๐ญ Iโm currently working on ClickHouse, Valkey and a few other hobby projects.
Take a look at my work GitHub profile @aiven-sal.
S.A.R.A.'s test suite
License: GNU General Public License v3.0
๐ญ Iโm currently working on ClickHouse, Valkey and a few other hobby projects.
Take a look at my work GitHub profile @aiven-sal.
$ sara-test
These tests should pass even with SARA disabled:
wx_mappings: OK
nx_shellcode: OK
fake_trampoline_heap: OK
These tests should pass with SARA fully enabled:
anon_mmap_wx: OK
file_mmap_wx: OK
gnu_executable_stack: OK
heap_mprotect: OK
stack_mprotect: OK
anon_mmap_mprotect: OK
file_mmap_mprotect: OK
text_mprotect: OK
bss_mprotect: OK
data_mprotect: OK
mmap_exec: OK
transfer: OK
gcc_trampolines_working1: OK
gcc_trampolines_working2: OK
fake_trampolines: ERROR
Tests for procattr interface:
correct_settings: OK
verbosity_change: OK
complain_change: OK
full_change_no_force: OK
force_wxorx: OK
kernel: SARA: WXP: '/usr/bin/sara-test' run with flags '0x2f'.
kernel: sara-test[25111]: segfault at 7f78bea05e00 ip 00007f78bea05e00 sp 00007f78bea05de8 error 15
systemd[1]: Started Process Core Dump (PID 25112/UID 0).
kernel: SARA: WXP: '/usr/lib/sara-test/fake_tramp' run with flags '0x12f'.
kernel: fake_tramp[25116]: segfault at d36ce964b20 ip 00000d36ce964b20 sp 00007d97fca2e698 error 15
systemd[1]: Started Process Core Dump (PID 25117/UID 0).
systemd-coredump[25113]: Process 25111 (sara-test) of user 1000 dumped core.
Stack trace of thread 25111:
#0 0x00007f78bea05e00 n/a (n/a)
kernel: pr_wxp: 2 callbacks suppressed
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25124).
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25125).
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline_exstack' run with flags '0x12f'.
kernel: SARA: WXP: W^X in '/usr/lib/sara-test/trampoline_exstack' (25127).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25128).
kernel: SARA: WXP: mprotect on stack in '/usr/bin/sara-test' (25129).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25130).
kernel: SARA: WXP: mprotect on file mmap in '/usr/bin/sara-test' (25131).
kernel: SARA: WXP: W^X in '/usr/bin/sara-test' (25132).
kernel: SARA: WXP: mprotect on anon mmap in '/usr/bin/sara-test' (25133).
kernel: SARA: WXP: mprotect on file mmap in '/usr/bin/sara-test' (25134).
kernel: SARA: WXP: '/usr/lib/sara-test/transfer' run with flags '0x2f'.
kernel: SARA: WXP: '/usr/lib/sara-test//transfer' run with flags '0x22f'.
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline' run with flags '0x12f'.
kernel: SARA: WXP: '/usr/lib/sara-test/trampoline_nopie' run with flags '0x12f'.
kernel: SARA: WXP: '/usr/lib/sara-test/fake_tramp' run with flags '0x12f'.
kernel: fake_tramp[25142]: segfault at 7957e800 ip 000000007957e800 sp 00007f4f8ca19ce8 error 14 in fake_tramp[f017957e000+1000]
systemd[1]: Started Process Core Dump (PID 25143/UID 0).
systemd-coredump[25118]: Process 25116 (fake_tramp) of user 1000 dumped core.
Stack trace of thread 25116:
#0 0x00000d36ce964b20 n/a (n/a)
kernel: SARA: WXP: '/usr/lib/sara-test/procattr' run with flags '0x7c'.
systemd-coredump[25144]: Process 25142 (fake_tramp) of user 1000 dumped core.
Stack trace of thread 25142:
#0 0x000000007957e800 n/a (n/a)
Hello, I just compiled sara-test on x86_64 Fedora 38 with Linux 6.5.8 / GCC 13.2.1, and I got unexpected results. As suggested by the man page, I'm opening an issue. I'm using the default Fedora kernel without modifications. Here are the results:
These tests should pass even with SARA disabled:
wx_mappings: OK
nx_shellcode: OK
fake_trampoline_heap: VULNERABLE
gcc_trampolines_working1: ERROR
gcc_trampolines_working2: ERROR
shm_mode_mprotect: OK
These tests should pass with SARA fully enabled:
anon_mmap_wx: VULNERABLE
file_mmap_wx: VULNERABLE
gnu_executable_stack: OK
heap_mprotect: OK
stack_mprotect: VULNERABLE
anon_mmap_mprotect: VULNERABLE
file_mmap_mprotect: VULNERABLE
shm_wxorx: VULNERABLE
shm_permissive_mode: VULNERABLE
shm_mode_change1: VULNERABLE
shm_mode_change2: VULNERABLE
text_mprotect: VULNERABLE
bss_mprotect: VULNERABLE
data_mprotect: VULNERABLE
mmap_exec: VULNERABLE
proc_mem_write: VULNERABLE
transfer: OK
fake_trampolines: OK
Tests for procattr interface:
I guess the OK
in the second section come from KSPP hardenings, but why are there failures in the first section ? At first, I thought it could come from SELinux, so I tested again on a Debian 12 VM with Linux 6.1.0, but got the same result. There is also a segfault in the system logs:
Nov 02 18:15:47 debian kernel: sara-test[3763]: segfault at 7ffe068863e0 ip 00007ffe068863e0 sp 00007ffe068863c8 error 15 likely on CPU 2 (core 1, socket 0)
Nov 02 18:15:47 debian kernel: Code: 00 00 78 65 88 06 fe 7f 00 00 90 fc 1c e3 b7 55 00 00 e0 c7 1c e3 b7 55 00 00 30 00 00 00 00 00 00 00 60 67 ab fd a3 7f 00 00 <55> 48 89 e5 c7 45 fc 06 00 00 00 90 5d c3 66 90 48 83 ec 08 48 63
By the way, are there still hopes of SARA (or at least WX Protection) being merged in the kernel ?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.