Running test: './test-kernel-security.py' distro: 'Ubuntu 10.10' kernel: '2.6.35-903.27 (Ubuntu 2.6.35-903.27-omap4 2.6.35.3)' arch: 'armel' uid: 0/0 SUDO_USER: 'ubuntu') Build helper tools ... (4.4.5 (Ubuntu/Linaro 4.4.4-14ubuntu5)) ok /proc/$pid/maps is correctly protected ... ok ASLR enabled ... ok ASLR of stack ... ok ASLR of libs ... ok ASLR of mmap ... ok ASLR of text ... ok ASLR of vdso ... (skipped: only x86) ok ASLR of brk ... ok Low memory allocation respects mmap_min_addr ... (32768) ok AppArmor loaded ... ok PR_SET_SECCOMP works ... FAIL /dev/kmem not available ... ok SYN cookies is enabled ... ok init's CAPABILITY list is clean ... ok init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok NX bit is working ... ok Userspace stack guard page exists (CVE-2010-2240) ... ok CONFIG_COMPAT_BRK disabled ... ok CONFIG_DEVKMEM disabled ... ok CONFIG_SECCOMP enabled ... FAIL CONFIG_SECURITY enabled ... ok CONFIG_SECURITY_SELINUX enabled ... ok CONFIG_SYN_COOKIES enabled ... ok CONFIG_SECCOMP enabled ... (skipped: not available on ARM) ok CONFIG_COMPAT_VDSO disabled ... ok CONFIG_DEBUG_RODATA enabled ... (skipped: only x86) ok CONFIG_DEBUG_SET_MODULE_RONX enabled ... (skipped: only Natty and later) ok CONFIG_SECURITY_APPARMOR enabled ... ok CONFIG_STRICT_DEVMEM enabled ... FAIL /dev/mem unreadable for kernel memory ... (exit code 5) FAIL CONFIG_SECURITY_FILE_CAPABILITIES enabled ... (skipped: only Intrepid through Lucid) ok CONFIG_SECURITY_SMACK enabled ... ok CONFIG_DEFAULT_MMAP_MIN_ADDR ... (32768) ok CONFIG_CC_STACKPROTECTOR set ... ok Kernel stack guard ... ok Sysctl to disable module loading exists ... ok Symlinks not followable across differing uids in sticky directories ... ok Hardlink disallowed for unreadable/unwritable sources ... ok ptrace allowed only on children or declared processes ... ok ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ... FAIL ptrace of child works from parent threads (LP: #737676) ... FAIL prctl(PR_SET_PTRACER) works from threads (LP: #729839) ... FAIL rare network modules do not autoload ... (skipped: only Natty and later) ok /proc/sys/kernel/kptr_restrict is enabled ... (skipped: only Natty and later) ok kernel addresses in kallsyms and modules are zeroed out ... (skipped: only Natty and later) ok kernel addresses in /boot are not world readable ... (skipped: only Natty and later) ok sensitive files in /proc are not world readable ... (skipped: only Natty and later) ok /sys/kernel/debug/acpi/custom_method stays disabled ... ok /proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... ok seccomp_filter works ... (skipped: only x86 on 3.0 kernel and later) ok ====================================================================== FAIL: PR_SET_SECCOMP works ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 300, in test_031_seccomp self.assertShellExitEquals(expected, ["./seccomp"]) File "/home/ubuntu/qrt/qrt-test-kernel-security/testlib.py", line 923, in assertShellExitEquals self.assertEquals(expected, rc, msg + result + report) AssertionError: Got exit code 10, expected -9 Command: './seccomp' Output: prctl: Invalid argument open /dev/zero ok read /dev/zero ok open /etc/passwd ok read /etc/passwd ok continued reading /dev/zero ok continued reading /etc/passwd ok expecting SIGKILL next ... No errors after PR_SET_SECCOMP!? ====================================================================== FAIL: CONFIG_SECCOMP enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 520, in test_070_config_seccomp self.assertEqual(self._get_config('SECCOMP'), 'y') AssertionError: None != 'y' ====================================================================== FAIL: CONFIG_STRICT_DEVMEM enabled ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 639, in test_072_config_strict_devmem self.assertEqual(self._test_config('STRICT_DEVMEM'), strict) AssertionError: False != True ====================================================================== FAIL: /dev/mem unreadable for kernel memory ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 692, in test_072_strict_devmem self.assertTrue(rc in expected, 'exit code: %d (wanted %s). Output:\n%s' % (rc, ", ".join(["%d" % (x) for x in expected]), output)) AssertionError: exit code: 5 (wanted 0). Output: 0x1000 ... missing, ran off end of physical memory FAIL: scanned memory, no successful reads, but also no EPERMs ====================================================================== FAIL: ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1106, in test_093_ptrace_restriction_extras self.assertShellExitEquals(expected, ['sudo','-u',os.environ['SUDO_USER'],'./thread-prctl','2','0']) File "/home/ubuntu/qrt/qrt-test-kernel-security/testlib.py", line 923, in assertShellExitEquals self.assertEquals(expected, rc, msg + result + report) AssertionError: Got exit code 2, expected 0 Command: 'sudo', '-u', 'ubuntu', './thread-prctl', '2', '0' Output: will issue prctl from thread will issue ptrace from tracer thread master is 2724 forking tracee from master master waiting for tracer to finish tracee 2725 reading tracer pid tracee 2725 started (expecting 2726 as tracer) tracee thread starting tracee thread started tracee thread prtctl result: 0 tracee thread finishing tracee thread finished tracee triggering tracer tracer is 2726 tracer 2726 waiting tracer to PTRACE_ATTACH my tracee 2725 tracer ptrace attach has failed: Operation not permitted master waiting for tracee to finish tracee waiting for master tracee finished (stop) master saw rc 2 from tracer ====================================================================== FAIL: ptrace of child works from parent threads (LP: #737676) ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1084, in test_093_ptrace_restriction_parent_via_thread self.assertShellExitEquals(expected, ['sudo','-u',os.environ['SUDO_USER'],'./thread-prctl','0','0']) File "/home/ubuntu/qrt/qrt-test-kernel-security/testlib.py", line 923, in assertShellExitEquals self.assertEquals(expected, rc, msg + result + report) AssertionError: Got exit code 2, expected 0 Command: 'sudo', '-u', 'ubuntu', './thread-prctl', '0', '0' Output: will fork tracee from tracer will issue ptrace from tracer thread master is 2732 master waiting for tracer to finish tracer is 2733 tracer 2733 waiting forking tracee from tracer tracee 2735 reading tracer pid tracee 2735 started (expecting 2733 as tracer) tracee triggering tracer tracer to PTRACE_ATTACH my tracee 2735 tracer ptrace attach has failed: Operation not permitted master waiting for tracee to finish master saw rc 2 from tracer tracee waiting for master tracee finished (stop) ====================================================================== FAIL: prctl(PR_SET_PTRACER) works from threads (LP: #729839) ---------------------------------------------------------------------- Traceback (most recent call last): File "./test-kernel-security.py", line 1095, in test_093_ptrace_restriction_prctl_via_thread self.assertShellExitEquals(expected, ['sudo','-u',os.environ['SUDO_USER'],'./thread-prctl','2','1']) File "/home/ubuntu/qrt/qrt-test-kernel-security/testlib.py", line 923, in assertShellExitEquals self.assertEquals(expected, rc, msg + result + report) AssertionError: Got exit code 2, expected 0 Command: 'sudo', '-u', 'ubuntu', './thread-prctl', '2', '1' Output: will issue prctl from thread will issue ptrace from tracer main master is 2739 forking tracee from master master waiting for tracer to finish tracee 2740 reading tracer pid tracee 2740 started (expecting 2741 as tracer) tracee thread starting tracee thread started tracee thread prtctl result: 0 tracee thread finishing tracee thread finished tracee triggering tracer tracer is 2741 tracer 2741 waiting tracer to PTRACE_ATTACH my tracee 2740 tracer ptrace attach has failed: Operation not permitted master waiting for tracee to finish tracee waiting for master tracee finished (stop) master saw rc 2 from tracer ---------------------------------------------------------------------- Ran 51 tests in 37.344s FAILED (failures=7)