From owner-freebsd-security@freebsd.org  Fri Jul 28 12:15:38 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C769EDC4F93
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Fri, 28 Jul 2017 12:15:38 +0000 (UTC)
 (envelope-from erdgeist@erdgeist.org)
Received: from elektropost.org (elektropost.org [217.115.13.198])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 551308353E
 for <freebsd-security@freebsd.org>; Fri, 28 Jul 2017 12:15:37 +0000 (UTC)
 (envelope-from erdgeist@erdgeist.org)
Received: (qmail 26941 invoked from network); 28 Jul 2017 12:08:53 -0000
Received: from elektropost.org (HELO elektropost.org) (erdgeist@erdgeist.org)
 by elektropost.org with ESMTPS (DHE-RSA-AES128-SHA encrypted);
 28 Jul 2017 12:08:53 -0000
To: freebsd-security@freebsd.org
From: Dirk Engling <erdgeist@erdgeist.org>
Subject: DefCon lecture BSD Kern Vulns
Message-ID: <26de0aed-8151-6105-188f-ad0c6c6cf8b8@erdgeist.org>
Date: Fri, 28 Jul 2017 14:08:50 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:52.0)
 Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jul 2017 12:15:38 -0000

Out of curiosity:

have those findings officially been reported? Is someone working on them?

https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Ilja-van-Sprundel-BSD-Kern-Vulns.pdf

If not, shall I extract them?

Maybe we should start an "audit a subsystem" week ;)

  erdgeist