (guessed)
VDSO randomization test : 18 quality bits (guessed)
Stack randomization test (SEGMEXEC) : 26 quality bits (guessed)
Stack randomization test (PAGEEXEC) : 26 quality bits (guessed)
Arg/env randomization test (SEGMEXEC) : 18 quality bits (guessed)
Arg/env randomization test (PAGEEXEC) : 18 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 14 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 14 quality bits (guessed)
Randomization under memory exhaustion @~0: 18 bits (guessed)
Randomization under memory exhaustion @0 : 18 bits (guessed)
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : paxtest: return address
contains a NULL byte.
Return to function (memcpy, PIE) : Killed
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3145 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* [gentoo-user] Re: Paxtest in Rockpi4c+ AARCH64
2025-07-23 21:51 [gentoo-user] Paxtest in Rockpi4c+ AARCH64 Javier Martinez
@ 2025-07-23 22:19 ` Javier Martinez
0 siblings, 0 replies; 2+ messages in thread
From: Javier Martinez @ 2025-07-23 22:19 UTC (permalink / raw
To: gentoo-user
[-- Attachment #1.1.1: Type: text/plain, Size: 5916 bytes --]
The same paxtest on a rockpi4c+, but with older kernel and under
slarm64, even a bit lower ASLR randomization, Is interesting also that
seems they "kicked" segmentation... slarm64 is unable to exec gentoo
hardened binaries surely because of PIE ( the "tripletes are
aarch64-unknown-linux-gnu in gentoo aarch64-slackware-linux in slarm64).
> stack randomization test (SEGMEXEC) : Skipped, not applicable
> Arg/env randomization test (SEGMEXEC) : Skipped, not applicable
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Killed
Executable bss (mprotect) : Killed
Executable data (mprotect) : Killed
Executable heap (mprotect) : Killed
Executable stack (mprotect) : Killed
Executable shared library bss (mprotect) : Killed
Executable shared library data (mprotect): Killed
Writable text segments : Vulnerable
Anonymous mapping randomization test : 18 quality bits (guessed)
Anonymous huge mapping randomization test: 14 quality bits (guessed)
Heap randomization test (ET_EXEC) : 18 quality bits (guessed)
Heap randomization test (PIE) : 18 quality bits (guessed)
Main executable randomization (ET_EXEC) : No randomization
Main executable randomization (PIE) : 14 quality bits (guessed)
Big main executable randomization (PIE) : 9 quality bits (guessed)
File mapping randomization test : 18 quality bits (guessed)
File huge mapping randomization test : 9 quality bits (guessed)
Shared library randomization test : 14 quality bits (guessed)
Big shared library randomization test : 9 quality bits (guessed)
VDSO randomization test : 18 quality bits (guessed)
Stack randomization test (SEGMEXEC) : Skipped, not applicable
Stack randomization test (PAGEEXEC) : 26 quality bits (guessed)
Arg/env randomization test (SEGMEXEC) : Skipped, not applicable
Arg/env randomization test (PAGEEXEC) : 18 quality bits (guessed)
Offset to library randomisation (ET_EXEC): 14 quality bits (guessed)
Offset to library randomisation (ET_DYN) : 14 quality bits (guessed)
Randomization under memory exhaustion @~0: 18 bits (guessed)
Randomization under memory exhaustion @0 : 18 bits (guessed)
Return to function (strcpy) : paxtest: return address
contains a NULL byte.
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : paxtest: return address
contains a NULL byte.
Return to function (memcpy, PIE) : Killed
El 23/7/25 a las 23:51, Javier Martinez escribió:
>
>
> I installed one hardened gentoo in a rockpi4c+ with one RSBAC kernel
> (everything works, 3d accel also, just wifi firmware kills itself
> periodically but world is not perfect.....
>
> Do you see something that got specially your attention in the paxtest
> output? (low ASLR entropy apart....)
>
> Anyone that owns one AARCH64 system can compare his paxtests results
> paxtest with mine?
>
> Comentaries? Sugestions?
>
>
> Executable anonymous mapping : Killed
> Executable bss : Killed
> Executable data : Killed
> Executable heap : Killed
> Executable stack : Killed
> Executable shared library bss : Killed
> Executable shared library data : Killed
> Executable anonymous mapping (mprotect) : Killed
> Executable bss (mprotect) : Killed
> Executable data (mprotect) : Killed
> Executable heap (mprotect) : Killed
> Executable stack (mprotect) : Killed
> Executable shared library bss (mprotect) : Killed
> Executable shared library data (mprotect): Killed
> Writable text segments : Vulnerable
> Anonymous mapping randomization test : 18 quality bits (guessed)
> Heap randomization test (ET_EXEC) : 18 quality bits (guessed)
> Heap randomization test (PIE) : 18 quality bits (guessed)
> Main executable randomization (ET_EXEC) : 14 quality bits (guessed)
> Main executable randomization (PIE) : 14 quality bits (guessed)
> Shared library randomization test : 14 quality bits (guessed)
> VDSO randomization test : 18 quality bits (guessed)
> Stack randomization test (SEGMEXEC) : 26 quality bits (guessed)
> Stack randomization test (PAGEEXEC) : 26 quality bits (guessed)
> Arg/env randomization test (SEGMEXEC) : 18 quality bits (guessed)
> Arg/env randomization test (PAGEEXEC) : 18 quality bits (guessed)
> Offset to library randomisation (ET_EXEC): 14 quality bits (guessed)
> Offset to library randomisation (ET_DYN) : 14 quality bits (guessed)
> Randomization under memory exhaustion @~0: 18 bits (guessed)
> Randomization under memory exhaustion @0 : 18 bits (guessed)
> Return to function (strcpy) : paxtest: return address
> contains a NULL byte.
> Return to function (memcpy) : Killed
> Return to function (strcpy, PIE) : paxtest: return address
> contains a NULL byte.
> Return to function (memcpy, PIE) : Killed
>
[-- Attachment #1.1.2: OpenPGP public key --]
[-- Type: application/pgp-keys, Size: 3145 bytes --]
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 840 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-23 22:20 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-07-23 21:51 [gentoo-user] Paxtest in Rockpi4c+ AARCH64 Javier Martinez
2025-07-23 22:19 ` [gentoo-user] " Javier Martinez
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox