Sunday, December 27, 2009

New version of checksec.sh

Modern Linux distributions offer some mitigation techniques to make it harder to exploit software vulnerabilities reliably. Mitigations such as RELRO, NoExecute (NX), Stack Canaries, Address Space Layout Randomization (ASLR) and Position Independent Executables (PIE) have made reliably exploiting any vulnerabilities that do exist far more challenging. The checksec.sh script is designed to test what standard Linux OS security features are being used.

While other mitigations do exist (e.g. grsecurity.net) these are not tested.

What's new with version 1.1:

* New '--proc-libs' option. This option instructs checksec.sh to test the loaded libraries of a process. 

* Additional information on ASLR results (--proc, --proc-all, --proc-libs)
  Thanks to Anthony G. Basile of the Tin Hat project for the hint.
  
* Additional CPU NX check (--proc, --proc-all, --proc-libs)
I tested the new version on Ubuntu 9.10, openSUSE 11.2 and Fedora 12.

You can download the new version 1.1 of checksec.sh here.

Example of additional information on ASLR and NX results:



Example of the new '--proc-libs' option: