3.7 paxtest命令

https://scz.617.cn/unix/201204281116.txt

A:

paxtest试图检查当前系统的DEP、ASLR设置。我这个版本的paxtest有两种模式，
kiddie和blackhat，我没看出来有什么区别。

# paxtest blackhat
Writing output to paxtest.log
Mode: blackhat
Linux debian 2.6.18-4-686 #1 SMP Wed May 9 23:03:12 UTC 2007 i686 GNU/Linux

Executable anonymous mapping             : Vulnerable
Executable bss                           : Vulnerable
Executable data                          : Vulnerable
Executable heap                          : Vulnerable
Executable stack                         : Vulnerable
Executable anonymous mapping (mprotect)  : Vulnerable
Executable bss (mprotect)                : Vulnerable
Executable data (mprotect)               : Vulnerable
Executable heap (mprotect)               : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Executable stack (mprotect)              : Vulnerable
Anonymous mapping randomisation test     : 9 bits (guessed)
Heap randomisation test (ET_EXEC)        : No randomisation
Heap randomisation test (ET_DYN)         : No randomisation
Main executable randomisation (ET_EXEC)  : 10 bits (guessed)
Main executable randomisation (ET_DYN)   : 10 bits (guessed)
Shared library randomisation test        : 10 bits (guessed)
Stack randomisation test (SEGMEXEC)      : 19 bits (guessed)
Stack randomisation test (PAGEEXEC)      : 19 bits (guessed)
Return to function (strcpy)              : Vulnerable
Return to function (strcpy, RANDEXEC)    : Vulnerable
Return to function (memcpy)              : Vulnerable
Return to function (memcpy, RANDEXEC)    : Vulnerable
Executable shared library bss            : Vulnerable
Executable shared library data           : Killed
Writable text segments                   : Vulnerable

"Executable ..."测试，将一条指令放在相应内存，并试图执行它。

"... (mprotect)"测试，调用mprotect()将相应内存设置为可执行，再尝试执行。

"Return to function ..."测试，覆盖位于栈上的RetAddr。

"Writable text segments"测试，覆盖本来就标识为可执行的内存。

执行结果中出现下列内容时，表明当前系统未就缓冲区溢出进行过加固:

Vulnerable
No randomisation
6 bits