# paxtest on hardened amd64 system

## CoderMan

Hi. I'm trying (for the first time) to set up a hardened amd64 system with grsecurity, following this guide:

http://www.gentoo.org/proj/en/hardened/grsecurity.xml

I unmasked paxtest, ran it, and got this output:

```

voltron ~ # paxtest blackhat

PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>

Released under the GNU Public Licence version 2 or later

Writing output to paxtest.log

It may take a while for the tests to complete

Test results:

PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>

Released under the GNU Public Licence version 2 or later

Mode: blackhat

Linux voltron 2.6.28-hardened-r9 #1 SMP Thu Apr 1 16:48:51 AKDT 2010 x86_64 Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz GenuineIntel GNU/Linux

Executable anonymous mapping             : Killed

Executable bss                           : Killed

Executable data                          : Killed

Executable heap                          : Killed

Executable stack                         : Killed

Executable anonymous mapping (mprotect)  : Killed

Executable bss (mprotect)                : Killed

Executable data (mprotect)               : Killed

Executable heap (mprotect)               : Killed

Executable stack (mprotect)              : Killed

Executable shared library bss (mprotect) : Killed

Executable shared library data (mprotect): Killed

Writable text segments                   : Killed

Anonymous mapping randomisation test     : 33 bits (guessed)

Heap randomisation test (ET_EXEC)        : 40 bits (guessed)

Heap randomisation test (ET_DYN)         : 40 bits (guessed)

Main executable randomisation (ET_EXEC)  : 32 bits (guessed)

Main executable randomisation (ET_DYN)   : 32 bits (guessed)

Shared library randomisation test        : 33 bits (guessed)

Stack randomisation test (SEGMEXEC)      : No randomisation

Stack randomisation test (PAGEEXEC)      : 40 bits (guessed)

Return to function (strcpy)              : *** buffer overflow detected ***: rettofunc1 - terminated

rettofunc1: buffer overflow attack in function <unknown> - terminated

Report to http://bugs.gentoo.org/

Killed

Return to function (memcpy)              : *** buffer overflow detected ***: rettofunc2 - terminated

rettofunc2: buffer overflow attack in function <unknown> - terminated

Report to http://bugs.gentoo.org/

Killed

Return to function (strcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc1x - terminated

rettofunc1x: buffer overflow attack in function <unknown> - terminated

Report to http://bugs.gentoo.org/

Killed

Return to function (memcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc2x - terminated

rettofunc2x: buffer overflow attack in function <unknown> - terminated

Report to http://bugs.gentoo.org/

Killed

Executable shared library bss            : Killed

Executable shared library data           : Killed

```

I found a similar post in the forums, but I don't know enough yet to tell what the similarities/differences might be:

https://forums.gentoo.org/viewtopic-t-816466-view-previous.html?sid=c4f4507360769be617a5d87bbd6100ea

Here is my emerge --info:

```
voltron ~ # emerge --info

Portage 2.1.7.17 (hardened/linux/amd64/10.0, gcc-4.3.4, glibc-2.10.1-r1, 2.6.28-hardened-r9 x86_64)

=================================================================

System uname: Linux-2.6.28-hardened-r9-x86_64-Intel-R-_Core-TM-_i7_CPU_860_@_2.80GHz-with-gentoo-1.12.13

Timestamp of tree: Thu, 01 Apr 2010 23:45:02 +0000

app-shells/bash:     4.0_p35

dev-lang/python:     2.6.4-r1

sys-apps/baselayout: 1.12.13

sys-apps/sandbox:    1.6-r2

sys-devel/autoconf:  2.63-r1

sys-devel/automake:  1.10.3

sys-devel/binutils:  2.18-r3

sys-devel/gcc:       4.3.4

sys-devel/gcc-config: 1.4.1

sys-devel/libtool:   2.2.6b

virtual/os-headers:  2.6.30-r1

ACCEPT_KEYWORDS="amd64"

ACCEPT_LICENSE="* -@EULA"

CBUILD="x86_64-pc-linux-gnu"

CFLAGS="-march=core2 -msse4 -mcx16 -msahf -O2 -pipe"

CHOST="x86_64-pc-linux-gnu"

CONFIG_PROTECT="/etc"

CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/gconf /etc/sandbox.d /etc/terminfo"

CXXFLAGS="-march=core2 -msse4 -mcx16 -msahf -O2 -pipe"

DISTDIR="/usr/portage/distfiles"

FEATURES="assume-digests distlocks fixpackages news parallel-fetch protect-owned sandbox sfperms strict unmerge-logs unmerge-orphans userfetch"

GENTOO_MIRRORS="ftp://gentoo.arcticnetwork.ca/pub/gentoo/"

LDFLAGS="-Wl,-O1"

MAKEOPTS="-j7"

PKGDIR="/usr/portage/packages"

PORTAGE_CONFIGROOT="/"

PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"

PORTAGE_TMPDIR="/var/tmp"

PORTDIR="/usr/portage"

SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"

USE="acl amd64 bash-completion berkdb bzip2 cli cracklib crypt cups cxx dri emacs gdbm gpm hardened iconv justify mmx modules mudflap multilib ncurses nls nptl nptlonly openmp pam pcre perl pic pppd python readline reflection session spl sse sse2 ssl sysfs tcpd urandom xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" 

Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LANG, LC_ALL, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

```

Here is the grep on the .config:

```
voltron ~ # grep '_GRKERNSEC_\|_PAX' /usr/src/linux-2.6.28-hardened-r9/.config

# CONFIG_GRKERNSEC_LOW is not set

# CONFIG_GRKERNSEC_MEDIUM is not set

# CONFIG_GRKERNSEC_HIGH is not set

CONFIG_GRKERNSEC_HARDENED_SERVER=y

# CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set

# CONFIG_GRKERNSEC_CUSTOM is not set

CONFIG_GRKERNSEC_KMEM=y

CONFIG_GRKERNSEC_IO=y

CONFIG_GRKERNSEC_PROC_MEMMAP=y

CONFIG_GRKERNSEC_BRUTE=y

CONFIG_GRKERNSEC_MODSTOP=y

CONFIG_GRKERNSEC_HIDESYM=y

CONFIG_GRKERNSEC_ACL_HIDEKERN=y

CONFIG_GRKERNSEC_ACL_MAXTRIES=10

CONFIG_GRKERNSEC_ACL_TIMEOUT=30

CONFIG_GRKERNSEC_PROC=y

# CONFIG_GRKERNSEC_PROC_USER is not set

CONFIG_GRKERNSEC_PROC_USERGROUP=y

CONFIG_GRKERNSEC_PROC_GID=10

CONFIG_GRKERNSEC_PROC_ADD=y

CONFIG_GRKERNSEC_LINK=y

CONFIG_GRKERNSEC_FIFO=y

CONFIG_GRKERNSEC_CHROOT=y

CONFIG_GRKERNSEC_CHROOT_MOUNT=y

CONFIG_GRKERNSEC_CHROOT_DOUBLE=y

CONFIG_GRKERNSEC_CHROOT_PIVOT=y

CONFIG_GRKERNSEC_CHROOT_CHDIR=y

CONFIG_GRKERNSEC_CHROOT_CHMOD=y

CONFIG_GRKERNSEC_CHROOT_FCHDIR=y

CONFIG_GRKERNSEC_CHROOT_MKNOD=y

CONFIG_GRKERNSEC_CHROOT_SHMAT=y

CONFIG_GRKERNSEC_CHROOT_UNIX=y

CONFIG_GRKERNSEC_CHROOT_FINDTASK=y

CONFIG_GRKERNSEC_CHROOT_NICE=y

CONFIG_GRKERNSEC_CHROOT_SYSCTL=y

CONFIG_GRKERNSEC_CHROOT_CAPS=y

# CONFIG_GRKERNSEC_AUDIT_GROUP is not set

# CONFIG_GRKERNSEC_EXECLOG is not set

CONFIG_GRKERNSEC_RESLOG=y

# CONFIG_GRKERNSEC_CHROOT_EXECLOG is not set

# CONFIG_GRKERNSEC_AUDIT_CHDIR is not set

CONFIG_GRKERNSEC_AUDIT_MOUNT=y

# CONFIG_GRKERNSEC_AUDIT_IPC is not set

CONFIG_GRKERNSEC_SIGNAL=y

CONFIG_GRKERNSEC_FORKFAIL=y

CONFIG_GRKERNSEC_TIME=y

CONFIG_GRKERNSEC_PROC_IPADDR=y

# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

CONFIG_GRKERNSEC_EXECVE=y

CONFIG_GRKERNSEC_DMESG=y

CONFIG_GRKERNSEC_TPE=y

CONFIG_GRKERNSEC_TPE_ALL=y

# CONFIG_GRKERNSEC_TPE_INVERT is not set

CONFIG_GRKERNSEC_TPE_GID=100

CONFIG_GRKERNSEC_RANDNET=y

# CONFIG_GRKERNSEC_SOCKET is not set

CONFIG_GRKERNSEC_SYSCTL=y

CONFIG_GRKERNSEC_SYSCTL_ON=y

CONFIG_GRKERNSEC_FLOODTIME=10

CONFIG_GRKERNSEC_FLOODBURST=4

CONFIG_PAX=y

# CONFIG_PAX_SOFTMODE is not set

CONFIG_PAX_EI_PAX=y

CONFIG_PAX_PT_PAX_FLAGS=y

# CONFIG_PAX_NO_ACL_FLAGS is not set

CONFIG_PAX_HAVE_ACL_FLAGS=y

# CONFIG_PAX_HOOK_ACL_FLAGS is not set

CONFIG_PAX_NOEXEC=y

CONFIG_PAX_PAGEEXEC=y

# CONFIG_PAX_EMUTRAMP is not set

CONFIG_PAX_MPROTECT=y

CONFIG_PAX_NOELFRELOCS=y

CONFIG_PAX_KERNEXEC=y

CONFIG_PAX_ASLR=y

CONFIG_PAX_RANDUSTACK=y

CONFIG_PAX_RANDMMAP=y

CONFIG_PAX_MEMORY_SANITIZE=y

CONFIG_PAX_REFCOUNT=y

```

And here is the gcc-config line:

```
voltron ~ # gcc-config -l

 [1] x86_64-pc-linux-gnu-4.3.4 *

 [2] x86_64-pc-linux-gnu-4.3.4-hardenednopie

 [3] x86_64-pc-linux-gnu-4.3.4-vanilla

```

If anyone could guide me on how I can make my system more secure, I would appreciate that. Please don't assume anything... I'm a total PaX n00b.

----------

