From owner-freebsd-security@freebsd.org Thu Jun 22 00:22:58 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2A08BD9BCF1 for ; Thu, 22 Jun 2017 00:22:58 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-it0-x244.google.com (mail-it0-x244.google.com [IPv6:2607:f8b0:4001:c0b::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E6CD88395C for ; Thu, 22 Jun 2017 00:22:57 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: by mail-it0-x244.google.com with SMTP id f20so2421292itb.2 for ; Wed, 21 Jun 2017 17:22:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=SyeHwK+Zp1OzVkm6Y9LlYXaNegrt32VMMvJqoYxqvZw=; b=d480C4zD44jJd7YmdIhsQryss5xWk7uc5ZavGUFewqXpvVoOdk/woldAZPCAO1l40L iLYYpfFxEJrMyIkqqju/AOoOPIpe6tAJsKxNaAKC1LBPiNeYI0QFAuucYFk6i+HOdnGw AzpU3P6Ccq7kpe5QAlxpjcl4vl6fQB/6dvPZx6OU4TgLfLYNshBca5uAI+wfAn4tLT++ kMTpNGIjI7kOfjzoG+iFgoalM4i3C85j/5XRfA5Mde14yipFHivET5DmgnN96jXZFbWK S3I7sFOtTT4ML+R7MpUOefhaRldPiq+yUbFdme+T0eMZKaOAHmFh37kv/g4V26XsxQG6 yEtw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to; bh=SyeHwK+Zp1OzVkm6Y9LlYXaNegrt32VMMvJqoYxqvZw=; b=p1OFO1N1kkk1HS+MMOEba/mCzV4Uj21L6UZ83NpPE3n2gxgN1gxrm8YlYuJKjC5RsY L1xGOsLpU6d0vUr+/BTcWDlhsYIhNVgyTk0tKwKBLxpTjpaQP2AlW/dgiSciksxNFbsA 6Fqdw01O8PfVMaZ54623qFVta2DWEHexHRiPKretS8KwmNtbsRtYB4mVRzl5zLL7hbev Xx3wPmqW4pdyO1Y0KTVqKtPOBN8xd5UrkudG1zp2Z3gei3e9oExcJCd+i62bb6wOjWoG uYEXi7vHWWny3h56nHVOj/NSxmscoM9cxxhRlMnfCFa4AHhixpstnT2x3EotHgHq2jHV OnOg== X-Gm-Message-State: AKS2vOxu7lrlhMokdx+BzyqNV+ds3nKTXeRRPRn3Asl0K4eZ1XFzn4A+ vkiIFT6u7vZrL4DWra94RqGd4uXo4GwEIxE= X-Received: by 10.36.65.18 with SMTP id x18mr523666ita.88.1498090977160; Wed, 21 Jun 2017 17:22:57 -0700 (PDT) MIME-Version: 1.0 Sender: carpeddiem@gmail.com Received: by 10.107.10.85 with HTTP; Wed, 21 Jun 2017 17:22:36 -0700 (PDT) In-Reply-To: References: From: Ed Maste Date: Wed, 21 Jun 2017 20:22:36 -0400 X-Google-Sender-Auth: hcrRh3MBuMw4QcJk8l30gJUYWI0 Message-ID: Subject: Re: The Stack Clash vulnerability To: "freebsd-security@freebsd.org" Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 00:22:58 -0000 On 20 June 2017 at 16:22, Ed Maste wrote: > On 20 June 2017 at 04:13, Vladimir Terziev wrote: >> Hi, >> >> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS. > > Yes, the security team is aware of this. Improvements in stack > handling are in progress (currently in review). I would like to provide some additional background on this issue. First I'd like to thank Qualys for their detailed and thorough investigation, which is contributing directly to improving FreeBSD. The FreeBSD security team is aware of and is monitoring this issue, but is not directly developing in the changes that are in progress. The issue under discussion is a limitation in a vulnerability mitigation technique. Changes to improve the way FreeBSD manages stack growth, and mitigate the issue demonstrated by Qualys' proof-of-concept code, are in progress by FreeBSD developers knowledgeable in the VM subsystem. These changes are expected to be committed to FreeBSD soon, and from there they will be merged to stable branches and into updates for supported releases. -Ed