Hi Ingo,
On Wed, Nov 10, 2010 at 09:00:10AM +0100, Ingo Molnar wrote:
* Kees Cook <kees(a)ubuntu.com> wrote:
> On Tue, Nov 09, 2010 at 10:54:51AM -0800, Kees Cook wrote:
>
> > I suspect another factor may be that paxtest can give inconsistent output when
> > doing the ASLR test.
>
> Actually, in looking at paxtest, it's reporting correctly. I'm not sure what
other
> patches are in the Fedora kernel, but it seems like while Ubuntu's entropy with
> ascii-armor aslr is bad, Fedora's is even worse.
There used to be some anti-Fedora PR in paxtest circles (which we can ignore), but
where the tool reported numbers i always found it to be accurate (which we shouldn't
ignore).
Yeah, that's why I replicated it externally, just to allay any fears about
paxtest itself.
-Kees
--
Kees Cook
Ubuntu Security Team