Thu Jun 9 09:42:57 UTC 2011 Running ./test-kernel-aslr-collisions.py -v Running test: './test-kernel-aslr-collisions.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 1000/1000 SUDO_USER: '') Build helper tools ... (gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu4)) ok Kernel is randomizing VA space ... ok Process stack is normal size ... ok Check if brk crashes into mmap in 10,000 execs (i386, nx-emu only) (LP: #452175) ... ok Check if stack crashes into mmap in 100,000 execs (amd64 only?) (LP: #504164) ... 0/100000 1000/100000 (eta: 27min 47sec) 2000/100000 (eta: 27min 16sec) 3000/100000 (eta: 26min 58sec) 4000/100000 (eta: 26min 49sec) 5000/100000 (eta: 26min 30sec) 6000/100000 (eta: 26min 11sec) 7000/100000 (eta: 25min 56sec) 8000/100000 (eta: 25min 40sec) 9000/100000 (eta: 25min 22sec) 10000/100000 (eta: 25min 4sec) 11000/100000 (eta: 24min 51sec) 12000/100000 (eta: 24min 33sec) 13000/100000 (eta: 24min 16sec) 14000/100000 (eta: 23min 59sec) 15000/100000 (eta: 23min 44sec) 16000/100000 (eta: 23min 27sec) 17000/100000 (eta: 23min 11sec) 18000/100000 (eta: 22min 55sec) 19000/100000 (eta: 22min 39sec) 20000/100000 (eta: 22min 22sec) 21000/100000 (eta: 22min 4sec) 22000/100000 (eta: 21min 49sec) 23000/100000 (eta: 21min 32sec) 24000/100000 (eta: 21min 15sec) 25000/100000 (eta: 20min 59sec) 26000/100000 (eta: 20min 42sec) 27000/100000 (eta: 20min 25sec) 28000/100000 (eta: 20min 7sec) 29000/100000 (eta: 19min 52sec) 30000/100000 (eta: 19min 35sec) 31000/100000 (eta: 19min 18sec) 32000/100000 (eta: 19min 1sec) 33000/100000 (eta: 18min 44sec) 34000/100000 (eta: 18min 27sec) 35000/100000 (eta: 18min 11sec) 36000/100000 (eta: 17min 55sec) 37000/100000 (eta: 17min 37sec) 38000/100000 (eta: 17min 20sec) 39000/100000 (eta: 17min 3sec) 40000/100000 (eta: 16min 47sec) 41000/100000 (eta: 16min 30sec) 42000/100000 (eta: 16min 13sec) 43000/100000 (eta: 15min 56sec) 44000/100000 (eta: 15min 39sec) 45000/100000 (eta: 15min 23sec) 46000/100000 (eta: 15min 5sec) 47000/100000 (eta: 14min 49sec) 48000/100000 (eta: 14min 32sec) 49000/100000 (eta: 14min 15sec) 50000/100000 (eta: 13min 59sec) 51000/100000 (eta: 13min 42sec) 52000/100000 (eta: 13min 25sec) 53000/100000 (eta: 13min 8sec) 54000/100000 (eta: 12min 51sec) 55000/100000 (eta: 12min 35sec) 56000/100000 (eta: 12min 18sec) 57000/100000 (eta: 12min 1sec) 58000/100000 (eta: 11min 45sec) 59000/100000 (eta: 11min 28sec) 60000/100000 (eta: 11min 11sec) 61000/100000 (eta: 10min 55sec) 62000/100000 (eta: 10min 38sec) 63000/100000 (eta: 10min 21sec) 64000/100000 (eta: 10min 5sec) 65000/100000 (eta: 9min 48sec) 66000/100000 (eta: 9min 31sec) 67000/100000 (eta: 9min 13sec) 68000/100000 (eta: 8min 57sec) 69000/100000 (eta: 8min 40sec) 70000/100000 (eta: 8min 24sec) 71000/100000 (eta: 8min 6sec) 72000/100000 (eta: 7min 50sec) 73000/100000 (eta: 7min 32sec) 74000/100000 (eta: 7min 16sec) 75000/100000 (eta: 7min 0sec) 76000/100000 (eta: 6min 43sec) 77000/100000 (eta: 6min 26sec) 78000/100000 (eta: 6min 8sec) 79000/100000 (eta: 5min 52sec) 80000/100000 (eta: 5min 36sec) 81000/100000 (eta: 5min 18sec) 82000/100000 (eta: 5min 2sec) 83000/100000 (eta: 4min 45sec) 84000/100000 (eta: 4min 28sec) 85000/100000 (eta: 4min 12sec) 86000/100000 (eta: 3min 55sec) 87000/100000 (eta: 3min 38sec) 88000/100000 (eta: 3min 21sec) 89000/100000 (eta: 3min 4sec) 90000/100000 (eta: 2min 47sec) 91000/100000 (eta: 2min 31sec) 92000/100000 (eta: 2min 14sec) 93000/100000 (eta: 1min 56sec) 94000/100000 (eta: 1min 40sec) 95000/100000 (eta: 1min 23sec) 96000/100000 (eta: 1min 6sec) 97000/100000 (eta: 0min 49sec) 98000/100000 (eta: 0min 33sec) 99000/100000 (eta: 0min 16sec) 100000/100000 (eta: 0min 59sec) ok ---------------------------------------------------------------------- Ran 5 tests in 1810.524s OK OK Running ./test-kernel-hardening.py -v Running test: './test-kernel-hardening.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 1000/1000 SUDO_USER: '') This series of tests must be run under sudo. Skipping private tests Fail Running ./test-kernel-panic.py -v Running test: './test-kernel-panic.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 1000/1000 SUDO_USER: '') The vsyscall entries are created too early (CVE-2010-0307) ... Skipping private tests (skipped: amd64 only) ok ---------------------------------------------------------------------- Ran 1 test in 0.017s OK OK Running ./test-kernel.py -v Running test: './test-kernel.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 1000/1000 SUDO_USER: '') Build helper tools ... (gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu4)) ok syscall(666666) returns ENOSYS (LP: #339743) ... ok Kernel correctly calls access_ok on compat_alloc_userspace (CVE-2010-3081) ... ok Kernel correctly filters compat syscalls (CVE-2010-3301) ... ok Make sure the stack guard page does not split the stack on mlock ... ok inotify does not leak descriptors (LP: #485556) ... ok memmove does not leak bytes (CVE-2010-0415) ... ok Kernel memory does not leak to userspace in signalstack (CVE-2009-2847) ... ok ---------------------------------------------------------------------- Ran 8 tests in 2.971s OK OK Running ./test-kernel-root-ops.py -v Running test: './test-kernel-root-ops.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 1000/1000 SUDO_USER: '') This series of tests must be run under sudo. Fail Running sudo ./test-kernel-security.py -v Running test: './test-kernel-security.py' distro: 'Ubuntu 8.04' kernel: '2.6.24-29.90+novdsocompat1 (Ubuntu 2.6.24-29.90+novdsocompat1-xen)' arch: 'i386' uid: 0/0 SUDO_USER: 'ubuntu') Build helper tools ... (4.2.4 (Ubuntu 4.2.4-1ubuntu4)) ok /proc/$pid/maps is correctly protected ... ok ASLR enabled ... (skipped: boolean on Hardy and earlier) ok ASLR of stack ... ok ASLR of libs ... ok ASLR of mmap ... ok ASLR of text ... ok ASLR of vdso ... ok ASLR of brk ... (skipped: only Intrepid and later) ok Low memory allocation respects mmap_min_addr ... (65536) ok AppArmor loaded ... ok PR_SET_SECCOMP works ... (skipped: LP: #725089) ok /dev/kmem not available ... ok SYN cookies is enabled ... (skipped: only Jaunty and later) ok init's CAPABILITY list is clean ... ok init missing READ_IMPLIES_EXEC ... (heap check) ok NX bit is working ... ok Userspace stack guard page exists (CVE-2010-2240) ... ok CONFIG_COMPAT_BRK disabled ... ok CONFIG_DEVKMEM disabled ... ok CONFIG_SECURITY enabled ... ok CONFIG_SECURITY_SELINUX enabled ... ok CONFIG_SYN_COOKIES enabled ... ok CONFIG_SECCOMP enabled ... ok CONFIG_COMPAT_VDSO disabled ... ok CONFIG_DEBUG_RODATA enabled ... (skipped: ignored on Hardy Xen) ok CONFIG_DEBUG_SET_MODULE_RONX enabled ... (skipped: only Natty and later) ok CONFIG_SECURITY_APPARMOR enabled ... ok CONFIG_STRICT_DEVMEM enabled ... ok /dev/mem unreadable for kernel memory ... (using 0x3fae2cL) (weird on Hardy Xen) (exit code 6) ok CONFIG_SECURITY_FILE_CAPABILITIES enabled ... (skipped: only Intrepid through Lucid) ok CONFIG_SECURITY_SMACK enabled ... (skipped: only Intrepid and later) ok CONFIG_DEFAULT_MMAP_MIN_ADDR ... (SECURITY_DEFAULT_MMAP_MIN_ADDR) (skipped: only Jaunty and later) ok CONFIG_CC_STACKPROTECTOR set ... (skipped: only Hardy amd64 or Karmic and later) ok Kernel stack guard ... (skipped: only Karmic and later) ok Sysctl to disable module loading exists ... (skipped: only Karmic and later) ok Symlinks not followable across differing uids in sticky directories ... (skipped: only Maverick and later) ok Hardlink disallowed for unreadable/unwritable sources ... (skipped: only Maverick and later) ok ptrace allowed only on children or declared processes ... (skipped: only Maverick and later) ok ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ... (skipped: only Maverick and later) ok ptrace of child works from parent threads (LP: #737676) ... (skipped: only Maverick and later) ok prctl(PR_SET_PTRACER) works from threads (LP: #729839) ... (skipped: only Maverick and later) ok rare network modules do not autoload ... (skipped: only Natty and later) ok /proc/sys/kernel/kptr_restrict is enabled ... (skipped: only Natty and later) ok kernel addresses in kallsyms and modules are zeroed out ... (skipped: only Natty and later) (skipped: No 'base:' in root's /proc/timer_list) (skipped: No /proc/self/stack) ok kernel addresses in /boot are not world readable ... (skipped: only Natty and later) ok sensitive files in /proc are not world readable ... (skipped: only Natty and later) ok /sys/kernel/debug/acpi/custom_method stays disabled ... ok ---------------------------------------------------------------------- Ran 48 tests in 14.893s OK OK Thu Jun 9 10:13:29 UTC 2011