It went out twice, sorry. First I sent the below mail, but after even hours it didn't showed up, I thought maybe length restriction, so I sent the mail again without the below "RAW" part, with that it was displayed in a few minutes. Whatever, the paxtest compares are here in a picture too (mirror urls), more readable to the human eye: https://s22.postimg.org/f169vbabl/paxtest_openbsd.pnghttps://i.imgsafe.org/22cb7604d4.pnghttps://lut.im/C3F0KIhF6O/GPjZ5bRQrTK8fLpg.png Is W^X causing the "Vulnerable" lines? Is it still ok, because of "bad test"? or is it really a security problem?? install60.iso Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, PIE) : Vulnerable Increasing kern.stackgap_random=262144 to kern.stackgap_random=16777216 increases the: Stack randomization test (SEGMEXEC) : 14 quality bits (guessed) Stack randomization test (PAGEEXEC) : 14 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 14 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 14 quality bits (guessed) "to 20 quality bits". Thanks! Sent: Sunday, October 02, 2016 at 12:12 PM From: "Peter Janos" <peterjan...@mail.com> To: misc@openbsd.org Subject: Fix paxtest output on OpenBSD 6.0?Fix paxtest output on OpenBSD 6.0?
Hallo :) Also I included a few other OS. Mirror for the post is here: https://pastebin.com/raw/y9qHwZxi Tests are after a default/fresh install (not livecd), using https://www.grsecurity.net/~spender/paxtest-0.9.15.tar.gz ---- All OS were installed/tested in VirtualBox-5.1.6_110634_el7-1.x86_64 on a RHEL 7.2 / T450. ---- ---- When I used 'paxtest-0.9.15' on OpenBSD, had to ADD two lines: $ grep -n 'randarg1: randbody.o randarg1.o' Makefile.OpenBSD 157:randarg1: randbody.o randarg1.o $ grep -n 'randarg2: randbody.o randarg2.o' Makefile.OpenBSD 159:randarg2: randbody.o randarg2.o $ or else compile would fail, thx for the hint from Pinter Oliver! ---- ---- On FreeBSD/HBSD I had to use paxtest-0.9.14-freebsd.tar compiled on FBSD9 from https://github.com/HardenedBSD/tools/blob/master/tests/paxtest-freebsd/paxtest-0.9.14-freebsd.tgz ---- ---- If anyone has outputs for NetBSD and DragonFlyBSD, please post. ---- Always used blackhat mode. ############################################################################################## SUM (copy it to a simple editor, ex.: gedit, then from there to LibreOffice Calc): ################################################### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mapping Killed debian-8.6.0-amd64-CD-1.txt Executable anonymous mapping Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mapping Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable anonymous mapping Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mapping Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping Killed install60.txt Executable anonymous mapping Killed linuxmint-18-cinnamon-64bit.txt Executable anonymous mapping Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mapping Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable anonymous mapping Killed ubuntu-16.04.1-desktop-amd64.txt Executable anonymous mapping Killed ubuntu-16.04.1-server-amd64.txt Executable anonymous mapping Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable bss Killed debian-8.6.0-amd64-CD-1.txt Executable bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss Killed install60.txt Executable bss Killed linuxmint-18-cinnamon-64bit.txt Executable bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable bss Killed ubuntu-16.04.1-desktop-amd64.txt Executable bss Killed ubuntu-16.04.1-server-amd64.txt Executable bss Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable data Killed debian-8.6.0-amd64-CD-1.txt Executable data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data Killed install60.txt Executable data Killed linuxmint-18-cinnamon-64bit.txt Executable data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable data Killed ubuntu-16.04.1-desktop-amd64.txt Executable data Killed ubuntu-16.04.1-server-amd64.txt Executable data Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable heap Killed debian-8.6.0-amd64-CD-1.txt Executable heap Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable heap Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap Killed install60.txt Executable heap Killed linuxmint-18-cinnamon-64bit.txt Executable heap Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable heap Killed ubuntu-16.04.1-desktop-amd64.txt Executable heap Killed ubuntu-16.04.1-server-amd64.txt Executable heap Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable stack Killed debian-8.6.0-amd64-CD-1.txt Executable stack Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable stack Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable stack Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable stack Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable stack Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable stack Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable stack Killed install60.txt Executable stack Killed linuxmint-18-cinnamon-64bit.txt Executable stack Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable stack Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable stack Killed ubuntu-16.04.1-desktop-amd64.txt Executable stack Killed ubuntu-16.04.1-server-amd64.txt Executable stack Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable shared library bss Killed debian-8.6.0-amd64-CD-1.txt Executable shared library bss Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable shared library bss Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable shared library bss Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable shared library bss Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable shared library bss Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable shared library bss Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable shared library bss Killed install60.txt Executable shared library bss Killed linuxmint-18-cinnamon-64bit.txt Executable shared library bss Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable shared library bss Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable shared library bss Killed ubuntu-16.04.1-desktop-amd64.txt Executable shared library bss Killed ubuntu-16.04.1-server-amd64.txt Executable shared library bss Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable shared library data Killed debian-8.6.0-amd64-CD-1.txt Executable shared library data Killed Fedora-Server-dvd-x86_64-24-1.2.txt Executable shared library data Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable shared library data Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable shared library data Killed FreeBSD-11.0-RC3-amd64-dvd1.txt Executable shared library data Killed FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable shared library data Killed HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable shared library data Killed install60.txt Executable shared library data Killed linuxmint-18-cinnamon-64bit.txt Executable shared library data Killed openSUSE-Leap-42.1-DVD-x86_64.txt Executable shared library data Killed SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable shared library data Killed ubuntu-16.04.1-desktop-amd64.txt Executable shared library data Killed ubuntu-16.04.1-server-amd64.txt Executable shared library data Killed ################################################### CentOS-7-x86_64-Everything-1511.txt Executable anonymous mapping (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable anonymous mapping (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable anonymous mapping (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable anonymous mapping (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable anonymous mapping (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable anonymous mapping (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable anonymous mapping (mprotect) Killed install60.txt Executable anonymous mapping (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable anonymous mapping (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable anonymous mapping (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable anonymous mapping (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable anonymous mapping (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable anonymous mapping (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable bss (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable bss (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable bss (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable bss (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable bss (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable bss (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable bss (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable bss (mprotect) Killed install60.txt Executable bss (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable bss (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable bss (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable bss (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable bss (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable bss (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable data (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable data (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable data (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable data (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable data (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable data (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable data (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable data (mprotect) Killed install60.txt Executable data (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable data (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable data (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable data (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable data (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable data (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable heap (mprotect) Killed debian-8.6.0-amd64-CD-1.txt Executable heap (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable heap (mprotect) Killed Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable heap (mprotect) Killed FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable heap (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable heap (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable heap (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable heap (mprotect) Killed install60.txt Executable heap (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable heap (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable heap (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable heap (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable heap (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable heap (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable stack (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable stack (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable stack (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable stack (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable stack (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable stack (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable stack (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable stack (mprotect) Killed install60.txt Executable stack (mprotect) Killed linuxmint-18-cinnamon-64bit.txt Executable stack (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable stack (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable stack (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable stack (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable stack (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable shared library bss (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable shared library bss (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable shared library bss (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable shared library bss (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable shared library bss (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable shared library bss (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable shared library bss (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable shared library bss (mprotect) Killed install60.txt Executable shared library bss (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable shared library bss (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable shared library bss (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable shared library bss (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable shared library bss (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable shared library bss (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Executable shared library data (mprotect) Vulnerable debian-8.6.0-amd64-CD-1.txt Executable shared library data (mprotect) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Executable shared library data (mprotect) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Executable shared library data (mprotect) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Executable shared library data (mprotect) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Executable shared library data (mprotect) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Executable shared library data (mprotect) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Executable shared library data (mprotect) Killed install60.txt Executable shared library data (mprotect) Vulnerable linuxmint-18-cinnamon-64bit.txt Executable shared library data (mprotect) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Executable shared library data (mprotect) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Executable shared library data (mprotect) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Executable shared library data (mprotect) Vulnerable ubuntu-16.04.1-server-amd64.txt Executable shared library data (mprotect) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Writable text segments Vulnerable debian-8.6.0-amd64-CD-1.txt Writable text segments Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Writable text segments Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Writable text segments Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Writable text segments Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Writable text segments Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Writable text segments Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Writable text segments Vulnerable install60.txt Writable text segments Killed linuxmint-18-cinnamon-64bit.txt Writable text segments Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Writable text segments Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Writable text segments Vulnerable ubuntu-16.04.1-desktop-amd64.txt Writable text segments Vulnerable ubuntu-16.04.1-server-amd64.txt Writable text segments Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Anonymous mapping randomization test 28 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Anonymous mapping randomization test 28 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Anonymous mapping randomization test 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Anonymous mapping randomization test 28 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Anonymous mapping randomization test No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Anonymous mapping randomization test No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Anonymous mapping randomization test No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Anonymous mapping randomization test 30 quality bits (guessed) install60.txt Anonymous mapping randomization test 33 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Anonymous mapping randomization test 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Anonymous mapping randomization test 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Anonymous mapping randomization test 28 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Anonymous mapping randomization test 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Anonymous mapping randomization test 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Heap randomization test (ET_EXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Heap randomization test (ET_EXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Heap randomization test (ET_EXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Heap randomization test (ET_EXEC) 21 quality bits (guessed) install60.txt Heap randomization test (ET_EXEC) 38 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Heap randomization test (ET_EXEC) 13 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Heap randomization test (PIE) 28 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Heap randomization test (PIE) 28 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Heap randomization test (PIE) 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Heap randomization test (PIE) 28 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Heap randomization test (PIE) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Heap randomization test (PIE) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Heap randomization test (PIE) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Heap randomization test (PIE) 22 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Heap randomization test (PIE) 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Heap randomization test (PIE) 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Heap randomization test (PIE) 28 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Heap randomization test (PIE) 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Heap randomization test (PIE) 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Main executable randomization (ET_EXEC) No randomization debian-8.6.0-amd64-CD-1.txt Main executable randomization (ET_EXEC) No randomization Fedora-Server-dvd-x86_64-24-1.2.txt Main executable randomization (ET_EXEC) No randomization Fedora-Workstation-netinst-x86_64-24-1.2.txt Main executable randomization (ET_EXEC) No randomization FreeBSD-10.3-RELEASE-amd64-dvd1.txt Main executable randomization (ET_EXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Main executable randomization (ET_EXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Main executable randomization (ET_EXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Main executable randomization (ET_EXEC) No randomization install60.txt Main executable randomization (ET_EXEC) 25 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Main executable randomization (ET_EXEC) No randomization openSUSE-Leap-42.1-DVD-x86_64.txt Main executable randomization (ET_EXEC) No randomization SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Main executable randomization (ET_EXEC) No randomization ubuntu-16.04.1-desktop-amd64.txt Main executable randomization (ET_EXEC) No randomization ubuntu-16.04.1-server-amd64.txt Main executable randomization (ET_EXEC) No randomization ################################################### CentOS-7-x86_64-Everything-1511.txt Main executable randomization (PIE) 28 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Main executable randomization (PIE) 28 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Main executable randomization (PIE) 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Main executable randomization (PIE) 28 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Main executable randomization (PIE) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Main executable randomization (PIE) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Main executable randomization (PIE) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Main executable randomization (PIE) 30 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Main executable randomization (PIE) 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Main executable randomization (PIE) 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Main executable randomization (PIE) 28 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Main executable randomization (PIE) 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Main executable randomization (PIE) 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Shared library randomization test 28 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Shared library randomization test 28 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Shared library randomization test 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Shared library randomization test 28 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Shared library randomization test No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Shared library randomization test No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Shared library randomization test No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Shared library randomization test 30 quality bits (guessed) install60.txt Shared library randomization test 33 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Shared library randomization test 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Shared library randomization test 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Shared library randomization test 28 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Shared library randomization test 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Shared library randomization test 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt VDSO randomization test 20 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt VDSO randomization test 20 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt VDSO randomization test 20 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt VDSO randomization test 20 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt VDSO randomization test No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt VDSO randomization test No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt VDSO randomization test No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt VDSO randomization test 28 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt VDSO randomization test 20 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt VDSO randomization test 20 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt VDSO randomization test 20 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt VDSO randomization test 20 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt VDSO randomization test 20 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Stack randomization test (SEGMEXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Stack randomization test (SEGMEXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Stack randomization test (SEGMEXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Stack randomization test (SEGMEXEC) 41 quality bits (guessed) install60.txt Stack randomization test (SEGMEXEC) 14 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Stack randomization test (SEGMEXEC) 30 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Stack randomization test (PAGEEXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Stack randomization test (PAGEEXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Stack randomization test (PAGEEXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Stack randomization test (PAGEEXEC) 41 quality bits (guessed) install60.txt Stack randomization test (PAGEEXEC) 14 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Stack randomization test (PAGEEXEC) 30 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Arg/env randomization test (SEGMEXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Arg/env randomization test (SEGMEXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Arg/env randomization test (SEGMEXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Arg/env randomization test (SEGMEXEC) 42 quality bits (guessed) install60.txt Arg/env randomization test (SEGMEXEC) 14 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Arg/env randomization test (SEGMEXEC) 22 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Arg/env randomization test (PAGEEXEC) No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Arg/env randomization test (PAGEEXEC) No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Arg/env randomization test (PAGEEXEC) No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Arg/env randomization test (PAGEEXEC) 42 quality bits (guessed) install60.txt Arg/env randomization test (PAGEEXEC) 14 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Arg/env randomization test (PAGEEXEC) 22 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) debian-8.6.0-amd64-CD-1.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Offset to library randomisation (ET_EXEC) 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Offset to library randomisation (ET_DYN) No randomization debian-8.6.0-amd64-CD-1.txt Offset to library randomisation (ET_DYN) No randomization Fedora-Server-dvd-x86_64-24-1.2.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) linuxmint-18-cinnamon-64bit.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Offset to library randomisation (ET_DYN) No randomization ubuntu-16.04.1-desktop-amd64.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) ubuntu-16.04.1-server-amd64.txt Offset to library randomisation (ET_DYN) 28 quality bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Randomization under memory exhaustion @~0 28 bits (guessed) debian-8.6.0-amd64-CD-1.txt Randomization under memory exhaustion @~0 28 bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Randomization under memory exhaustion @~0 29 bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Randomization under memory exhaustion @~0 29 bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Randomization under memory exhaustion @~0 No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Randomization under memory exhaustion @~0 No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Randomization under memory exhaustion @~0 No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Randomization under memory exhaustion @~0 30 bits (guessed) linuxmint-18-cinnamon-64bit.txt Randomization under memory exhaustion @~0 29 bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Randomization under memory exhaustion @~0 29 bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Randomization under memory exhaustion @~0 28 bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Randomization under memory exhaustion @~0 28 bits (guessed) ubuntu-16.04.1-server-amd64.txt Randomization under memory exhaustion @~0 29 bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Randomization under memory exhaustion @0 29 bits (guessed) debian-8.6.0-amd64-CD-1.txt Randomization under memory exhaustion @0 29 bits (guessed) Fedora-Server-dvd-x86_64-24-1.2.txt Randomization under memory exhaustion @0 28 bits (guessed) Fedora-Workstation-netinst-x86_64-24-1.2.txt Randomization under memory exhaustion @0 29 bits (guessed) FreeBSD-10.3-RELEASE-amd64-dvd1.txt Randomization under memory exhaustion @0 No randomization FreeBSD-11.0-RC3-amd64-dvd1.txt Randomization under memory exhaustion @0 No randomization FreeBSD-9.3-RELEASE-amd64-dvd1.txt Randomization under memory exhaustion @0 No randomization HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Randomization under memory exhaustion @0 30 bits (guessed) linuxmint-18-cinnamon-64bit.txt Randomization under memory exhaustion @0 28 bits (guessed) openSUSE-Leap-42.1-DVD-x86_64.txt Randomization under memory exhaustion @0 28 bits (guessed) SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Randomization under memory exhaustion @0 28 bits (guessed) ubuntu-16.04.1-desktop-amd64.txt Randomization under memory exhaustion @0 28 bits (guessed) ubuntu-16.04.1-server-amd64.txt Randomization under memory exhaustion @0 29 bits (guessed) ################################################### CentOS-7-x86_64-Everything-1511.txt Return to function (strcpy) paxtest return address contains a NULL byte. debian-8.6.0-amd64-CD-1.txt Return to function (strcpy) paxtest return address contains a NULL byte. Fedora-Server-dvd-x86_64-24-1.2.txt Return to function (strcpy) paxtest return address contains a NULL byte. Fedora-Workstation-netinst-x86_64-24-1.2.txt Return to function (strcpy) paxtest return address contains a NULL byte. FreeBSD-10.3-RELEASE-amd64-dvd1.txt Return to function (strcpy) paxtest return address contains a NULL byte. FreeBSD-11.0-RC3-amd64-dvd1.txt Return to function (strcpy) paxtest return address contains a NULL byte. FreeBSD-9.3-RELEASE-amd64-dvd1.txt Return to function (strcpy) paxtest return address contains a NULL byte. HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Return to function (strcpy) paxtest return address contains a NULL byte. install60.txt Return to function (strcpy) paxtest return address contains a NULL byte. linuxmint-18-cinnamon-64bit.txt Return to function (strcpy) paxtest return address contains a NULL byte. openSUSE-Leap-42.1-DVD-x86_64.txt Return to function (strcpy) paxtest return address contains a NULL byte. SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Return to function (strcpy) paxtest return address contains a NULL byte. ubuntu-16.04.1-desktop-amd64.txt Return to function (strcpy) paxtest return address contains a NULL byte. ubuntu-16.04.1-server-amd64.txt Return to function (strcpy) paxtest return address contains a NULL byte. ################################################### CentOS-7-x86_64-Everything-1511.txt Return to function (memcpy) Vulnerable debian-8.6.0-amd64-CD-1.txt Return to function (memcpy) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Return to function (memcpy) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Return to function (memcpy) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Return to function (memcpy) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Return to function (memcpy) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Return to function (memcpy) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Return to function (memcpy) Vulnerable install60.txt Return to function (memcpy) Vulnerable linuxmint-18-cinnamon-64bit.txt Return to function (memcpy) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Return to function (memcpy) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Return to function (memcpy) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Return to function (memcpy) Vulnerable ubuntu-16.04.1-server-amd64.txt Return to function (memcpy) Vulnerable ################################################### CentOS-7-x86_64-Everything-1511.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. debian-8.6.0-amd64-CD-1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. Fedora-Server-dvd-x86_64-24-1.2.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. Fedora-Workstation-netinst-x86_64-24-1.2.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. FreeBSD-10.3-RELEASE-amd64-dvd1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. FreeBSD-11.0-RC3-amd64-dvd1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. FreeBSD-9.3-RELEASE-amd64-dvd1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. install60.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. linuxmint-18-cinnamon-64bit.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. openSUSE-Leap-42.1-DVD-x86_64.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. ubuntu-16.04.1-desktop-amd64.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. ubuntu-16.04.1-server-amd64.txt Return to function (strcpy, PIE) paxtest return address contains a NULL byte. ################################################### CentOS-7-x86_64-Everything-1511.txt Return to function (memcpy, PIE) Vulnerable debian-8.6.0-amd64-CD-1.txt Return to function (memcpy, PIE) Vulnerable Fedora-Server-dvd-x86_64-24-1.2.txt Return to function (memcpy, PIE) Vulnerable Fedora-Workstation-netinst-x86_64-24-1.2.txt Return to function (memcpy, PIE) Vulnerable FreeBSD-10.3-RELEASE-amd64-dvd1.txt Return to function (memcpy, PIE) Vulnerable FreeBSD-11.0-RC3-amd64-dvd1.txt Return to function (memcpy, PIE) Vulnerable FreeBSD-9.3-RELEASE-amd64-dvd1.txt Return to function (memcpy, PIE) Vulnerable HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt Return to function (memcpy, PIE) Vulnerable install60.txt Return to function (memcpy, PIE) Vulnerable linuxmint-18-cinnamon-64bit.txt Return to function (memcpy, PIE) Vulnerable openSUSE-Leap-42.1-DVD-x86_64.txt Return to function (memcpy, PIE) Vulnerable SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt Return to function (memcpy, PIE) Vulnerable ubuntu-16.04.1-desktop-amd64.txt Return to function (memcpy, PIE) Vulnerable ubuntu-16.04.1-server-amd64.txt Return to function (memcpy, PIE) Vulnerable ############################################################################################## RAW: $ ls -1 CentOS-7-x86_64-Everything-1511.iso CentOS-7-x86_64-Everything-1511.txt debian-8.6.0-amd64-CD-1.iso debian-8.6.0-amd64-CD-1.txt Fedora-Server-dvd-x86_64-24-1.2.iso Fedora-Server-dvd-x86_64-24-1.2.txt Fedora-Workstation-netinst-x86_64-24-1.2.iso Fedora-Workstation-netinst-x86_64-24-1.2.txt FreeBSD-10.3-RELEASE-amd64-dvd1.iso FreeBSD-10.3-RELEASE-amd64-dvd1.txt FreeBSD-11.0-RC3-amd64-dvd1.iso FreeBSD-11.0-RC3-amd64-dvd1.txt FreeBSD-9.3-RELEASE-amd64-dvd1.iso FreeBSD-9.3-RELEASE-amd64-dvd1.txt HardenedBSD-11-STABLE-v46.5-amd64-disc1.iso HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt install60.iso install60.txt linuxmint-18-cinnamon-64bit.iso linuxmint-18-cinnamon-64bit.txt openSUSE-Leap-42.1-DVD-x86_64.iso openSUSE-Leap-42.1-DVD-x86_64.txt SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.iso SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt ubuntu-16.04.1-desktop-amd64.iso ubuntu-16.04.1-desktop-amd64.txt ubuntu-16.04.1-server-amd64.iso ubuntu-16.04.1-server-amd64.txt $ ################################################### CentOS-7-x86_64-Everything-1511.txt [root@localhost paxtest-0.9.15]# uname -mrs Linux 3.10.0-327.el7.x86_64 x86_64 [root@localhost paxtest-0.9.15]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: CentOS Description: CentOS Linux release 7.2.1511 (Core) Release: 7.2.1511 Codename: Core [root@localhost paxtest-0.9.15]# make -f Makefile.psm THEARCH=-m64 ... [root@localhost paxtest-0.9.15]# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : line 69 : ./gcc : No such file or directory Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Killed Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : No randomization Randomization under memory exhaustion @~0 : 28 bits (guessed) Randomization under memory exhaustion @0 : 29 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable [root@localhost paxtest-0.9.15]# ################################################### debian-8.6.0-amd64-CD-1.txt root@a:~/paxtest-0.9.15# uname -mrs Linux 3.16.0-4-amd64 x86_64 root@a:~/paxtest-0.9.15# lsb_release -a No LSB modules are available. Distributor ID: Debian Description: Debian GNU/Linux 8.6 (jessie) Release: 8.6 Codename: jessie root@a:~/paxtest-0.9.15# make -f Makefile.psm THEARCH=-m64 ... root@a:~/paxtest-0.9.15# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : 69 : ./paxtest : ./gcc : not found Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : No randomization Randomization under memory exhaustion @~0 : 28 bits (guessed) Randomization under memory exhaustion @0 : 29 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@a:~/paxtest-0.9.15# ################################################### Fedora-Server-dvd-x86_64-24-1.2.txt [root@localhost paxtest-0.9.15]# uname -mrs Linux 4.5.5-300.fc24.x86_64 x86_64 [root@localhost paxtest-0.9.15]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: Fedora Description: Fedora release 24 (Twenty Four) Release: 24 Codename: TwentyFour [root@localhost paxtest-0.9.15]# make -f Makefile.psm THEARCH=-m64 ... [root@localhost paxtest-0.9.15]# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : line 69 : ./gcc : No such file or directory Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Killed Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 29 bits (guessed) Randomization under memory exhaustion @0 : 28 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable [root@localhost paxtest-0.9.15]# ################################################### Fedora-Workstation-netinst-x86_64-24-1.2.txt [root@localhost paxtest-0.9.15]# uname -mrs Linux 4.7.5-200.fc24.x86_64 x86_64 [root@localhost paxtest-0.9.15]# lsb_release -a LSB Version: :core-4.1-amd64:core-4.1-noarch Distributor ID: Fedora Description: Fedora release 24 (Twenty Four) Release: 24 Codename: TwentyFour [root@localhost paxtest-0.9.15]# make -f Makefile.psm THEARCH=-m64 ... [root@localhost paxtest-0.9.15]# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : line 69 : ./gcc : No such file or directory Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Killed Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 29 bits (guessed) Randomization under memory exhaustion @0 : 29 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable [root@localhost paxtest-0.9.15]# ################################################### FreeBSD-10.3-RELEASE-amd64-dvd1.txt root@:~/paxtest-0.9.14-freebsd # uname -mrs FreeBSD 10.3-RELEASE amd64 root@:~/paxtest-0.9.14-freebsd # ./paxtest blackhat PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Mode : blackhat Uname : FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512 : Thu Jul 10 23:44:39 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Compiler : gcc version 4.2.1 20070831 patched [FreeBSD] Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : No randomization Heap randomization test (ET_EXEC) : No randomization Heap randomization test (PIE) : No randomization Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : No randomization Shared library randomization test : No randomization VDSO randomization test : No randomization Stack randomization test (SEGMEXEC) : No randomization Stack randomization test (PAGEEXEC) : No randomization Arg/env randomization test (SEGMEXEC) : No randomization Arg/env randomization test (PAGEEXEC) : No randomization Randomization under memory exhaustion @~0 : No randomization Randomization under memory exhaustion @0 : No randomization Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@:~/paxtest-0.9.14-freebsd # ################################################### FreeBSD-11.0-RC3-amd64-dvd1.txt root@:~/paxtest-0.9.14-freebsd # uname -mrs FreeBSD 11.0-RC3 amd64 root@:~/paxtest-0.9.14-freebsd # ./paxtest blackhat PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Mode : blackhat Uname : FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512 : Thu Jul 10 23:44:39 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Compiler : gcc version 4.2.1 20070831 patched [FreeBSD] Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : No randomization Heap randomization test (ET_EXEC) : No randomization Heap randomization test (PIE) : No randomization Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : No randomization Shared library randomization test : No randomization VDSO randomization test : No randomization Stack randomization test (SEGMEXEC) : No randomization Stack randomization test (PAGEEXEC) : No randomization Arg/env randomization test (SEGMEXEC) : No randomization Arg/env randomization test (PAGEEXEC) : No randomization Randomization under memory exhaustion @~0 : No randomization Randomization under memory exhaustion @0 : No randomization Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@:~/paxtest-0.9.14-freebsd # ################################################### FreeBSD-9.3-RELEASE-amd64-dvd1.txt root@:~/paxtest-0.9.14-freebsd # uname -mrs FreeBSD 9.3-RELEASE amd64 root@:~/paxtest-0.9.14-freebsd # make -f Makefile.FreeBSD ... root@:~/paxtest-0.9.14-freebsd # ./paxtest blackhat PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Mode : blackhat Uname : FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512 : Thu Jul 10 23:44:39 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Compiler : gcc version 4.2.1 20070831 patched [FreeBSD] Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : No randomization Heap randomization test (ET_EXEC) : No randomization Heap randomization test (PIE) : No randomization Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : No randomization Shared library randomization test : No randomization VDSO randomization test : No randomization Stack randomization test (SEGMEXEC) : No randomization Stack randomization test (PAGEEXEC) : No randomization Arg/env randomization test (SEGMEXEC) : No randomization Arg/env randomization test (PAGEEXEC) : No randomization Randomization under memory exhaustion @~0 : No randomization Randomization under memory exhaustion @0 : No randomization Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@:~/paxtest-0.9.14-freebsd # ################################################### HardenedBSD-11-STABLE-v46.5-amd64-disc1.txt root@:~/paxtest-0.9.14-freebsd # uname -mrs FreeBSD 11.0-PRERELEASE-HBSD amd64 # warning : the randvdso test may be invalid, try to retest with the security.bsd.unprivileged_proc_debug=1 sysctl setting root@:~/paxtest-0.9.14-freebsd # sysctl security.bsd.unprivileged_proc_debug security.bsd.unprivileged_proc_debug : 0 root@:~/paxtest-0.9.14-freebsd # sysctl security.bsd.unprivileged_proc_debug=1 security.bsd.unprivileged_proc_debug : 0 -> 1 root@:~/paxtest-0.9.14-freebsd # sysctl security.bsd.unprivileged_proc_debug security.bsd.unprivileged_proc_debug : 1 root@:~/paxtest-0.9.14-freebsd # ./paxtest blackhat PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Writing output to paxtest.log It may take a while for the tests to complete Test results: PaXtest Copyright(c) 2003-2014 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Copyright(c) 2015 by Oliver Pinter <o...@hardenedbsd.org> Released under the GNU Public Licence version 2 or later Mode : blackhat Uname : FreeBSD 9.3-RELEASE FreeBSD 9.3-RELEASE #0 r268512 : Thu Jul 10 23:44:39 UTC 2014 r...@snap.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 Compiler : gcc version 4.2.1 20070831 patched [FreeBSD] Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Killed Executable bss (mprotect) : Killed Executable data (mprotect) : Killed Executable heap (mprotect) : Killed Executable stack (mprotect) : Killed Executable shared library bss (mprotect) : Killed Executable shared library data (mprotect) : Killed Writable text segments : Vulnerable Anonymous mapping randomization test : 30 quality bits (guessed) Heap randomization test (ET_EXEC) : 21 quality bits (guessed) Heap randomization test (PIE) : 22 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 30 quality bits (guessed) Shared library randomization test : 30 quality bits (guessed) VDSO randomization test : 28 quality bits (guessed) Stack randomization test (SEGMEXEC) : 41 quality bits (guessed) Stack randomization test (PAGEEXEC) : 41 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 42 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 42 quality bits (guessed) Randomization under memory exhaustion @~0 : 30 bits (guessed) Randomization under memory exhaustion @0 : 30 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@:~/paxtest-0.9.14-freebsd # ################################################### install60.txt # uname -mrs OpenBSD 6.0 amd64 # gmake -f Makefile.OpenBSD ... # ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest[70] : ./gcc : not found Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Executable stack (mprotect) : Killed Anonymous mapping randomization test : 33 quality bits (guessed) Heap randomization test (ET_EXEC) : 38 quality bits (guessed) Main executable randomization (ET_EXEC) : 25 quality bits (guessed) Shared library randomization test : 33 quality bits (guessed) Stack randomization test (SEGMEXEC) : 14 quality bits (guessed) Stack randomization test (PAGEEXEC) : 14 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 14 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 14 quality bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, PIE) : Vulnerable Executable shared library bss : Killed Executable shared library data : Killed Writable text segments : Killed # ################################################### linuxmint-18-cinnamon-64bit.txt a paxtest-0.9.15 # uname -mrs Linux 4.4.0-21-generic x86_64 a paxtest-0.9.15 # lsb_release -a No LSB modules are available. Distributor ID: LinuxMint Description: Linux Mint 18 Sarah Release: 18 Codename: sarah a paxtest-0.9.15 # make -f Makefile.psm THEARCH=-m64 ... a paxtest-0.9.15 # ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : 69 : ./paxtest : ./gcc : not found Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 29 bits (guessed) Randomization under memory exhaustion @0 : 28 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable a paxtest-0.9.15 # ################################################### openSUSE-Leap-42.1-DVD-x86_64.txt linux-oxsg:~/paxtest-0.9.15 # uname -mrs Linux 4.1.12-1-default x86_64 linux-oxsg:~/paxtest-0.9.15 # lsb_release -a LSB Version: n/a Distributor ID: SUSE LINUX Description: openSUSE Leap 42.1 (x86_64) Release: 42.1 Codename: n/a linux-oxsg:~/paxtest-0.9.15 # make -f Makefile.psm THEARCH=-m64 ... linux-oxsg:~/paxtest-0.9.15 # ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : line 69 : ./gcc : No such file or directory Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 29 bits (guessed) Randomization under memory exhaustion @0 : 28 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable linux-oxsg:~/paxtest-0.9.15 # ################################################### SLE-12-SP1-Server-DVD-x86_64-GM-DVD1.txt linux-31ki:~/paxtest-0.9.15 # uname -mrs Linux 3.12.49-11-default x86_64 linux-31ki:~/paxtest-0.9.15 # lsb_release -a LSB Version: n/a Distributor ID: SUSE LINUX Description: SUSE Linux Enterprise Server 12 SP1 Release: 12.1 Codename: n/a linux-31ki:~/paxtest-0.9.15 # make -f Makefile.psm THEARCH=-m64 ... linux-31ki:~/paxtest-0.9.15 # ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : line 69 : ./gcc : No such file or directory Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : No randomization Randomization under memory exhaustion @~0 : 28 bits (guessed) Randomization under memory exhaustion @0 : 28 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable linux-31ki:~/paxtest-0.9.15 # ################################################### ubuntu-16.04.1-desktop-amd64.txt root@a:~/paxtest-0.9.15# uname -mrs Linux 4.4.0-31-generic x86_64 root@a:~/paxtest-0.9.15# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial root@a:~/paxtest-0.9.15# make -f Makefile.psm THEARCH=-m64 ... root@a:~/paxtest-0.9.15# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : 69 : ./paxtest : ./gcc : not found Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 28 bits (guessed) Randomization under memory exhaustion @0 : 28 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@a:~/paxtest-0.9.15# ################################################### ubuntu-16.04.1-server-amd64.txt root@a:~/paxtest-0.9.15# uname -mrs Linux 4.4.0-31-generic x86_64 root@a:~/paxtest-0.9.15# lsb_release -a No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 16.04.1 LTS Release: 16.04 Codename: xenial root@a:~/paxtest-0.9.15# make -f Makefile.psm THEARCH=-m64 ... root@a:~/paxtest-0.9.15# ./paxtest blackhat PaXtest - Copyright(c) 2003-2016 by Peter Busser <pe...@adamantix.org> and Brad Spengler <spen...@grsecurity.net> Released under the GNU Public Licence version 2 or later Writing output to /root/paxtest.log It may take a while for the tests to complete Test results: ./paxtest : 69 : ./paxtest : ./gcc : not found Executable anonymous mapping : Killed Executable bss : Killed Executable data : Killed Executable heap : Killed Executable stack : Killed Executable shared library bss : Killed Executable shared library data : Killed Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable stack (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Writable text segments : Vulnerable Anonymous mapping randomization test : 28 quality bits (guessed) Heap randomization test (ET_EXEC) : 13 quality bits (guessed) Heap randomization test (PIE) : 28 quality bits (guessed) Main executable randomization (ET_EXEC) : No randomization Main executable randomization (PIE) : 28 quality bits (guessed) Shared library randomization test : 28 quality bits (guessed) VDSO randomization test : 20 quality bits (guessed) Stack randomization test (SEGMEXEC) : 30 quality bits (guessed) Stack randomization test (PAGEEXEC) : 30 quality bits (guessed) Arg/env randomization test (SEGMEXEC) : 22 quality bits (guessed) Arg/env randomization test (PAGEEXEC) : 22 quality bits (guessed) Offset to library randomisation (ET_EXEC) : 28 quality bits (guessed) Offset to library randomisation (ET_DYN) : 28 quality bits (guessed) Randomization under memory exhaustion @~0 : 29 bits (guessed) Randomization under memory exhaustion @0 : 29 bits (guessed) Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy, PIE) : Vulnerable root@a:~/paxtest-0.9.15# ############################################################################################## After a "ln -s G /etc/malloc.conf; reboot" the outputs are the same on OpenBSD. Any hints how can I/we remove the vulnerables for the default install in OpenBSD? Or how to config/fix them after install? : install60.iso Executable anonymous mapping (mprotect) : Vulnerable Executable bss (mprotect) : Vulnerable Executable data (mprotect) : Vulnerable Executable heap (mprotect) : Vulnerable Executable shared library bss (mprotect) : Vulnerable Executable shared library data (mprotect) : Vulnerable Return to function (strcpy) : paxtest : return address contains a NULL byte. Return to function (strcpy, PIE) : paxtest : return address contains a NULL byte. Return to function (memcpy) : Vulnerable Return to function (memcpy, PIE) : Vulnerable Hopefully the test shows the reality. If anybody reads this, don't forget: http://www.openbsdfoundation.org/ Many Thanks! Great work!
