Date: Tue, 4 Jul 2017 21:56:21 -0400 From: Shawn Webb <shawn.webb@hardenedbsd.org> To: Ed Maste <emaste@freebsd.org> Cc: Michelle Sullivan <michelle@sorbs.net>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: The Stack Clash vulnerability Message-ID: <20170705015621.6bvp75vwdjeyo4vo@mutt-hbsd> In-Reply-To: <CAPyFy2A%2B_8nK8hnou5BDQV9Er4pJc%2BUW95KjaVMttdMDKd%2BQDQ@mail.gmail.com> References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com> <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com> <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com> <CAPyFy2CcJavhKeg2YXZ4NLT9R00X%2BzMOfZny9KD73NcUB_-11g@mail.gmail.com> <3bca2dbd-dc2f-ca7a-e0ce-eb7d6cf0b3e5@sorbs.net> <CAPyFy2A%2B_8nK8hnou5BDQV9Er4pJc%2BUW95KjaVMttdMDKd%2BQDQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--4uulp2m5ruzart6f Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Jul 04, 2017 at 09:32:37PM -0400, Ed Maste wrote: > On 3 July 2017 at 12:29, Michelle Sullivan <michelle@sorbs.net> wrote: > > > > Been watching for it in 10-STABLE... didn't see it go in... did I miss = it? >=20 > It hasn't yet been merged -- there were a couple of issues with the > initial commit which were fixed shortly after in HEAD. We are now > waiting on the MFC timer for the followup fixes (to provide time to > find any other potential issue). >=20 > > Know of any other tests... >=20 > I'm not aware of any. I've publicly reported at least one issue: https://lists.freebsd.org/pipermail/freebsd-current/2017-July/066468.html It also seems that setting stack_guard_page to any positive integer value greater than 1 causes issues. For example, lang/rust will fail to build and some GUI applications will fail to start. I've also noticed a regression with mysql56-server when stack_guard_page is set to a positive integer value greater than 1. All my testing so far has only been on amd64. I have arm64 devices running the same code, but they don't do nearly as intensive work as my amd64 systems. It seems the MAP_GUARD work needs more exhaustive testing on 12-CURRENT. Thanks, --=20 Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE --4uulp2m5ruzart6f Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEKrq2ve9q9Ia+iT2eaoRlj1JFbu4FAllcR0MACgkQaoRlj1JF bu67lA/7BeCw+jqqKambWT7JB9cBHQ9iJUJg3TgbiVCnwslxZWUql7fzHQDrzfkF d8JRRyIghd+r5bPfwbCIAAzzzB4SvwLZXDuZDCCailW7WFxWB7LisX06Bn4dm0Yw i7hIc9fYewxbffSOAvg+6PFw6Pp55KKd9NBuTRNufO48JDMK8jaJuATbHCj3y17k cXpQYrrABZ3mhFPm9HrmIC4BKKOOi6FpFi8bmwK7sU7etGl/S7k3itI1HMdk5qo4 O2EjBwhlWCp5UcmBhNZY5N0IV8US6wxTNqTB5ympvd6ysBKH70zAyESG5cmHuoMA YVsZz9/pns9ivPLgReSBQ9Bex+ZbIgeO/XM4ZfDH3J2uTTxshXtaYbZGYpxPL/PG uPesvtOFa/SKXRvjwodRX5NkI+/4zVVCjhu7rEuT4+2MJUfPrg5kGXiMwA+cZdmQ UOZXobpGmgWTHa/M1J/QMnGpoVgmpLNLEuZVVIzjSqbwR3afbEsGA0/ek/8PRa3i VRH7F0zetmv92dpEm8BROpOhh99UC9j/jWqCdVDKIf9r5xab6as74QIgKeC3zgs1 q1Zw0othKwwca5FHegjakGo7sj1d41E5jDo1OhesVDfDabv96oSCDFXW3A73uBPr 5NxG84Zip3wbSZXus47hxmo/FnHIElLT89ypigb9gYHaJSwAUfU= =BNL9 -----END PGP SIGNATURE----- --4uulp2m5ruzart6f--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170705015621.6bvp75vwdjeyo4vo>