From owner-freebsd-security@freebsd.org  Thu Jun 22 23:19:08 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id F17ACD967EA
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu, 22 Jun 2017 23:19:08 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
Received: from hades.sorbs.net (hades.sorbs.net [72.12.213.40])
 by mx1.freebsd.org (Postfix) with ESMTP id D310B6A635
 for <freebsd-security@freebsd.org>; Thu, 22 Jun 2017 23:19:08 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII; format=flowed
Received: from isux.com (firewall.isux.com [213.165.190.213])
 by hades.sorbs.net
 (Oracle Communications Messaging Server 7.0.5.29.0 64bit (built Jul 9 2013))
 with ESMTPSA id <0ORZ00KVH2GO5M00@hades.sorbs.net> for
 freebsd-security@freebsd.org; Thu, 22 Jun 2017 16:26:49 -0700 (PDT)
Subject: Re: The Stack Clash vulnerability
To: Peter Jeremy <peter@rulingia.com>
Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>
References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>
 <CAPyFy2CicxYBZpyy-pHS+Q=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com>
 <CAPyFy2C4-hKG=hh0=th+RDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com>
 <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net>
 <0F042A4B-CB52-47EB-A191-D7617E51789A@FreeBSD.org>
 <187b2241-510e-20f8-50c6-16b318e22e89@sorbs.net>
 <20170622222930.GA36405@server.rulingia.com>
From: Michelle Sullivan <michelle@sorbs.net>
Message-id: <fd64b255-6c47-1ac1-b5df-2edbdc02d550@sorbs.net>
Date: Fri, 23 Jun 2017 01:19:05 +0200
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:49.0)
 Gecko/20100101 Firefox/49.0 SeaMonkey/2.46
In-reply-to: <20170622222930.GA36405@server.rulingia.com>
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jun 2017 23:19:09 -0000

Peter,

Peter Jeremy wrote:
>
> paying someone to provide whatever level of support you want.  With
> respect to your 9.x servers, no-one is saying you must replace the
> hardware, just that the FreeBSD Project will not continue to provide
> you with free support whilst you choose to run 9.x on them.  Note that
>
You mistake me for someone who needs or is asking for support.

I already have the proposed patch available to me on my servers, I'm not 
convinced it solves the issue, merely making it a *lot* more difficult 
to exploit, however that was my 'first look' I have a lot more to 
understand and think about and there are many more people of higher 
intelligence looking at it than me.

That said, I'm suggesting that given the amount of time this issue has 
been around and that it was supposedly fixed many years ago, that one 
should consider a special case backport for those that are not capable 
of creating their own patches... and before throwing accusations around 
you should consider how many times I have ever suggested that a 
particular bug gets backported...  If you can't be bothered to check, 
this is the first since I started using FreeBSD in 2003.

-- 
Michelle Sullivan
http://www.mhix.org/