Sunday, December 27, 2009

New version of

Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The script is designed to test what standard Linux OS security features are being used.

While other mitigations do exist (e.g. these are not tested.

What's new with version 1.1:

* New '--proc-libs' option. This option instructs to test the loaded libraries of a process. 

* Additional information on ASLR results (--proc, --proc-all, --proc-libs)
  Thanks to Anthony G. Basile of the Tin Hat project for the hint.
* Additional CPU NX check (--proc, --proc-all, --proc-libs)
I tested the new version on Ubuntu 9.10, openSUSE 11.2 and Fedora 12.

You can download the new version 1.1 of here.

Example of additional information on ASLR and NX results:

Example of the new '--proc-libs' option: