From owner-freebsd-security@freebsd.org  Thu Jun 22 01:10:49 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F055FD9CB64
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu, 22 Jun 2017 01:10:49 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40])
 by mx1.freebsd.org (Postfix) with ESMTP id D47CC84CC4;
 Thu, 22 Jun 2017 01:10:49 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII; format=flowed
Received: from isux.com (firewall.isux.com [213.165.190.213])
 by hades.sorbs.net
 (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013))
 with ESMTPSA id <0ORX004AICYMXB00@hades.sorbs.net>; Wed,
 21 Jun 2017 18:18:23 -0700 (PDT)
Subject: Re: The Stack Clash vulnerability
To: Ed Maste <emaste@freebsd.org>,
 "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>
 <CAPyFy2CicxYBZpyy-pHS+Q=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com>
 <CAPyFy2C4-hKG=hh0=th+RDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com>
From: Michelle Sullivan <michelle@sorbs.net>
Message-id: <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net>
Date: Thu, 22 Jun 2017 03:10:40 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0)
 Gecko/20100101 Firefox/49.0 SeaMonkey/2.46
In-reply-to: <CAPyFy2C4-hKG=hh0=th+RDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jun 2017 01:10:50 -0000

Ed Maste wrote:
> On 20 June 2017 at 16:22, Ed Maste <emaste@freebsd.org> wrote:
>> On 20 June 2017 at 04:13, Vladimir Terziev <vterziev@gvcgroup.com> wrote:
>>> Hi,
>>>
>>> I assume FreeBSD security team is already aware about the Stack Clash vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS.
>> Yes, the security team is aware of this. Improvements in stack
>> handling are in progress (currently in review).
> I would like to provide some additional background on this issue.
> First I'd like to thank Qualys for their detailed and thorough
> investigation, which is contributing directly to improving FreeBSD.
>
> The FreeBSD security team is aware of and is monitoring this issue,
> but is not directly developing in the changes that are in progress.
> The issue under discussion is a limitation in a vulnerability
> mitigation technique. Changes to improve the way FreeBSD manages stack
> growth, and mitigate the issue demonstrated by Qualys'
> proof-of-concept code, are in progress by FreeBSD developers
> knowledgeable in the VM subsystem. These changes are expected to be
> committed to FreeBSD soon, and from there they will be merged to
> stable branches and into updates for supported releases.

One would hope considering the nature and potential threat this would be 
one of those fixes back ported to previous -STABLE trees as well.


-- 
Michelle Sullivan
http://www.mhix.org/