From owner-freebsd-stable@freebsd.org Mon Jul 17 14:11:17 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id EC748D880C4 for ; Mon, 17 Jul 2017 14:11:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C57662D24; Mon, 17 Jul 2017 14:11:17 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id D94CF1525D; Mon, 17 Jul 2017 14:11:16 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 17 Jul 2017 14:11:15 +0000 From: Glen Barber To: "Vlad K." Cc: freebsd-stable@freebsd.org Subject: Re: stack_guard hardening bsdinstall option in STABLE and 11.1 Message-ID: <20170717141115.GQ16843@FreeBSD.org> References: <20170717133359.GP16843@FreeBSD.org> <61f79801976fab6770471cd3e2359652@acheronmedia.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="TSQPSNmi3T91JED+" Content-Disposition: inline In-Reply-To: <61f79801976fab6770471cd3e2359652@acheronmedia.com> X-Operating-System: FreeBSD 11.0-STABLE amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer X-Spidey-Sense: Uh oh, Peter logged in User-Agent: Mutt/1.8.2 (2017-04-18) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2017 14:11:18 -0000 --TSQPSNmi3T91JED+ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 17, 2017 at 03:47:08PM +0200, Vlad K. wrote: > On 2017-07-17 15:33, Glen Barber wrote: > >=20 > > No, this is not available in the 11.1 installer. > >=20 >=20 > Thanks but that's why I asked why's that. r320674 said MFC after 1 day. Is > it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is the= re > another reason? >=20 > If its' too late, does that mean it's too late for the installer, but the > new stack_guard code is there in STABLE and I am guessing will be part of > 11.1, so we can assume the sysctl to be an integer (as opposed to > enable/disable semantics of the sysctl in 11.0)? In other words, is it sa= fe > to ramp up the gap size in 11.1? >=20 kib gave feedback on this in an earlier reply (which I missed before replying myself). Glen --TSQPSNmi3T91JED+ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAllsxYMACgkQAxRYpUeP 4pOsrA//QzCcnzmVmf7CPrBAsihPgInE16UuDuTGjVm7BLOUmqmk5hI7yQjFjGOJ cYrFCIAFqa0U7yiR/CzPv0HyenZ3qv3FrLff+3LJGA++yXAMjHNkgvbUx2sLu6UZ IIemFCcQUKIZp05RgQWPsOBfoRJmhxY1vkcGAlVdyEs6shZnbdhOafCfKZec/OMe YlqODgTJwf0f7DyUaXDiiNpWJIFiWVb3iQ949uoOPvEiVMo7s3KAzt+VwI3VMQHA yMziCJflQ3OR9tIB8WLvO2spiyc8fHauXBMbKEyN9oPu+lVaAV7DVWGsUODI1hNT yRXDPCReDZiXlxuyyIMTeg0c6/tqXd/WdXLQfupDjS6DM4NBSlk0q4i/xT3hHG6M edCQO3W1c/vZ6Zg6m3ThNOHe2/31NsfTeIepu4pH1MBjmIrI6JGIem5Db4KcAFzv 1dxkmFLbk7JzndBWnxVAaUajGUzmOxFMSC83wkMpQ+a/TpPMhHLfOCG9eG7FUPBI MtQDgxhyb9zLMZJHk3XgNQ79VAoI7nQk76ABwtSgSoGAbBb9Ki6B+lgq4udtnQph 8VfkTsn4ZjKWos0m6TbKXBL96JvQfIAQjFuNdNvqMfGgkpH6nQyLyVXmA+1qkCu0 pmRo1gPeNvh6mKtJ3M+nOW/aV3/iRlyXyuHz0kkK5T058bXXOco= =nHae -----END PGP SIGNATURE----- --TSQPSNmi3T91JED+--