Expanding the list of "Hardened Packages"
Jim Meyering
jim at meyering.net
Tue Apr 23 05:53:29 UTC 2013
Steve Grubb wrote:
> On Monday, April 15, 2013 09:12:57 AM Richard W.M. Jones wrote:
>> which I interpret to mean that after using -fstack-protector-all and
>> removing prelink, SELinux would become obsolete because no executable
>> can be exploited.
>
> I would say there is a place for SE Linux even if we compiled everything with
> "all" because FORTIFY_SOURCE coverage is not absolute. For example, about a
> month ago i ran the following test:
>
> procs=`ls /proc | grep '^[0-9]' | sort -n`
> for p in $procs
> do
> res=`cat /proc/$p/maps 2>/dev/null | awk '$2 ~ "wx" { print $2 }'`
> if [ x"$res" != "x" ] ; then
> cat /proc/$p/cmdline | awk '{ printf "%-35s\t", $1 }'
> printf "%s\n" "$p"
> fi
> done
Neat.
I saved that in a script, then realized I could simplify it.
This is nearly equivalent:
$ grep -lE '^[0-9a-f-]+ .wx' /proc/*/maps 2>/dev/null \
|perl -ne 'm!^(/proc/(\d+))/.*! and printf qq(%5d %s\n), $2, `cat $1/cmdline`'
Sample output on an F18 system running the awesome window manager:
1836 /usr/lib/firefox/firefox-no-remote-Pdefault
Notice that the NUL-separated arguments aren't shown properly,
so filter the result through e.g., | tr '\0' ' '
Adjusted output:
1836 /usr/lib/firefox/firefox -no-remote -P default
> What this does is display the programs with Writable and Executable memory.
> All Fedora desktops except Mate have WX memory. (I checked KDE, Gnome,
> Cinnamon, and Mate.) WX memory is dangerous because the normal exploit pattern
More information about the devel
mailing list