Running test: './test-kernel-security.py' distro: 'Ubuntu 11.10' kernel: '3.0.0-1212.24 (Ubuntu 3.0.0-1212.24-omap4 3.0.33)' arch: 'armel' uid: 0/0 SUDO_USER: 'ubuntu')
test_000_make (__main__.KernelSecurityTest)
Prepare to build helper tools ... (4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)) ok
test_010_proc_maps (__main__.KernelSecurityTest)
/proc/$pid/maps is correctly protected ... ok
test_020_aslr_00_proc (__main__.KernelSecurityTest)
ASLR enabled ... ok
test_020_aslr_dapper_stack (__main__.KernelSecurityTest)
ASLR of stack ... ok
test_021_aslr_dapper_libs (__main__.KernelSecurityTest)
ASLR of libs ... ok
test_021_aslr_dapper_mmap (__main__.KernelSecurityTest)
ASLR of mmap ... ok
test_022_aslr_hardy_text (__main__.KernelSecurityTest)
ASLR of text ... ok
test_022_aslr_hardy_vdso (__main__.KernelSecurityTest)
ASLR of vdso ... (skipped: only x86) ok
test_022_aslr_intrepid_brk (__main__.KernelSecurityTest)
ASLR of brk ... ok
test_030_mmap_min (__main__.KernelSecurityTest)
Low memory allocation respects mmap_min_addr ... (32768) ok
test_031_apparmor (__main__.KernelSecurityTest)
AppArmor loaded ... ok
test_031_seccomp (__main__.KernelSecurityTest)
PR_SET_SECCOMP works ... ok
test_032_dev_kmem (__main__.KernelSecurityTest)
/dev/kmem not available ... ok
test_033_syn_cookies (__main__.KernelSecurityTest)
SYN cookies is enabled ... ok
test_040_pcaps (__main__.KernelSecurityTest)
init's CAPABILITY list is clean ... ok
test_050_personality (__main__.KernelSecurityTest)
init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok
test_060_nx (__main__.KernelSecurityTest)
NX bit is working ... ok
test_061_guard_page (__main__.KernelSecurityTest)
Userspace stack guard page exists (CVE-2010-2240) ... ok
test_070_config_brk (__main__.KernelSecurityTest)
CONFIG_COMPAT_BRK disabled ... ok
test_070_config_devkmem (__main__.KernelSecurityTest)
CONFIG_DEVKMEM disabled ... ok
test_070_config_seccomp (__main__.KernelSecurityTest)
CONFIG_SECCOMP enabled ... ok
test_070_config_security (__main__.KernelSecurityTest)
CONFIG_SECURITY enabled ... ok
test_070_config_security_selinux (__main__.KernelSecurityTest)
CONFIG_SECURITY_SELINUX enabled ... ok
test_070_config_syn_cookies (__main__.KernelSecurityTest)
CONFIG_SYN_COOKIES enabled ... ok
test_071_config_seccomp (__main__.KernelSecurityTest)
CONFIG_SECCOMP enabled ... ok
test_072_config_compat_vdso (__main__.KernelSecurityTest)
CONFIG_COMPAT_VDSO disabled ... ok
test_072_config_debug_rodata (__main__.KernelSecurityTest)
CONFIG_DEBUG_RODATA enabled ... (skipped: only x86) ok
test_072_config_debug_set_module_ronx (__main__.KernelSecurityTest)
CONFIG_DEBUG_SET_MODULE_RONX enabled ... (skipped: only x86) ok
test_072_config_security_apparmor (__main__.KernelSecurityTest)
CONFIG_SECURITY_APPARMOR enabled ... ok
test_072_config_strict_devmem (__main__.KernelSecurityTest)
CONFIG_STRICT_DEVMEM enabled ... ok
test_072_strict_devmem (__main__.KernelSecurityTest)
/dev/mem unreadable for kernel memory ... (using 0xabe9d100L) (exit code 0) ok
test_073_config_security_file_capabilities (__main__.KernelSecurityTest)
CONFIG_SECURITY_FILE_CAPABILITIES enabled ... (skipped: only Intrepid through Lucid) ok
test_073_config_security_smack (__main__.KernelSecurityTest)
CONFIG_SECURITY_SMACK enabled ... ok
test_074_config_security_default_mmap_min_addr (__main__.KernelSecurityTest)
CONFIG_DEFAULT_MMAP_MIN_ADDR ... (32768) ok
test_075_config_stack_protector (__main__.KernelSecurityTest)
CONFIG_CC_STACKPROTECTOR set ... ok
test_082_stack_guard_kernel (__main__.KernelSecurityTest)
Kernel stack guard ... ok
test_090_module_blocking (__main__.KernelSecurityTest)
Sysctl to disable module loading exists ... ok
test_091_symlink_following_in_sticky_directories (__main__.KernelSecurityTest)
Symlinks not followable across differing uids in sticky directories ... ok
test_092_hardlink_restriction (__main__.KernelSecurityTest)
Hardlink disallowed for unreadable/unwritable sources ... ok
test_093_ptrace_restriction (__main__.KernelSecurityTest)
ptrace allowed only on children or declared processes ... (skipping PR_SET_PTRACER_ANY) (timeout) ERROR
test_093_ptrace_restriction_extras (__main__.KernelSecurityTest)
ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ... ok
test_093_ptrace_restriction_parent_via_thread (__main__.KernelSecurityTest)
ptrace of child works from parent threads (LP: #737676) ... ok
test_093_ptrace_restriction_prctl_via_thread (__main__.KernelSecurityTest)
prctl(PR_SET_PTRACER) works from threads (LP: #729839) ... ok
test_094_rare_net_autoload (__main__.KernelSecurityTest)
rare network modules do not autoload ... ok
test_095_kernel_symbols_acl (__main__.KernelSecurityTest)
/proc/sys/kernel/kptr_restrict is enabled ... ok
test_095_kernel_symbols_missing (__main__.KernelSecurityTest)
kernel addresses in kallsyms and modules are zeroed out ... ok
test_096_boot_symbols_unreadable (__main__.KernelSecurityTest)
kernel addresses in /boot are not world readable ... ok
test_096_proc_entries_unreadable (__main__.KernelSecurityTest)
sensitive files in /proc are not world readable ... ok
test_100_keep_acpi_method_disabled (__main__.KernelSecurityTest)
/sys/kernel/debug/acpi/custom_method stays disabled ... ok
test_101_proc_fd_leaks (__main__.KernelSecurityTest)
/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... ok
test_110_seccomp_filter (__main__.KernelSecurityTest)
seccomp_filter works ... (skipped: only x86 on 3.0 kernel) ok
======================================================================
ERROR: test_093_ptrace_restriction (__main__.KernelSecurityTest)
ptrace allowed only on children or declared processes
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 1207, in test_093_ptrace_restriction
shelltimeout(expected, cmd, stdin=open("/dev/null"))
File "/home/ubuntu/qrt-test-kernel/testlib.py", line 1122, in __call__
result = self.function(*args, **kwargs)
File "/home/ubuntu/qrt-test-kernel/testlib.py", line 941, in assertShellExitEquals
rc, report, out = self._testlib_shell_cmd(args, stdin=stdin, stdout=stdout, stderr=stderr)
File "/home/ubuntu/qrt-test-kernel/testlib.py", line 932, in _testlib_shell_cmd
rc, out = cmd(args,stdin=stdin,stdout=stdout,stderr=stderr)
File "/home/ubuntu/qrt-test-kernel/testlib.py", line 371, in cmd
out, outerr = sp.communicate(input)
File "/usr/lib/python2.7/subprocess.py", line 746, in communicate
stdout = _eintr_retry_call(self.stdout.read)
File "/usr/lib/python2.7/subprocess.py", line 478, in _eintr_retry_call
return func(*args)
File "/home/ubuntu/qrt-test-kernel/testlib.py", line 1116, in handle_timeout
raise TimeoutFunctionException()
TimeoutFunctionException
----------------------------------------------------------------------
Ran 51 tests in 198.033s
One failure on QRT kernel-security:
Running test: './test- kernel- security. py' distro: 'Ubuntu 11.10' kernel: '3.0.0-1212.24 (Ubuntu 3.0.0-1212.24-omap4 3.0.33)' arch: 'armel' uid: 0/0 SUDO_USER: 'ubuntu') _.KernelSecurit yTest) _.KernelSecurit yTest) aslr_00_ proc (__main_ _.KernelSecurit yTest) aslr_dapper_ stack (__main_ _.KernelSecurit yTest) aslr_dapper_ libs (__main_ _.KernelSecurit yTest) aslr_dapper_ mmap (__main_ _.KernelSecurit yTest) aslr_hardy_ text (__main_ _.KernelSecurit yTest) aslr_hardy_ vdso (__main_ _.KernelSecurit yTest) aslr_intrepid_ brk (__main_ _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) syn_cookies (__main_ _.KernelSecurit yTest) _.KernelSecurit yTest) personality (__main_ _.KernelSecurit yTest) 1/personality) ok _.KernelSecurit yTest) _.KernelSecurit yTest) _.KernelSecurit yTest) config_ devkmem (__main_ _.KernelSecurit yTest) config_ seccomp (__main_ _.KernelSecurit yTest) config_ security (__main_ _.KernelSecurit yTest) config_ security_ selinux (__main_ _.KernelSecurit yTest) SECURITY_ SELINUX enabled ... ok config_ syn_cookies (__main_ _.KernelSecurit yTest) config_ seccomp (__main_ _.KernelSecurit yTest) config_ compat_ vdso (__main_ _.KernelSecurit yTest) config_ debug_rodata (__main_ _.KernelSecurit yTest) config_ debug_set_ module_ ronx (__main_ _.KernelSecurit yTest) DEBUG_SET_ MODULE_ RONX enabled ... (skipped: only x86) ok config_ security_ apparmor (__main_ _.KernelSecurit yTest) SECURITY_ APPARMOR enabled ... ok config_ strict_ devmem (__main_ _.KernelSecurit yTest) STRICT_ DEVMEM enabled ... ok strict_ devmem (__main_ _.KernelSecurit yTest) config_ security_ file_capabiliti es (__main_ _.KernelSecurit yTest) SECURITY_ FILE_CAPABILITI ES enabled ... (skipped: only Intrepid through Lucid) ok config_ security_ smack (__main_ _.KernelSecurit yTest) SECURITY_ SMACK enabled ... ok config_ security_ default_ mmap_min_ addr (__main_ _.KernelSecurit yTest) DEFAULT_ MMAP_MIN_ ADDR ... (32768) ok config_ stack_protector (__main_ _.KernelSecurit yTest) CC_STACKPROTECT OR set ... ok stack_guard_ kernel (__main_ _.KernelSecurit yTest) module_ blocking (__main_ _.KernelSecurit yTest) symlink_ following_ in_sticky_ directories (__main_ _.KernelSecurit yTest) hardlink_ restriction (__main_ _.KernelSecurit yTest) unwritable sources ... ok ptrace_ restriction (__main_ _.KernelSecurit yTest) ptrace_ restriction_ extras (__main_ _.KernelSecurit yTest) SET_PTRACER) ... ok ptrace_ restriction_ parent_ via_thread (__main_ _.KernelSecurit yTest) ptrace_ restriction_ prctl_via_ thread (__main_ _.KernelSecurit yTest) SET_PTRACER) works from threads (LP: #729839) ... ok rare_net_ autoload (__main_ _.KernelSecurit yTest) kernel_ symbols_ acl (__main_ _.KernelSecurit yTest) kernel/ kptr_restrict is enabled ... ok kernel_ symbols_ missing (__main_ _.KernelSecurit yTest) boot_symbols_ unreadable (__main_ _.KernelSecurit yTest) proc_entries_ unreadable (__main_ _.KernelSecurit yTest) keep_acpi_ method_ disabled (__main_ _.KernelSecurit yTest) debug/acpi/ custom_ method stays disabled ... ok proc_fd_ leaks (__main_ _.KernelSecurit yTest) seccomp_ filter (__main_ _.KernelSecurit yTest)
test_000_make (__main_
Prepare to build helper tools ... (4.6.1 (Ubuntu/Linaro 4.6.1-9ubuntu3)) ok
test_010_proc_maps (__main_
/proc/$pid/maps is correctly protected ... ok
test_020_
ASLR enabled ... ok
test_020_
ASLR of stack ... ok
test_021_
ASLR of libs ... ok
test_021_
ASLR of mmap ... ok
test_022_
ASLR of text ... ok
test_022_
ASLR of vdso ... (skipped: only x86) ok
test_022_
ASLR of brk ... ok
test_030_mmap_min (__main_
Low memory allocation respects mmap_min_addr ... (32768) ok
test_031_apparmor (__main_
AppArmor loaded ... ok
test_031_seccomp (__main_
PR_SET_SECCOMP works ... ok
test_032_dev_kmem (__main_
/dev/kmem not available ... ok
test_033_
SYN cookies is enabled ... ok
test_040_pcaps (__main_
init's CAPABILITY list is clean ... ok
test_050_
init missing READ_IMPLIES_EXEC ... (/proc/
test_060_nx (__main_
NX bit is working ... ok
test_061_guard_page (__main_
Userspace stack guard page exists (CVE-2010-2240) ... ok
test_070_config_brk (__main_
CONFIG_COMPAT_BRK disabled ... ok
test_070_
CONFIG_DEVKMEM disabled ... ok
test_070_
CONFIG_SECCOMP enabled ... ok
test_070_
CONFIG_SECURITY enabled ... ok
test_070_
CONFIG_
test_070_
CONFIG_SYN_COOKIES enabled ... ok
test_071_
CONFIG_SECCOMP enabled ... ok
test_072_
CONFIG_COMPAT_VDSO disabled ... ok
test_072_
CONFIG_DEBUG_RODATA enabled ... (skipped: only x86) ok
test_072_
CONFIG_
test_072_
CONFIG_
test_072_
CONFIG_
test_072_
/dev/mem unreadable for kernel memory ... (using 0xabe9d100L) (exit code 0) ok
test_073_
CONFIG_
test_073_
CONFIG_
test_074_
CONFIG_
test_075_
CONFIG_
test_082_
Kernel stack guard ... ok
test_090_
Sysctl to disable module loading exists ... ok
test_091_
Symlinks not followable across differing uids in sticky directories ... ok
test_092_
Hardlink disallowed for unreadable/
test_093_
ptrace allowed only on children or declared processes ... (skipping PR_SET_PTRACER_ANY) (timeout) ERROR
test_093_
ptrace from thread on tracee that used prctl(PR_
test_093_
ptrace of child works from parent threads (LP: #737676) ... ok
test_093_
prctl(PR_
test_094_
rare network modules do not autoload ... ok
test_095_
/proc/sys/
test_095_
kernel addresses in kallsyms and modules are zeroed out ... ok
test_096_
kernel addresses in /boot are not world readable ... ok
test_096_
sensitive files in /proc are not world readable ... ok
test_100_
/sys/kernel/
test_101_
/proc/$pid/ DAC bypass on setuid (CVE-2011-1020) ... ok
test_110_
seccomp_filter works ... (skipped: only x86 on 3.0 kernel) ok
======= ======= ======= ======= ======= ======= ======= ======= ======= ======= ptrace_ restriction (__main_ _.KernelSecurit yTest) ------- ------- ------- ------- ------- ------- ------- ------- ------- kernel- security. py", line 1207, in test_093_ ptrace_ restriction t(expected, cmd, stdin=open( "/dev/null" )) ubuntu/ qrt-test- kernel/ testlib. py", line 1122, in __call__ *args, **kwargs) ubuntu/ qrt-test- kernel/ testlib. py", line 941, in assertShellExit Equals shell_cmd( args, stdin=stdin, stdout=stdout, stderr=stderr) ubuntu/ qrt-test- kernel/ testlib. py", line 932, in _testlib_shell_cmd stdin=stdin, stdout= stdout, stderr= stderr) ubuntu/ qrt-test- kernel/ testlib. py", line 371, in cmd input) python2. 7/subprocess. py", line 746, in communicate retry_call( self.stdout. read) python2. 7/subprocess. py", line 478, in _eintr_retry_call ubuntu/ qrt-test- kernel/ testlib. py", line 1116, in handle_timeout Exception( ) Exception
ERROR: test_093_
ptrace allowed only on children or declared processes
-------
Traceback (most recent call last):
File "./test-
shelltimeou
File "/home/
result = self.function(
File "/home/
rc, report, out = self._testlib_
File "/home/
rc, out = cmd(args,
File "/home/
out, outerr = sp.communicate(
File "/usr/lib/
stdout = _eintr_
File "/usr/lib/
return func(*args)
File "/home/
raise TimeoutFunction
TimeoutFunction
------- ------- ------- ------- ------- ------- ------- ------- ------- -------
Ran 51 tests in 198.033s
FAILED (errors=1)
ubuntu@ panda-oneiric: ~$