./checksec.sh --proc-all
* System-wide ASLR (kernel.randomize_va_space): On (Setting: 2)
Description - Make the addresses of mmap base, heap, stack and VDSO page randomized.
This, among other things, implies that shared libraries will be loaded to random
addresses. Also for PIE-linked binaries, the location of code start is randomized.
See the kernel file 'Documentation/sysctl/kernel.txt' for more details.
* Does the CPU support NX: Yes
COMMAND PID RELRO STACK CANARY NX/PaX PIE
systemd 1 Full RELRO Canary found NX enabled PIE enabled
systemd 1022 Full RELRO Canary found NX enabled PIE enabled
(sd-pam) 1023 Full RELRO Canary found NX enabled PIE enabled
telepathy-gabbl 10489 Partial RELRO Canary found NX enabled No PIE
telepathy-logge 10490 Partial RELRO Canary found NX enabled No PIE
upowerd 1053 Full RELRO Canary found NX enabled PIE enabled
colord 1072 Full RELRO Canary found NX enabled PIE enabled
pulseaudio 1082 Full RELRO Canary found NX enabled No PIE
rtkit-daemon 1083 Partial RELRO Canary found NX enabled No PIE
packagekitd 1121 Full RELRO Canary found NX enabled PIE enabled
gdm-session-wor 1138 Partial RELRO Canary found NX enabled No PIE
systemd 1142 Full RELRO Canary found NX enabled PIE enabled
(sd-pam) 1143 Full RELRO Canary found NX enabled PIE enabled
gnome-keyring-d 1147 Partial RELRO Canary found NX enabled No PIE
gnome-session 1150 Partial RELRO Canary found NX enabled No PIE
ssh-agent 1187 Full RELRO Canary found NX enabled PIE enabled
dbus-launch 1190 Partial RELRO Canary found NX enabled No PIE
dbus-daemon 1191 Partial RELRO Canary found NX enabled No PIE
at-spi-bus-laun 1194 Full RELRO Canary found NX enabled PIE enabled
dbus-daemon 1198 Partial RELRO Canary found NX enabled No PIE
at-spi2-registr 1201 Full RELRO Canary found NX enabled PIE enabled
gnome-settings- 1210 Partial RELRO Canary found NX enabled No PIE
gvfsd 1226 Partial RELRO Canary found NX enabled No PIE
pulseaudio 1229 Full RELRO Canary found NX enabled No PIE
gvfsd-fuse 1236 Partial RELRO Canary found NX enabled No PIE
start-pulseaudi 1247 Full RELRO Canary found NX enabled PIE enabled
xprop 1248 Partial RELRO Canary found NX enabled No PIE
gnome-shell 1250 Partial RELRO Canary found NX enabled No PIE
gsd-printer 1256 Partial RELRO Canary found NX enabled No PIE
empathy 12621 Partial RELRO Canary found NX enabled No PIE
evolution-addre 12632 Full RELRO Canary found NX enabled PIE enabled
gnome-shell-cal 1266 Partial RELRO Canary found NX enabled No PIE
mission-control 1275 Partial RELRO Canary found NX enabled No PIE
caribou 1279 Partial RELRO Canary found NX enabled No PIE
evolution-sourc 1283 Full RELRO Canary found NX enabled PIE enabled
goa-daemon 1291 Partial RELRO Canary found NX enabled No PIE
gvfs-udisks2-vo 1295 Partial RELRO Canary found NX enabled No PIE
udisksd 1298 Partial RELRO Canary found NX enabled No PIE
gvfs-goa-volume 1308 Partial RELRO Canary found NX enabled No PIE
gvfs-gphoto2-vo 1316 Partial RELRO Canary found NX enabled No PIE
gvfs-afc-volume 1320 Partial RELRO Canary found NX enabled No PIE
gvfs-mtp-volume 1325 Partial RELRO Canary found NX enabled No PIE
zeitgeist-datah 1329 Partial RELRO No canary found NX enabled No PIE
nm-applet 1331 Partial RELRO Canary found NX enabled No PIE
zeitgeist-daemo 1335 Partial RELRO No canary found NX enabled No PIE
applet.py 1336 Partial RELRO Canary found NX enabled No PIE
evolution-calen 1341 Full RELRO Canary found NX enabled PIE enabled
tracker-extract 1345 Partial RELRO Canary found NX enabled No PIE
tracker-store 1348 Partial RELRO Canary found NX enabled No PIE
tracker-miner-a 1356 Partial RELRO Canary found NX enabled No PIE
gconfd-2 1358 Partial RELRO Canary found NX enabled No PIE
tracker-miner-u 1359 Partial RELRO Canary found NX enabled No PIE
tracker-miner-f 1360 Partial RELRO Canary found NX enabled No PIE
evolution-alarm 1361 Full RELRO Canary found NX enabled PIE enabled
zeitgeist-fts 1366 Partial RELRO Canary found NX enabled No PIE
cat 1380 Partial RELRO Canary found NX enabled No PIE
gvfsd-metadata 1402 Partial RELRO Canary found NX enabled No PIE
gvfsd-burn 1545 Partial RELRO Canary found NX enabled No PIE
dconf-service 1554 Partial RELRO Canary found NX enabled No PIE
systemd-journal 158 Full RELRO Canary found NX enabled PIE enabled
iceweasel 1583 No RELRO Canary found NX enabled PIE enabled
gnome-terminal- 16170 Partial RELRO Canary found NX enabled No PIE
gnome-pty-helpe 16173 Partial RELRO Canary found NX enabled No PIE
bash 16174 Partial RELRO Canary found NX enabled No PIE
su 16848 Full RELRO Canary found NX enabled PIE enabled
bash 16849 Partial RELRO Canary found NX enabled No PIE
systemd-udevd 174 Full RELRO Canary found NX enabled PIE enabled
gvfsd-http 3471 Partial RELRO Canary found NX enabled No PIE
gvfsd-trash 3597 Partial RELRO Canary found NX enabled No PIE
rpcbind 493 Partial RELRO Canary found NX enabled No PIE
rpc.statd 502 No RELRO No canary found NX enabled No PIE
rpc.idmapd 516 No RELRO No canary found NX enabled No PIE
accounts-daemon 601 Partial RELRO Canary found NX enabled No PIE
cron 602 Partial RELRO Canary found NX enabled No PIE
atd 603 Full RELRO Canary found NX enabled PIE enabled
ModemManager 606 Partial RELRO Canary found NX enabled No PIE
NetworkManager 609 Partial RELRO Canary found NX enabled No PIE
systemd-logind 611 Full RELRO Canary found NX enabled PIE enabled
avahi-daemon 613 Partial RELRO Canary found NX enabled No PIE
dbus-daemon 614 Partial RELRO Canary found NX enabled No PIE
minissdpd 625 Full RELRO Canary found NX enabled PIE enabled
avahi-daemon 628 Partial RELRO Canary found NX enabled No PIE
rsyslogd 631 Partial RELRO Canary found NX enabled No PIE
cupsd 632 Full RELRO Canary found NX enabled PIE enabled
cups-browsed 633 Partial RELRO Canary found NX enabled No PIE
polkitd 641 Partial RELRO Canary found NX enabled No PIE
agetty 647 Partial RELRO Canary found NX enabled No PIE
gdm3 659 Partial RELRO Canary found NX enabled No PIE
Xorg 671 Partial RELRO Canary found NX enabled PIE enabled
wpa_supplicant 726 Full RELRO Canary found NX enabled PIE enabled
exim4 934 Full RELRO Canary found NX enabled PIE enabled
dhclient 942 Full RELRO Canary found NX enabled PIE enabled
./paxtest kiddie >> ../BezpieczenstwoDebiana.log
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: kiddie
Linux debian 3.16-3-amd64 #1 SMP Debian 3.16.5-1 (2014-10-10) x86_64 GNU/Linux
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomisation test : 28 bits (guessed)
Heap randomisation test (ET_EXEC) : 14 bits (guessed)
Heap randomisation test (PIE) : 28 bits (guessed)
Main executable randomisation (ET_EXEC) : 29 bits (guessed)
Main executable randomisation (PIE) : 28 bits (guessed)
Shared library randomisation test : 28 bits (guessed)
Stack randomisation test (SEGMEXEC) : 28 bits (guessed)
Stack randomisation test (PAGEEXEC) : 28 bits (guessed)
Arg/env randomisation test (SEGMEXEC) : 20 bits (guessed)
Arg/env randomisation test (PAGEEXEC) : 20 bits (guessed)
Randomization under memory exhaustion @~0: 28 bits (guessed)
Randomization under memory exhaustion @0 : 28 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) :
./paxtest blackhat >> ../BezpieczenstwoDebiana.log
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Writing output to paxtest.log
It may take a while for the tests to complete
Test results:
PaXtest - Copyright(c) 2003,2004 by Peter Busser <peter@adamantix.org>
Released under the GNU Public Licence version 2 or later
Mode: blackhat
Linux debian 3.16-3-amd64 #1 SMP Debian 3.16.5-1 (2014-10-10) x86_64 GNU/Linux
Executable anonymous mapping : Killed
Executable bss : Killed
Executable data : Killed
Executable heap : Killed
Executable stack : Killed
Executable shared library bss : Killed
Executable shared library data : Killed
Executable anonymous mapping (mprotect) : Vulnerable
Executable bss (mprotect) : Vulnerable
Executable data (mprotect) : Vulnerable
Executable heap (mprotect) : Vulnerable
Executable stack (mprotect) : Vulnerable
Executable shared library bss (mprotect) : Vulnerable
Executable shared library data (mprotect): Vulnerable
Writable text segments : Vulnerable
Anonymous mapping randomisation test : 28 bits (guessed)
Heap randomisation test (ET_EXEC) : 14 bits (guessed)
Heap randomisation test (PIE) : 28 bits (guessed)
Main executable randomisation (ET_EXEC) : 28 bits (guessed)
Main executable randomisation (PIE) : 28 bits (guessed)
Shared library randomisation test : 28 bits (guessed)
Stack randomisation test (SEGMEXEC) : 28 bits (guessed)
Stack randomisation test (PAGEEXEC) : 28 bits (guessed)
Arg/env randomisation test (SEGMEXEC) : 20 bits (guessed)
Arg/env randomisation test (PAGEEXEC) : 20 bits (guessed)
Randomization under memory exhaustion @~0: 28 bits (guessed)
Randomization under memory exhaustion @0 : 29 bits (guessed)
Return to function (strcpy) : paxtest: return address contains a NULL byte.
Return to function (memcpy) : Killed
Return to function (strcpy, PIE) : paxtest: return address contains a NULL byte.
Return to function (memcpy, PIE) : Killed
Pobierz program!
