Date: Mon, 17 Jul 2017 13:24:59 +0300 From: Konstantin Belousov <kostikbel@gmail.com> To: "Vlad K." <vlad-fbsd@acheronmedia.com> Cc: freebsd-stable@freebsd.org Subject: Re: stack_guard hardening bsdinstall option in STABLE and 11.1 Message-ID: <20170717102459.GJ1935@kib.kiev.ua> In-Reply-To: <f16afd19d4e0be57dc5cef0b68a7edea@acheronmedia.com> References: <f16afd19d4e0be57dc5cef0b68a7edea@acheronmedia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote: > Hello list, > > the stack_guard hardening option in bsdinstall is now setting 512 pages > of it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul > 5th), but STABLE hasn't got it yet. Is this simply an omission > (understandable as the RELEASE is being prepared so things are a bit > hectic I guess), or is there another reason? > > Can we assume that in 11.1 the sysctl is integer and can we safely set > >1 number of pages, say 512 like the installer in CURRENT suggests? Default stack size on 32bit platforms is 2M. I left it to you as an excercise to guess what happens with the setting applied. For 64bit machines, default stack size is 4M, so there the failure mode is somewhat more involved. Anyway, this option is almost equivalent to executing 'rm /lib/libthr.so.3', perhaphs rm is even beter. SECURITY ! HARDENING !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170717102459.GJ1935>