Light

smeso / sara-test Goto Github PK

View Code? Open in Web Editor NEW

2.0 5.0 1.0 69 KB

S.A.R.A.'s test suite

License: GNU General Public License v3.0

Makefile 15.82% C 75.85% Roff 6.86% Shell 1.46%

sara regression-testing

sara-test's Introduction

sara-test

sara-test is a test suite for S.A.R.A. LSM.

To install it run:

make

sudo make install

To uninstall it run:

sudo make uninstall

To use it without installing it, put the following lines in your sara wxprot config file:

SOURCE_PATH/bin/* mprotect,verbose
SOURCE_PATH/bin/procattr mmap,other,complain,verbose
SOURCE_PATH/bin/fake_tramp mprotect,emutramp_or_mprotect,verbose
SOURCE_PATH/bin/trampoline* mprotect,emutramp_or_mprotect,verbose

and then run:: EXTRA_BINS_PATH="." make && cd bin && ./sara-test

Please note that, due to the need to create GCC trampolines, sara-test must be compiled using GCC.

You can find more information on S.A.R.A. at <https://smeso.it/sara>

sara-test's People

Contributors

Stargazers

Watchers

Forkers

am97

sara-test's Issues

fake_trampolines test ERROR

$ sara-test
These tests should pass even with SARA disabled:
              wx_mappings:      OK
             nx_shellcode:      OK
     fake_trampoline_heap:      OK

These tests should pass with SARA fully enabled:
             anon_mmap_wx:      OK
             file_mmap_wx:      OK
     gnu_executable_stack:      OK
            heap_mprotect:      OK
           stack_mprotect:      OK
       anon_mmap_mprotect:      OK
       file_mmap_mprotect:      OK
            text_mprotect:      OK
             bss_mprotect:      OK
            data_mprotect:      OK
                mmap_exec:      OK
                 transfer:      OK
 gcc_trampolines_working1:      OK
 gcc_trampolines_working2:      OK
         fake_trampolines:      ERROR

Tests for procattr interface:
         correct_settings:      OK
         verbosity_change:      OK
          complain_change:      OK
     full_change_no_force:      OK
              force_wxorx:      OK

kernel: SARA: WXP: '/usr/bin/sara-test' run with flags '0x2f'.
kernel: sara-test[25111]: segfault at 7f78bea05e00 ip 00007f78bea05e00 sp 00007f78bea05de8 error 15
systemd[1]: Started Process Core Dump (PID 25112/UID 0).
kernel: SARA: WXP: '/usr/lib/sara-test/fake_tramp' run with flags '0x12f'.
kernel: fake_tramp[25116]: segfault at d36ce964b20 ip 00000d36ce964b20 sp 00007d97fca2e698 error 15
systemd[1]: Started Process Core Dump (PID 25117/UID 0).
systemd-coredump[25113]: Process 25111 (sara-test) of user 1000 dumped core.
                                                
                                                Stack trace of thread 25111:
                                                #0  0x00007f78bea05e00 n/a (n/a)
kernel: pr_wxp: 2 callbacks suppressed
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25124).
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25125).
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline_exstack' run with flags '0x12f'.
kernel: SARA: WXP: W^X in '/usr/lib/sara-test/trampoline_exstack' (25127).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25128).
kernel: SARA: WXP: mprotect on stack in '/usr/bin/sara-test' (25129).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25130).
kernel: SARA: WXP: mprotect on file mmap in '/usr/bin/sara-test' (25131).
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25132).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25133).
kernel: SARA: WXP: mprotect on file mmap in '/usr/bin/sara-test' (25134).
kernel: SARA: WXP: '/usr/lib/sara-test/transfer' run with flags '0x2f'.
kernel: SARA: WXP: '/usr/lib/sara-test//transfer' run with flags '0x22f'.
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline' run with flags '0x12f'.
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline_nopie' run with flags '0x12f'.
kernel: SARA: WXP: '/usr/lib/sara-test/fake_tramp' run with flags '0x12f'.
kernel: fake_tramp[25142]: segfault at 7957e800 ip 000000007957e800 sp 00007f4f8ca19ce8 error 14 in fake_tramp[f017957e000+1000]
systemd[1]: Started Process Core Dump (PID 25143/UID 0).
systemd-coredump[25118]: Process 25116 (fake_tramp) of user 1000 dumped core.
                                                
                                                Stack trace of thread 25116:
                                                #0  0x00000d36ce964b20 n/a (n/a)
kernel: SARA: WXP: '/usr/lib/sara-test/procattr' run with flags '0x7c'.
systemd-coredump[25144]: Process 25142 (fake_tramp) of user 1000 dumped core.
                                                
                                                Stack trace of thread 25142:
                                                #0  0x000000007957e800 n/a (n/a)

Unexpected test results in newer kernels

Hello, I just compiled sara-test on x86_64 Fedora 38 with Linux 6.5.8 / GCC 13.2.1, and I got unexpected results. As suggested by the man page, I'm opening an issue. I'm using the default Fedora kernel without modifications. Here are the results:

These tests should pass even with SARA disabled:
              wx_mappings:	OK
             nx_shellcode:	OK
     fake_trampoline_heap:	VULNERABLE
 gcc_trampolines_working1:	ERROR
 gcc_trampolines_working2:	ERROR
        shm_mode_mprotect:	OK

These tests should pass with SARA fully enabled:
             anon_mmap_wx:	VULNERABLE
             file_mmap_wx:	VULNERABLE
     gnu_executable_stack:	OK
            heap_mprotect:	OK
           stack_mprotect:	VULNERABLE
       anon_mmap_mprotect:	VULNERABLE
       file_mmap_mprotect:	VULNERABLE
                shm_wxorx:	VULNERABLE
      shm_permissive_mode:	VULNERABLE
         shm_mode_change1:	VULNERABLE
         shm_mode_change2:	VULNERABLE
            text_mprotect:	VULNERABLE
             bss_mprotect:	VULNERABLE
            data_mprotect:	VULNERABLE
                mmap_exec:	VULNERABLE
           proc_mem_write:	VULNERABLE
                 transfer:	OK
         fake_trampolines:	OK

Tests for procattr interface:

I guess the OK in the second section come from KSPP hardenings, but why are there failures in the first section ? At first, I thought it could come from SELinux, so I tested again on a Debian 12 VM with Linux 6.1.0, but got the same result. There is also a segfault in the system logs:

Nov 02 18:15:47 debian kernel: sara-test[3763]: segfault at 7ffe068863e0 ip 00007ffe068863e0 sp 00007ffe068863c8 error 15 likely on CPU 2 (core 1, socket 0)
Nov 02 18:15:47 debian kernel: Code: 00 00 78 65 88 06 fe 7f 00 00 90 fc 1c e3 b7 55 00 00 e0 c7 1c e3 b7 55 00 00 30 00 00 00 00 00 00 00 60 67 ab fd a3 7f 00 00 <55> 48 89 e5 c7 45 fc 06 00 00 00 90 5d c3 66 90 48 83 ec 08 48 63

By the way, are there still hopes of SARA (or at least WX Protection) being merged in the kernel ?

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble