# need help with pax and paxtest

## leonchik1976

1) hi! installed hardened for the first time. when setting CONFIG_GRKERNSEC_HARDENED_SERVER to yes - system doesn't boot, after checking some settings - i found the problem - when CONFIG_PAX_KERNEXEC is set to yes, this cause to system hang during boot. how can i fix this?

2) so i set CONFIG_GRKERNSEC_CUSTOM=y, and ran 'paxtest blackhat', this is what i get: (i would appreciate some help on how to fix it)

Mode: blackhat

Linux server 2.6.29-hardened #1 SMP Mon May 24 21:18:20 IDT 2010 x86_64 Pentium(R) Dual-Core CPU E5200 @ 2.50GHz GenuineIntel GNU/Linux

Executable anonymous mapping             : Killed

Executable bss                           : Killed

Executable data                          : Killed

Executable heap                          : Killed

Executable stack                         : Killed

Executable anonymous mapping (mprotect)  : Killed

Executable bss (mprotect)                : Killed

Executable data (mprotect)               : Killed

Executable heap (mprotect)               : Killed

Executable stack (mprotect)              : Killed

Executable shared library bss (mprotect) : Killed

Executable shared library data (mprotect): Killed

Writable text segments                   : Killed

Anonymous mapping randomisation test     : 33 bits (guessed)

Heap randomisation test (ET_EXEC)        : 40 bits (guessed)

Heap randomisation test (ET_DYN)         : 40 bits (guessed)

Main executable randomisation (ET_EXEC)  : 32 bits (guessed)

Main executable randomisation (ET_DYN)   : 32 bits (guessed)

Shared library randomisation test        : 33 bits (guessed)

Stack randomisation test (SEGMEXEC)      : No randomisation

Stack randomisation test (PAGEEXEC)      : 40 bits (guessed)

Return to function (strcpy)              : *** buffer overflow detected ***: rettofunc1 - terminated

rettofunc1: buffer overflow attack in function <unknown> - terminated

Report to https://bugs.gentoo.org/

Killed

Return to function (memcpy)              : *** buffer overflow detected ***: rettofunc2 - terminated

rettofunc2: buffer overflow attack in function <unknown> - terminated

Report to https://bugs.gentoo.org/

Killed

Return to function (strcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc1x - terminated

rettofunc1x: buffer overflow attack in function <unknown> - terminated

Report to https://bugs.gentoo.org/

Killed

Return to function (memcpy, RANDEXEC)    : *** buffer overflow detected ***: rettofunc2x - terminated

rettofunc2x: buffer overflow attack in function <unknown> - terminated

Report to https://bugs.gentoo.org/

Killed

Executable shared library bss            : Killed

Executable shared library data           : Killed

this is my 'gcc-config -l'

 [1] x86_64-pc-linux-gnu-4.3.4 *

 [2] x86_64-pc-linux-gnu-4.3.4-hardenednopie

 [3] x86_64-pc-linux-gnu-4.3.4-vanilla

and this is 'grep '_GRKERNSEC_\|_PAX'

# CONFIG_GRKERNSEC_LOW is not set

# CONFIG_GRKERNSEC_MEDIUM is not set

# CONFIG_GRKERNSEC_HIGH is not set

# CONFIG_GRKERNSEC_HARDENED_SERVER is not set

# CONFIG_GRKERNSEC_HARDENED_WORKSTATION is not set

CONFIG_GRKERNSEC_CUSTOM=y

CONFIG_GRKERNSEC_KMEM=y

CONFIG_GRKERNSEC_IO=y

CONFIG_GRKERNSEC_PROC_MEMMAP=y

CONFIG_GRKERNSEC_BRUTE=y

# CONFIG_GRKERNSEC_MODSTOP is not set

CONFIG_GRKERNSEC_HIDESYM=y

# CONFIG_GRKERNSEC_ACL_HIDEKERN is not set

CONFIG_GRKERNSEC_ACL_MAXTRIES=3

CONFIG_GRKERNSEC_ACL_TIMEOUT=30

CONFIG_GRKERNSEC_PROC=y

# CONFIG_GRKERNSEC_PROC_USER is not set

CONFIG_GRKERNSEC_PROC_USERGROUP=y

CONFIG_GRKERNSEC_PROC_GID=10

CONFIG_GRKERNSEC_PROC_ADD=y

CONFIG_GRKERNSEC_LINK=y

CONFIG_GRKERNSEC_FIFO=y

CONFIG_GRKERNSEC_CHROOT=y

CONFIG_GRKERNSEC_CHROOT_MOUNT=y

CONFIG_GRKERNSEC_CHROOT_DOUBLE=y

CONFIG_GRKERNSEC_CHROOT_PIVOT=y

CONFIG_GRKERNSEC_CHROOT_CHDIR=y

CONFIG_GRKERNSEC_CHROOT_CHMOD=y

CONFIG_GRKERNSEC_CHROOT_FCHDIR=y

CONFIG_GRKERNSEC_CHROOT_MKNOD=y

CONFIG_GRKERNSEC_CHROOT_SHMAT=y

CONFIG_GRKERNSEC_CHROOT_UNIX=y

CONFIG_GRKERNSEC_CHROOT_FINDTASK=y

CONFIG_GRKERNSEC_CHROOT_NICE=y

CONFIG_GRKERNSEC_CHROOT_SYSCTL=y

CONFIG_GRKERNSEC_CHROOT_CAPS=y

# CONFIG_GRKERNSEC_AUDIT_GROUP is not set

# CONFIG_GRKERNSEC_EXECLOG is not set

CONFIG_GRKERNSEC_RESLOG=y

CONFIG_GRKERNSEC_CHROOT_EXECLOG=y

CONFIG_GRKERNSEC_AUDIT_CHDIR=y

CONFIG_GRKERNSEC_AUDIT_MOUNT=y

CONFIG_GRKERNSEC_AUDIT_IPC=y

CONFIG_GRKERNSEC_SIGNAL=y

CONFIG_GRKERNSEC_FORKFAIL=y

CONFIG_GRKERNSEC_TIME=y

CONFIG_GRKERNSEC_PROC_IPADDR=y

# CONFIG_GRKERNSEC_AUDIT_TEXTREL is not set

CONFIG_GRKERNSEC_EXECVE=y

CONFIG_GRKERNSEC_DMESG=y

# CONFIG_GRKERNSEC_TPE is not set

CONFIG_GRKERNSEC_RANDNET=y

# CONFIG_GRKERNSEC_SOCKET is not set

CONFIG_GRKERNSEC_SYSCTL=y

CONFIG_GRKERNSEC_SYSCTL_ON=y

CONFIG_GRKERNSEC_FLOODTIME=10

CONFIG_GRKERNSEC_FLOODBURST=4

CONFIG_PAX=y

# CONFIG_PAX_SOFTMODE is not set

CONFIG_PAX_EI_PAX=y

CONFIG_PAX_PT_PAX_FLAGS=y

CONFIG_PAX_NO_ACL_FLAGS=y

# CONFIG_PAX_HAVE_ACL_FLAGS is not set

# CONFIG_PAX_HOOK_ACL_FLAGS is not set

CONFIG_PAX_NOEXEC=y

CONFIG_PAX_PAGEEXEC=y

# CONFIG_PAX_EMUTRAMP is not set

CONFIG_PAX_MPROTECT=y

CONFIG_PAX_NOELFRELOCS=y

# CONFIG_PAX_KERNEXEC is not set

CONFIG_PAX_ASLR=y

CONFIG_PAX_RANDUSTACK=y

CONFIG_PAX_RANDMMAP=y

# CONFIG_PAX_MEMORY_SANITIZE is not set

CONFIG_PAX_REFCOUNT=y

----------

## bendeguz

Hi!

Have you figured out something? I have the same output of "paxtest blackhat", but I turned off the mprotect related option of the kernel, because I couldn't run a web browser. So I have Vulnerable messages too.

----------

## leonchik1976

can anybody please help us?

----------

