Date: Wed, 21 Jun 2017 20:22:36 -0400 From: Ed Maste <emaste@freebsd.org> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: The Stack Clash vulnerability Message-ID: <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com> In-Reply-To: <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com> References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com> <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 20 June 2017 at 16:22, Ed Maste <emaste@freebsd.org> wrote: > On 20 June 2017 at 04:13, Vladimir Terziev <vterziev@gvcgroup.com> wrote: >> Hi, >> >> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS. > > Yes, the security team is aware of this. Improvements in stack > handling are in progress (currently in review). I would like to provide some additional background on this issue. First I'd like to thank Qualys for their detailed and thorough investigation, which is contributing directly to improving FreeBSD. The FreeBSD security team is aware of and is monitoring this issue, but is not directly developing in the changes that are in progress. The issue under discussion is a limitation in a vulnerability mitigation technique. Changes to improve the way FreeBSD manages stack growth, and mitigate the issue demonstrated by Qualys' proof-of-concept code, are in progress by FreeBSD developers knowledgeable in the VM subsystem. These changes are expected to be committed to FreeBSD soon, and from there they will be merged to stable branches and into updates for supported releases. -Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA>