From owner-freebsd-security@freebsd.org Thu Jun 22 10:00:21 2017 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6E52BD88246 for ; Thu, 22 Jun 2017 10:00:21 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from smtp-out.elvandar.org (gandalf.elvandar.org [149.210.225.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id C4CB9754A9; Thu, 22 Jun 2017 10:00:20 +0000 (UTC) (envelope-from remko@FreeBSD.org) Received: from mail1.elvandar.org (f239026.upc-f.chello.nl [80.56.239.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp-out.elvandar.org (Postfix) with ESMTPS id 8ED0C4707B0; Thu, 22 Jun 2017 12:00:16 +0200 (CEST) Received: from [10.20.28.168] (gdm.snow.nl [213.154.248.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail1.elvandar.org (Postfix) with ESMTPSA id F33071F9D9; Thu, 22 Jun 2017 12:00:12 +0200 (CEST) From: Remko Lodder Message-Id: <0F042A4B-CB52-47EB-A191-D7617E51789A@FreeBSD.org> Content-Type: multipart/signed; boundary="Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: The Stack Clash vulnerability Date: Thu, 22 Jun 2017 12:00:33 +0200 In-Reply-To: Cc: Ed Maste , "freebsd-security@freebsd.org" To: Michelle Sullivan References: X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: 8ED0C4707B0 X-Spamd-Result: default: False [2.56 / 15.00] RCVD_VIA_SMTP_AUTH(0.00)[] IP_SCORE(1.26)[ip: (1.47), ipnet: 80.56.0.0/16(1.53), asn: 6830(3.46), country: AT(-0.16)] TO_DN_SOME(0.00)[] TO_DN_EQ_ADDR_SOME(0.00)[] RCVD_COUNT_TWO(0.00)[2] R_DKIM_NA(0.00)[] RCVD_NO_TLS_LAST(0.00)[] RBL_SPAMHAUS_PBL(2.00)[26.239.56.80.zen.spamhaus.org : 127.0.0.11] RECEIVED_SPAMHAUS(0.00)[26.239.56.80.zen.spamhaus.org] RBL_SENDERSCORE(2.00)[26.239.56.80.bl.score.senderscore.com] HAS_ATTACHMENT(0.00)[] MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain] FROM_EQ_ENVFROM(0.00)[] R_SPF_SOFTFAIL(0.00)[~all] DMARC_NA(0.00)[FreeBSD.org] FROM_HAS_DN(0.00)[] MV_CASE(0.50)[] TO_MATCH_ENVRCPT_ALL(0.00)[] ARC_NA(0.00)[] MID_RHS_MATCH_FROM(0.00)[] BAYES_HAM(-3.00)[100.00%] ASN(0.00)[asn:6830, ipnet:80.56.0.0/16, country:AT] RCPT_COUNT_THREE(0.00)[3] X-Rspamd-Server: mx1.jr-hosting.nl X-Content-Filtered-By: Mailman/MimeDel 2.1.23 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Jun 2017 10:00:21 -0000 --Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 22 Jun 2017, at 03:10, Michelle Sullivan = wrote: >=20 > Ed Maste wrote: >> On 20 June 2017 at 16:22, Ed Maste wrote: >>> On 20 June 2017 at 04:13, Vladimir Terziev = wrote: >>>> Hi, >>>>=20 >>>> I assume FreeBSD security team is already aware about the Stack = Clash vulnerability, that is stated to affect FreeBSD amongst other = Unix-like OS. >>> Yes, the security team is aware of this. Improvements in stack >>> handling are in progress (currently in review). >> I would like to provide some additional background on this issue. >> First I'd like to thank Qualys for their detailed and thorough >> investigation, which is contributing directly to improving FreeBSD. >>=20 >> The FreeBSD security team is aware of and is monitoring this issue, >> but is not directly developing in the changes that are in progress. >> The issue under discussion is a limitation in a vulnerability >> mitigation technique. Changes to improve the way FreeBSD manages = stack >> growth, and mitigate the issue demonstrated by Qualys' >> proof-of-concept code, are in progress by FreeBSD developers >> knowledgeable in the VM subsystem. These changes are expected to be >> committed to FreeBSD soon, and from there they will be merged to >> stable branches and into updates for supported releases. >=20 > One would hope considering the nature and potential threat this would = be one of those fixes back ported to previous -STABLE trees as well. >=20 Hi Michelle, On a general note: When we fix issues, they go to the supported branches / releases. 7.x = for example is no longer supported and is not likely to receive this = care and attention unless someone is willing to support such a change to = that branch. For supported branches, such a change is likely to be = merged to those branches and also to supported releases depending on the = determination. E.g. A Security Advisory (SA) or Errata Notice (EN) will = be merged to affected -RELEASES as well. If an issue does not get one of = those two markers, the issue will not be merged to -RELEASES but can be = merged to -STABLE branches. The above is a general note and not specifically pointed towards =E2=80=9C= The Stack Clash=E2=80=9D documents, so this can support potential future = questions in the same area as well :-) Cheers Remko >=20 > -- > Michelle Sullivan > http://www.mhix.org/ >=20 > _______________________________________________ > freebsd-security@freebsd.org = mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security = > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org = " --Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZS5VCAAoJEHE1jtY/d0B5SZwQAJDIs1XR6pOEDJCbaDSPa2xF SZtJlTyje5taJC8M9Llk+HS1Zzy/wxfXTCVb+n6o4LKUv8p3qkQFc0iU0ZSIRL5d jVwo4SCdSJVoNrqqSR3yrU4QFDwiSkUnRq+HJCEnIMqMnvwyMNMxAmiQCmwVsAp2 mP8ViB3rWQmby2PxNGeWoQ0e+YMP3LmmL2PD4IH2jB2qMCxsvdgS6l8xnvxJwFyc iDMKWMbFVsEo9Lm6KL0CxLtk8/GOTE6b5Rxxlar5oHlXxrRsMR2msfHw87nDOscJ XrlaGSDCttS9ccfUv8PyV+5LUQz8mvTxFTcnkCEHOFLDVhE19l5S/7ZFILLqrmdQ PMK6Q+OebI1VElLRaavXpFBJlJ1+C6m0HdrQjagm9KDhw9ev11Q9TIHEu8hgzZ9Q dfpLGLTjh+UIRLSt8HS1E6G+35GMPUTtf3oMGAnU58exaxL6JPq6s2J5wbMSBAWE HkKSXnYVFKmx7yJ5P2nsrX4hF5EOZ6wJ7xmY2NwmZsrOUhPLIr3QMUuAi0kdwxBg r0bJz8GUU+COaeoBkZiIehu0qOYSsbdCCs0nJ4x8LVMbc0753NVAR9gT03GwzSIT CPT+zh9s19UkilEEKnUSTvkFfjlTEw7jyWLnwnIp6Vm4Uan9M18Zw0K6n8W+ZJiK IW/4YAMoG+9Owv39iCSA =Vfz+ -----END PGP SIGNATURE----- --Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1--