Date: Thu, 22 Jun 2017 03:10:40 +0200 From: Michelle Sullivan <michelle@sorbs.net> To: Ed Maste <emaste@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: The Stack Clash vulnerability Message-ID: <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net> In-Reply-To: <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com> References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com> <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com> <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ed Maste wrote: > On 20 June 2017 at 16:22, Ed Maste <emaste@freebsd.org> wrote: >> On 20 June 2017 at 04:13, Vladimir Terziev <vterziev@gvcgroup.com> wrote: >>> Hi, >>> >>> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS. >> Yes, the security team is aware of this. Improvements in stack >> handling are in progress (currently in review). > I would like to provide some additional background on this issue. > First I'd like to thank Qualys for their detailed and thorough > investigation, which is contributing directly to improving FreeBSD. > > The FreeBSD security team is aware of and is monitoring this issue, > but is not directly developing in the changes that are in progress. > The issue under discussion is a limitation in a vulnerability > mitigation technique. Changes to improve the way FreeBSD manages stack > growth, and mitigate the issue demonstrated by Qualys' > proof-of-concept code, are in progress by FreeBSD developers > knowledgeable in the VM subsystem. These changes are expected to be > committed to FreeBSD soon, and from there they will be merged to > stable branches and into updates for supported releases. One would hope considering the nature and potential threat this would be one of those fixes back ported to previous -STABLE trees as well. -- Michelle Sullivan http://www.mhix.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5>