kernel-test-security multiple errors on backported Natty kernel
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-lts-backport-natty (Ubuntu) |
Fix Released
|
Undecided
|
Kees Cook |
Bug Description
Running linux-image-
Running test: './test-
Build helper tools ... (4.4.3 (Ubuntu 4.4.3-4ubuntu5)) ok
/proc/$pid/maps is correctly protected ... ok
ASLR enabled ... ok
ASLR of stack ... ok
ASLR of libs ... ok
ASLR of mmap ... ok
ASLR of text ... ok
ASLR of vdso ... ok
ASLR of brk ... ok
Low memory allocation respects mmap_min_addr ... (65536) ok
AppArmor loaded ... ok
PR_SET_SECCOMP works ... ok
/dev/kmem not available ... ok
SYN cookies is enabled ... ok
init's CAPABILITY list is clean ... ok
init missing READ_IMPLIES_EXEC ... (/proc/
NX bit is working ... ok
Userspace stack guard page exists (CVE-2010-2240) ... ok
CONFIG_COMPAT_BRK disabled ... ok
CONFIG_DEVKMEM disabled ... ok
CONFIG_SECURITY enabled ... ok
CONFIG_
CONFIG_SYN_COOKIES enabled ... ok
CONFIG_SECCOMP enabled ... ok
CONFIG_COMPAT_VDSO disabled ... ok
CONFIG_DEBUG_RODATA enabled ... ok
CONFIG_
CONFIG_
CONFIG_
/dev/mem unreadable for kernel memory ... (using 0x1a239f0L) (exit code 0) ok
CONFIG_
CONFIG_
CONFIG_
CONFIG_
Kernel stack guard ... ok
Sysctl to disable module loading exists ... ok
Symlinks not followable across differing uids in sticky directories ... (skipped: only Maverick and later) FAIL
Hardlink disallowed for unreadable/
ptrace allowed only on children or declared processes ... (skipped: only Maverick and later) (timeout) FAIL
ptrace from thread on tracee that used prctl(PR_
ptrace of child works from parent threads (LP: #737676) ... (skipped: only Maverick and later) ok
prctl(PR_
rare network modules do not autoload ... (skipped: only Natty and later) ok
/proc/sys/
kernel addresses in kallsyms and modules are zeroed out ... (skipped: only Natty and later) FAIL
kernel addresses in /boot are not world readable ... (skipped: only Natty and later) FAIL
sensitive files in /proc are not world readable ... (skipped: only Natty and later) ok
/sys/kernel/
=======
FAIL: CONFIG_
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: True != False
=======
FAIL: CONFIG_
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: False != True
=======
FAIL: Symlinks not followable across differing uids in sticky directories
-------
Traceback (most recent call last):
File "./test-
self.
File "./test-
self.
File "/home/
self.
AssertionError: Got exit code 1. Looking for exact text "sekrit
" (sudo -u tXdQQSYc cat /tmp/symlinks-
Command: 'sudo', '-u', 'tXdQQSYc', 'cat', '/tmp/symlinks-
Output:
cat: /tmp/symlinks-
=======
FAIL: Hardlink disallowed for unreadable/
-------
Traceback (most recent call last):
File "./test-
self.
File "/home/
self.
AssertionError: Got exit code 1, expected 0
Command: 'sudo', '-u', 'ubuntu', 'ln', '/tmp/secret-
Output:
ln: creating hard link `/tmp/hardlinks
=======
FAIL: ptrace allowed only on children or declared processes
-------
Traceback (most recent call last):
File "./test-
shelltimeou
File "/home/
result = self.function(
File "/home/
self.
AssertionError: Got exit code 0, expected 1
Command: 'sudo', '-u', 'ubuntu', './ptrace-
Output:
+ set -e
+ '[' -w /etc/passwd ']'
+ export LANG=C
+ LANG=C
+ rc=0
++ gdb -ex start -ex quit --batch ./sleeper
+ OUT='Temporary breakpoint 1 at 0x400653: file sleeper.c, line 28.
Temporary breakpoint 1, main (argc=1, argv=0x7fffffff
28 if (argc<3) {
A debugging session is active.
Inferior 1 [process 17652] will be killed.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo 'Temporary breakpoint 1 at 0x400653: file sleeper.c, line 28.
Temporary breakpoint 1, main (argc=1, argv=0x7fffffff
28 if (argc<3) {
A debugging session is active.
Inferior 1 [process 17652] will be killed.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: children correctly PTRACEable'
ok: children correctly PTRACEable
+ pid=17657
+ sleep 120
++ gdb -ex 'attach 17657' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: cousins correctly unPTRACEable'
ok: cousins correctly unPTRACEable
+ ls -la /proc/17657/exe
+ echo 'ok: cousins correctly visible in /proc'
ok: cousins correctly visible in /proc
++ gdb -ex 'attach 1' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: init correctly unPTRACEable'
ok: init correctly unPTRACEable
+ ls -la /proc/1/exe
+ echo 'ok: init correctly invisible in /proc'
ok: init correctly invisible in /proc
+ disown 17657
+ kill 17657
+ pid=17670
+ ./sleeper 0 120
++ gdb -ex 'attach 17670' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: prctl(PR_
ok: prctl(PR_
+ disown 17670
+ kill 17670
+ ./sleeper 17648 120
+ pid=17676
++ gdb -ex 'attach 17676' -ex quit --batch
+ OUT='0x00007fbc
A debugging session is active.
Inferior 1 [process 17676] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo '0x00007fbce5a34380 in nanosleep () from /lib/libc.so.6
A debugging session is active.
Inferior 1 [process 17676] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: prctl(PR_
ok: prctl(PR_
+ disown 17676
+ kill 17676
+ pid=17684
+ ./sleeper 1 120
++ gdb -ex 'attach 17684' -ex quit --batch
+ OUT='0x00007fbd
A debugging session is active.
Inferior 1 [process 17684] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo '0x00007fbdc6dc1380 in nanosleep () from /lib/libc.so.6
A debugging session is active.
Inferior 1 [process 17684] will be detached.
Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: prctl(PR_
ok: prctl(PR_
+ disown 17684
+ kill 17684
+ exit 0
=======
FAIL: /proc/sys/
-------
Traceback (most recent call last):
File "./test-
self.
File "/home/
self.
AssertionError: /proc/sys/
=======
FAIL: kernel addresses in kallsyms and modules are zeroed out
-------
Traceback (most recent call last):
File "./test-
self.
File "./test-
expected)
File "./test-
self.
AssertionError: /proc/kallsyms: user saw 0000000000000000
=======
FAIL: kernel addresses in /boot are not world readable
-------
Traceback (most recent call last):
File "./test-
self.
AssertionError: /boot/System.
-------
Ran 48 tests in 12.090s
FAILED (failures=8)
ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: linux-image-
ProcVersionSign
Uname: Linux 2.6.38-10-server x86_64
Architecture: amd64
Date: Thu Jul 14 19:59:41 2011
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1)
ProcEnviron:
LC_TIME=en_DK.utf8
LANG=en_US
SHELL=/bin/bash
SourcePackage: linux-lts-
summary: |
- kernel-test-security multiple errors on backported Maverick kernel + kernel-test-security multiple errors on backported Natty kernel |
description: | updated |
qrt rev 1347 should now have this fixed by splitting the version logic into "Kernel" and "Release" checks. Some features are tied to the kernel version, and some are tied to the userspace Ubuntu release version.