From owner-freebsd-security@freebsd.org Fri Mar 26 16:10:35 2021 Return-Path: Delivered-To: freebsd-security@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C6F0857B94E for ; Fri, 26 Mar 2021 16:10:35 +0000 (UTC) (envelope-from marquis@roble.com) Received: from mx5.roble.com (mx5.roble.com [209.237.23.5]) (using TLSv1.3 with cipher TLS_CHACHA20_POLY1305_SHA256 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA512 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx5.roble.com", Issuer "mx5.roble.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F6RlZ6L0Zz4sFW for ; Fri, 26 Mar 2021 16:10:34 +0000 (UTC) (envelope-from marquis@roble.com) Received: from roble.com (roble.com [209.237.23.50]) by mx5.roble.com (Postfix) with ESMTP id 948757BC16 for ; Fri, 26 Mar 2021 09:10:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=roble.com; s=rs060402; t=1616775032; bh=s72wHE63ruioUtkq3AFG4TuG0YpPEKi7TVZ4eJoi4+o=; h=Date:From:To:Subject; b=AW80r93L9TghM/WfeCUPGblxdKQcGz8l9BkXxj7ZW1LETM3e26g//mgujKXNHoOIb kYn2vM7yoYU8eCjfwmiLqG/2i8JXJN9V21M4ZrjPkXxENImCtnXXByaagpL52C0wPM tJONVhvobRkXxHRM0voSU+LQSmiGcoRAPocMx1mM= Date: Fri, 26 Mar 2021 09:10:32 -0700 (PDT) From: Roger Marquis To: freebsd-security@freebsd.org Subject: Re: Buffer overruns, license violations, and bad code: FreeBSD 13s close call Message-ID: MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset=US-ASCII X-Rspamd-Queue-Id: 4F6RlZ6L0Zz4sFW X-Spamd-Bar: - Authentication-Results: mx1.freebsd.org; dkim=pass header.d=roble.com header.s=rs060402 header.b=AW80r93L; dmarc=pass (policy=none) header.from=roble.com; spf=pass (mx1.freebsd.org: domain of marquis@roble.com designates 209.237.23.5 as permitted sender) smtp.mailfrom=marquis@roble.com X-Spamd-Result: default: False [-1.00 / 15.00]; FAKE_REPLY(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[209.237.23.5:from]; R_DKIM_ALLOW(-0.20)[roble.com:s=rs060402]; ARC_NA(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:209.237.23.0/24]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-security@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; SPAMHAUS_ZRD(0.00)[209.237.23.5:from:127.0.2.255]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_SPAM_SHORT(1.00)[1.000]; DKIM_TRACE(0.00)[roble.com:+]; DMARC_POLICY_ALLOW(-0.50)[roble.com,none]; NEURAL_HAM_LONG(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:17403, ipnet:209.237.0.0/18, country:US]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-security] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Mar 2021 16:10:35 -0000 Surprised there's been no mention of wireguard in this list, particularly given the threads on other forums. That said it is good to finally have a third-party analysis of the issue. See today's Ars Technica for Jim Salter's take: The only downside, no idea how it got by Ars' editors, is an irrelevant side-thread on 'Macy's record as a landlord. That aside the article is a must-read for anyone concerned with FreeBSD security. Roger Marquis