a kernel with the patch don't pass the pax's test

[ghost]

PaXtest - Copyright(c) 2003-2016 by Peter Busser [email protected] and Brad Spengler [email protected]
Released under the GNU Public Licence version 2 or later

Mode: 1
Blackhat
Kernel:
Linux 4.10.16-gnu-1-hardened SMP x86_64 GNU/Linux

Test results:
/usr/bin/paxtest: string 69: /usr/lib/paxtest/gcc: no such file

Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomization test : 28 quality bits (guessed)
Heap randomization test (ET_EXEC) : 13 quality bits (guessed)
Heap randomization test (PIE) :

p.s.

you call this "hardened kernel" ;)

[thestinger]

You aren't even running the test with this project in the first place as demonstrated by the kernel version and the results you partially cut off on the bottom. It would probably be a good idea to understand the tests that you're running and actually run them against the project that you're bashing instead of something else. The mprotect tests pass with either PaX MPROTECT without soft mode enabled or SELinux without the memory protection features (execmem, execheap, execstack, execmod) disabled.

[thestinger]

By the way, PaX doesn't fully pass paxtest since it's userspace that's responsible for implementing something to pass the Return to function (strcpy) and Return to function (memcpy, PIE) tests. The paxtest suite is also not a test of kernel self-protection in any way, it's a test of userspace hardening some of which is via the kernel. Most of PaX is focused on kernel self protection. This is only a test of earlier features (ASLR, MPROTECT / SELinux memory protections) and it hasn't been expanded much even in that area.

[ghost]

https://aur.archlinux.org/packages/linux-libre-hardened/ - this is the kernel which i'm ran (in the sources list has this project patch)

---

so, if pax test a userspace - come out this project don't protect that from exploits mitigation?

https://wiki.archlinux.org/index.php?title=PaX&oldid=473942#Testing_the_userspace_features

[ghost]

by the way, i have nothing against the project - it's just a (security) note

[thestinger]

Read the responses I wrote. The tests pass with linux-hardened and a nearly empty stub SELinux policy where everything is unconfined beyond the memory protection features. If you don't enable the relevant security features, they won't pass. The same thing applies to PaX / grsecurity. The linux-grsec package on Arch Linux didn't pass those tests without paxd installed which disabled soft mode.

by the way, i have nothing against the project - it's just a (security) note

It's not a security note, it's your misunderstanding and reluctance to read the responses explaining it to you.

[thestinger]

And as I already said, it's pretty clear you aren't using this from "4.10.16" and the entropy output. This project has never released a patch for 4.10. Not only are you misunderstanding what you're testing, but you are not testing this project.