This project has moved and is read-only. For the latest updates, please go here.

crashme testing on Secure Linux

Jun 2, 2009 at 12:04 PM


I've run crashme on Windows XP, Redhat Linux and now on Secure Linux. On Windows and Redhat, I got a lot of different exceptions, but on SE Linux, all the test cases are exiting with status 256. If my understanding is correct an exit status code of 256 implies (256 modulo 256) an exit code of 0 (normal exit). Is this correct? If it is so, why are all the test cases exiting normally on SE Linux when the same test cases cause exceptions to be generated on the other two platforms? Does this imply that SE Linux is more robust than the other 2 platforms? On SE Linux we are executing crashme with "root" ownership and no security policies defined. So, in theory it should behave similar to normal redhat linux. Can someone help and explain why this is happening. Any help shall be greatly appreciated.


Thanks a lot




Aug 7, 2012 at 10:18 PM

Test cases might all return normally from the subprocess if all the signal handles catch all problems perfectly, with a perfect call to the signal function, and a clean longjump back. Run crashme with no subprocess, e.g. ./crashme +4096 666 100. And if it makes it through all 100 loops without any problem, returning a status of 0, and especially if the same signal is caught each time, then you know that crashme is not *potent* under the test scenario. The two situations where I have observed this behavior are (1) when procedure descriptors are in use (e.g. DEC ALPHA) and random data is unlikely to generate a valid procedure descriptor, or (2) when you need mprotect to be called on the data in order to allow it to be executable. Without both WRITE and EXECUTE access to the same memory location you cannot have a true crashme. So perhaps SE linux gives you one of those situations? The program ./pddet will guess if there are procedure descriptors. See the recent changes to the source code for __APPLE__ and __FreeBSD__.