From owner-freebsd-stable@freebsd.org Mon Jul 17 13:34:02 2017 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 953E8D7F724 for ; Mon, 17 Jul 2017 13:34:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 6EDEC1938; Mon, 17 Jul 2017 13:34:02 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from FreeBSD.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by freefall.freebsd.org (Postfix) with ESMTPS id 8439614B4D; Mon, 17 Jul 2017 13:34:01 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Date: Mon, 17 Jul 2017 13:33:59 +0000 From: Glen Barber To: "Vlad K." Cc: freebsd-stable@freebsd.org Subject: Re: stack_guard hardening bsdinstall option in STABLE and 11.1 Message-ID: <20170717133359.GP16843@FreeBSD.org> References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="YolNsh7G+K7zsfIR" Content-Disposition: inline In-Reply-To: X-Operating-System: FreeBSD 11.0-STABLE amd64 X-SCUD-Definition: Sudden Completely Unexpected Dataloss X-SULE-Definition: Sudden Unexpected Learning Event X-PEKBAC-Definition: Problem Exists, Keyboard Between Admin/Computer X-Spidey-Sense: Uh oh, Peter logged in User-Agent: Mutt/1.8.2 (2017-04-18) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Jul 2017 13:34:02 -0000 --YolNsh7G+K7zsfIR Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote: > Hello list, >=20 > the stack_guard hardening option in bsdinstall is now setting 512 pages of > it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul 5th), = but > STABLE hasn't got it yet. Is this simply an omission (understandable as t= he > RELEASE is being prepared so things are a bit hectic I guess), or is there > another reason? >=20 > Can we assume that in 11.1 the sysctl is integer and can we safely set >1 > number of pages, say 512 like the installer in CURRENT suggests? >=20 No, this is not available in the 11.1 installer. Glen --YolNsh7G+K7zsfIR Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEjRJAPC5sqwhs9k2jAxRYpUeP4pMFAllsvMcACgkQAxRYpUeP 4pMJ8hAAnjDJQkVpsRsPh6CF738V65UMgOMkjDmgeE76C0Z9IsaOHvfbsOfFXurs uuL62YnobmhrPJ+iyOU7V3gWynX1LLYsugVZ3xfDmqo0UXqn+OHZy4gN8+wwfMGM I8pju+7+Hw5e4q0m7OyGsezN0A2WTTg7J7OtaTv4k3iKr08yTCDdTOdYR34DclOz a/i26tQbDVKWfKnGFgGCXaXqKuAsQ39qZBJV3e3qlxOibaJB4UfoVhAyXUrCML9p d0VyY2vQb37BJ4FQ+IqCmirvEvEO3QGT/WR53tnnzs67zhUSfu7iXDRrvw5I36wg HMp6I5rr5t8HmkgcJkzj8x646NZzHfSYzhlHnRY7oS6LM8KDdhLuUZJmhXkJLcVv 9FpJpK3biSPzTqU82PWb8+wer3+rsT01bdJW7Ua7eb0kIMQqhi6jmu/uKW1sRqFp 9zT3RS5uQcvBw7ha+1Y4c67JGDgh8aRi7+kfcd7IQCvntgee/4pCtEXUqWK6dq35 tSTbaNpYt8FSzG8RNk4ZxHSwh7dFMTsaHso4ZpxjXjgJXzSZb8VOP7H9UpAY1Ce6 9nG9RhBaMZ7tnY2SV/zec9Q6l5EwtYUx8uk/e89UddalwhEQhthmVwlNFnW90fut ZW+MfOqudhHkYftrKI0AM/db2XgbgNZs9zH4qTkfQbtNOSq8k88= =9ChI -----END PGP SIGNATURE----- --YolNsh7G+K7zsfIR--