kernel-test-security multiple errors on backported Natty kernel

Running linux-image-2.6.38-10-server 2.6.38-10.46~lucid1 (Natty backported kernel for Lucid). test-kernel-security reports 8 failures. It is probable that some, if not all, of these failures are the result of relying on the Ubuntu version (Lucid).

Running test: './test-kernel-security.py' distro: 'Ubuntu 10.04' kernel: '2.6.38-10.46~lucid1 (Ubuntu 2.6.38-10.46~lucid1-server 2.6.38.7)' arch: 'amd64' uid: 0/0 SUDO_USER: 'ubuntu')
Build helper tools ... (4.4.3 (Ubuntu 4.4.3-4ubuntu5)) ok
/proc/$pid/maps is correctly protected ... ok
ASLR enabled ... ok
ASLR of stack ... ok
ASLR of libs ... ok
ASLR of mmap ... ok
ASLR of text ... ok
ASLR of vdso ... ok
ASLR of brk ... ok
Low memory allocation respects mmap_min_addr ... (65536) ok
AppArmor loaded ... ok
PR_SET_SECCOMP works ... ok
/dev/kmem not available ... ok
SYN cookies is enabled ... ok
init's CAPABILITY list is clean ... ok
init missing READ_IMPLIES_EXEC ... (/proc/1/personality) ok
NX bit is working ... ok
Userspace stack guard page exists (CVE-2010-2240) ... ok
CONFIG_COMPAT_BRK disabled ... ok
CONFIG_DEVKMEM disabled ... ok
CONFIG_SECURITY enabled ... ok
CONFIG_SECURITY_SELINUX enabled ... ok
CONFIG_SYN_COOKIES enabled ... ok
CONFIG_SECCOMP enabled ... ok
CONFIG_COMPAT_VDSO disabled ... ok
CONFIG_DEBUG_RODATA enabled ... ok
CONFIG_DEBUG_SET_MODULE_RONX enabled ... (skipped: only Natty and later) FAIL
CONFIG_SECURITY_APPARMOR enabled ... ok
CONFIG_STRICT_DEVMEM enabled ... ok
/dev/mem unreadable for kernel memory ... (using 0x1a239f0L) (exit code 0) ok
CONFIG_SECURITY_FILE_CAPABILITIES enabled ... FAIL
CONFIG_SECURITY_SMACK enabled ... ok
CONFIG_DEFAULT_MMAP_MIN_ADDR ... (65536) ok
CONFIG_CC_STACKPROTECTOR set ... ok
Kernel stack guard ... ok
Sysctl to disable module loading exists ... ok
Symlinks not followable across differing uids in sticky directories ... (skipped: only Maverick and later) FAIL
Hardlink disallowed for unreadable/unwritable sources ... (skipped: only Maverick and later) FAIL
ptrace allowed only on children or declared processes ... (skipped: only Maverick and later) (timeout) FAIL
ptrace from thread on tracee that used prctl(PR_SET_PTRACER) ... (skipped: only Maverick and later) ok
ptrace of child works from parent threads (LP: #737676) ... (skipped: only Maverick and later) ok
prctl(PR_SET_PTRACER) works from threads (LP: #729839) ... (skipped: only Maverick and later) ok
rare network modules do not autoload ... (skipped: only Natty and later) ok
/proc/sys/kernel/kptr_restrict is enabled ... (skipped: only Natty and later) FAIL
kernel addresses in kallsyms and modules are zeroed out ... (skipped: only Natty and later) FAIL
kernel addresses in /boot are not world readable ... (skipped: only Natty and later) FAIL
sensitive files in /proc are not world readable ... (skipped: only Natty and later) ok
/sys/kernel/debug/acpi/custom_method stays disabled ... ok

======================================================================
FAIL: CONFIG_DEBUG_SET_MODULE_RONX enabled
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 569, in test_072_config_debug_set_module_ronx
    self.assertEqual(self._test_config('DEBUG_SET_MODULE_RONX'), expected)
AssertionError: True != False

======================================================================
FAIL: CONFIG_SECURITY_FILE_CAPABILITIES enabled
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 671, in test_073_config_security_file_capabilities
    self.assertEqual(self._test_config('SECURITY_FILE_CAPABILITIES'), expected)
AssertionError: False != True

======================================================================
FAIL: Symlinks not followable across differing uids in sticky directories
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 936, in test_091_symlink_following_in_sticky_directories
    self._check_symlinks(sticky=True, hardened=expected)
  File "./test-kernel-security.py", line 850, in _check_symlinks
    self.assertShellOutputEquals(message, ['sudo','-u',noob.login,'cat',attacker_symlink], invert=sticky and hardened)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 893, in assertShellOutputEquals
    self.assertEquals(text, out, msg + result + report)
AssertionError: Got exit code 1. Looking for exact text "sekrit
" (sudo -u tXdQQSYc cat /tmp/symlinks-8Q9QzG/attacker.link)
Command: 'sudo', '-u', 'tXdQQSYc', 'cat', '/tmp/symlinks-8Q9QzG/attacker.link'
Output:
cat: /tmp/symlinks-8Q9QzG/attacker.link: Permission denied

======================================================================
FAIL: Hardlink disallowed for unreadable/unwritable sources
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 963, in test_092_hardlink_restriction
    self.assertShellExitEquals(expected, ['sudo','-u',os.environ['SUDO_USER'],'ln',secret.name,evil])
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 871, in assertShellExitEquals
    self.assertEquals(expected, rc, msg + result + report)
AssertionError: Got exit code 1, expected 0
Command: 'sudo', '-u', 'ubuntu', 'ln', '/tmp/secret-eKVyi6', '/tmp/hardlinks-k5rFMT/evil'
Output:
ln: creating hard link `/tmp/hardlinks-k5rFMT/evil' => `/tmp/secret-eKVyi6': Operation not permitted

======================================================================
FAIL: ptrace allowed only on children or declared processes
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1036, in test_093_ptrace_restriction
    shelltimeout(expected, ['sudo','-u',os.environ['SUDO_USER'],'./ptrace-restrictions.sh'], stdin=open("/dev/null"))
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 1038, in __call__
    result = self.function(*args, **kwargs)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 871, in assertShellExitEquals
    self.assertEquals(expected, rc, msg + result + report)
AssertionError: Got exit code 0, expected 1
Command: 'sudo', '-u', 'ubuntu', './ptrace-restrictions.sh'
Output:
+ set -e
+ '[' -w /etc/passwd ']'
+ export LANG=C
+ LANG=C
+ rc=0
++ gdb -ex start -ex quit --batch ./sleeper
+ OUT='Temporary breakpoint 1 at 0x400653: file sleeper.c, line 28.

Temporary breakpoint 1, main (argc=1, argv=0x7fffffffe738) at sleeper.c:28
28 if (argc<3) {
A debugging session is active.

 Inferior 1 [process 17652] will be killed.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo 'Temporary breakpoint 1 at 0x400653: file sleeper.c, line 28.

Temporary breakpoint 1, main (argc=1, argv=0x7fffffffe738) at sleeper.c:28
28 if (argc<3) {
A debugging session is active.

 Inferior 1 [process 17652] will be killed.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: children correctly PTRACEable'
ok: children correctly PTRACEable
+ pid=17657
+ sleep 120
++ gdb -ex 'attach 17657' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: cousins correctly unPTRACEable'
ok: cousins correctly unPTRACEable
+ ls -la /proc/17657/exe
+ echo 'ok: cousins correctly visible in /proc'
ok: cousins correctly visible in /proc
++ gdb -ex 'attach 1' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: init correctly unPTRACEable'
ok: init correctly unPTRACEable
+ ls -la /proc/1/exe
+ echo 'ok: init correctly invisible in /proc'
ok: init correctly invisible in /proc
+ disown 17657
+ kill 17657
+ pid=17670
+ ./sleeper 0 120
++ gdb -ex 'attach 17670' -ex quit --batch
+ OUT='ptrace: Operation not permitted.'
+ echo 'ptrace: Operation not permitted.'
+ grep -q 'Operation not permitted'
+ echo 'ok: prctl(PR_SET_PTRACER, 0, ...) correctly unPTRACEable'
ok: prctl(PR_SET_PTRACER, 0, ...) correctly unPTRACEable
+ disown 17670
+ kill 17670
+ ./sleeper 17648 120
+ pid=17676
++ gdb -ex 'attach 17676' -ex quit --batch
+ OUT='0x00007fbce5a34380 in nanosleep () from /lib/libc.so.6
A debugging session is active.

 Inferior 1 [process 17676] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo '0x00007fbce5a34380 in nanosleep () from /lib/libc.so.6
A debugging session is active.

 Inferior 1 [process 17676] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: prctl(PR_SET_PTRACER, parent, ...) correctly PTRACEable'
ok: prctl(PR_SET_PTRACER, parent, ...) correctly PTRACEable
+ disown 17676
+ kill 17676
+ pid=17684
+ ./sleeper 1 120
++ gdb -ex 'attach 17684' -ex quit --batch
+ OUT='0x00007fbdc6dc1380 in nanosleep () from /lib/libc.so.6
A debugging session is active.

 Inferior 1 [process 17684] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ echo '0x00007fbdc6dc1380 in nanosleep () from /lib/libc.so.6
A debugging session is active.

 Inferior 1 [process 17684] will be detached.

Quit anyway? (y or n) [answered Y; input not from terminal]'
+ grep -q 'Quit anyway'
+ echo 'ok: prctl(PR_SET_PTRACER, 1, ...) correctly PTRACEable'
ok: prctl(PR_SET_PTRACER, 1, ...) correctly PTRACEable
+ disown 17684
+ kill 17684
+ exit 0

======================================================================
FAIL: /proc/sys/kernel/kptr_restrict is enabled
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1168, in test_095_kernel_symbols_acl
    self._test_sysctl_value('kernel/kptr_restrict', expected, exists=expected)
  File "/home/ubuntu/qrt-test-kernel/testlib.py", line 911, in _test_sysctl_value
    self.assertEquals(exists, os.path.exists(sysctl), sysctl)
AssertionError: /proc/sys/kernel/kptr_restrict

======================================================================
FAIL: kernel addresses in kallsyms and modules are zeroed out
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1219, in test_095_kernel_symbols_missing
    self._check_pK_files(expected)
  File "./test-kernel-security.py", line 1175, in _check_pK_files
    expected)
  File "./test-kernel-security.py", line 1154, in _read_twice
    self.assertEquals(expected, 0 == int(address,16), "%s: user saw %s" % (filename, address))
AssertionError: /proc/kallsyms: user saw 0000000000000000

======================================================================
FAIL: kernel addresses in /boot are not world readable
----------------------------------------------------------------------
Traceback (most recent call last):
  File "./test-kernel-security.py", line 1247, in test_096_boot_symbols_unreadable
    self.assertEquals(os.stat(name).st_mode & mask, expected, '%s is world readable' % (name))
AssertionError: /boot/System.map-2.6.38-10-server is world readable

----------------------------------------------------------------------
Ran 48 tests in 12.090s

FAILED (failures=8)

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: linux-image-2.6.38-10-server 2.6.38-10.46~lucid1
ProcVersionSignature: Ubuntu 2.6.38-10.46~lucid1-server 2.6.38.7
Uname: Linux 2.6.38-10-server x86_64
Architecture: amd64
Date: Thu Jul 14 19:59:41 2011
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release amd64 (20110211.1)
ProcEnviron:
 LC_TIME=en_DK.utf8
 LANG=en_US
 SHELL=/bin/bash
SourcePackage: linux-lts-backport-natty