summaryrefslogtreecommitdiffstats
path: root/wiki/src/blueprint/kernel_hardening.mdwn
blob: 01ae0be2a8e8ace9c473c933403293d5f4619fee (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
[[!meta title="Linux kernel hardening"]]

* Corresponding ticket: [[!tails_ticket 7649]]

The GNU/Linux kernel is currently a stock Debian GNU/Linux kernel. Using the paxtest tool, we can test techniques for exploitation. The default kernel without grsec is less than secure but we should never do worse than what is currently documented on this page. With each release of Tails, we should update this page.


    The Amnesic Incognito Live System

    Build information:
    1.0 - 20140427
    2cb0ccacbf3cffde533cb09699b6b8e916b89c2d
    live-build: 2.0.12-2
    live-boot: 3.0.1-1
    live-config: 3.0.23-1

    uname -a;paxtest kiddie
    Linux amnesia 3.12-1-amd64 #1 SMP Debian 3.12.9-1 (2014-02-01) x86_64 GNU/Linux
    PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
    Released under the GNU Public Licence version 2 or later

    Writing output to paxtest.log
    It may take a while for the tests to complete
    Test results:
    PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
    Released under the GNU Public Licence version 2 or later

    Mode: kiddie
    Linux amnesia 3.12-1-amd64 #1 SMP Debian 3.12.9-1 (2014-02-01) x86_64 GNU/Linux

    Executable anonymous mapping             : Killed
    Executable bss                           : Killed
    Executable data                          : Killed
    Executable heap                          : Killed
    Executable stack                         : Killed
    Executable anonymous mapping (mprotect)  : Vulnerable
    Executable bss (mprotect)                : Vulnerable
    Executable data (mprotect)               : Vulnerable
    Executable heap (mprotect)               : Vulnerable
    Executable shared library bss (mprotect) : Vulnerable
    Executable shared library data (mprotect): Vulnerable
    Executable stack (mprotect)              : Vulnerable
    Anonymous mapping randomisation test     : 9 bits (guessed)
    Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
    Heap randomisation test (ET_DYN)         : 16 bits (guessed)
    Main executable randomisation (ET_EXEC)  : 10 bits (guessed)
    Main executable randomisation (ET_DYN)   : 10 bits (guessed)
    Shared library randomisation test        : 10 bits (guessed)
    Stack randomisation test (SEGMEXEC)      : 19 bits (guessed)
    Stack randomisation test (PAGEEXEC)      : 19 bits (guessed)
    Return to function (strcpy)              : Vulnerable
    Return to function (strcpy, RANDEXEC)    : Vulnerable
    Return to function (memcpy)              : Vulnerable
    Return to function (memcpy, RANDEXEC)    : Vulnerable
    Executable shared library bss            : Killed
    Executable shared library data           : Killed
    Writable text segments                   : Vulnerable

    amnesia@amnesia:~$ uname -a;paxtest blackhat
    Linux amnesia 3.12-1-amd64 #1 SMP Debian 3.12.9-1 (2014-02-01) x86_64 GNU/Linux
    PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
    Released under the GNU Public Licence version 2 or later

    Writing output to paxtest.log
    It may take a while for the tests to complete
    Test results:
    PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
    Released under the GNU Public Licence version 2 or later

    Mode: blackhat
    Linux amnesia 3.12-1-amd64 #1 SMP Debian 3.12.9-1 (2014-02-01) x86_64 GNU/Linux

    Executable anonymous mapping             : Killed
    Executable bss                           : Killed
    Executable data                          : Killed
    Executable heap                          : Killed
    Executable stack                         : Killed
    Executable anonymous mapping (mprotect)  : Vulnerable
    Executable bss (mprotect)                : Vulnerable
    Executable data (mprotect)               : Vulnerable
    Executable heap (mprotect)               : Vulnerable
    Executable shared library bss (mprotect) : Vulnerable
    Executable shared library data (mprotect): Vulnerable
    Executable stack (mprotect)              : Vulnerable
    Anonymous mapping randomisation test     : 9 bits (guessed)
    Heap randomisation test (ET_EXEC)        : 13 bits (guessed)
    Heap randomisation test (ET_DYN)         : 16 bits (guessed)
    Main executable randomisation (ET_EXEC)  : 10 bits (guessed)
    Main executable randomisation (ET_DYN)   : 10 bits (guessed)
    Shared library randomisation test        : 10 bits (guessed)
    Stack randomisation test (SEGMEXEC)      : 20 bits (guessed)
    Stack randomisation test (PAGEEXEC)      : 19 bits (guessed)
    Return to function (strcpy)              : Vulnerable
    Return to function (strcpy, RANDEXEC)    : Vulnerable
    Return to function (memcpy)              : Vulnerable
    Return to function (memcpy, RANDEXEC)    : Vulnerable
    Executable shared library bss            : Killed
    Executable shared library data           : Killed
    Writable text segments                   : Vulnerable