On Tue, Nov 09, 2010 at 01:05:06PM -0500, Dave Jones wrote:
On the subject of randomisation, this article..
http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2...
bugged me. Notably the discrepancy between Fedora and everyone else on the shlib test.
I didn't get around to testing whether this was a side-effect of the ascii-armor
patch.
I also couldn't reproduce the results the article author noted, on 32bit or 64bit,
but iirc, it was still lower than the results for everyone else.
any ideas for what could be the cause ?
When I read that, I assumed so, yes. Their methodology[1] wasn't
great. The only way that I can see them getting those results were from
running Fedora on 32bit and Ubuntu on 64bit, but that seems unlikely
given the measured bit size on the other tests. I would have expected
Fedora and Ubuntu to behave the same entropy-wise (poorly) for 32bit
non-NX. Unfortunately, they didn't really specify what hardware or
images they used. (Ubuntu's 32 and 64 bit kernels have the same suffix
"-generic".)
I suspect another factor may be that paxtest can give inconsistent output
when doing the ASLR test.
-Kees
[1]
http://www.outflux.net/blog/archives/2010/09/07/cross-distro-default-secu...
--
Kees Cook
Ubuntu Security Team