Date: Thu, 22 Jun 2017 12:00:33 +0200 From: Remko Lodder <remko@FreeBSD.org> To: Michelle Sullivan <michelle@sorbs.net> Cc: Ed Maste <emaste@freebsd.org>, "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: The Stack Clash vulnerability Message-ID: <0F042A4B-CB52-47EB-A191-D7617E51789A@FreeBSD.org> In-Reply-To: <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net> References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com> <CAPyFy2CicxYBZpyy-pHS%2BQ=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com> <CAPyFy2C4-hKG=hh0=th%2BRDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com> <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On 22 Jun 2017, at 03:10, Michelle Sullivan <michelle@sorbs.net> = wrote: >=20 > Ed Maste wrote: >> On 20 June 2017 at 16:22, Ed Maste <emaste@freebsd.org> wrote: >>> On 20 June 2017 at 04:13, Vladimir Terziev <vterziev@gvcgroup.com> = wrote: >>>> Hi, >>>>=20 >>>> I assume FreeBSD security team is already aware about the Stack = Clash vulnerability, that is stated to affect FreeBSD amongst other = Unix-like OS. >>> Yes, the security team is aware of this. Improvements in stack >>> handling are in progress (currently in review). >> I would like to provide some additional background on this issue. >> First I'd like to thank Qualys for their detailed and thorough >> investigation, which is contributing directly to improving FreeBSD. >>=20 >> The FreeBSD security team is aware of and is monitoring this issue, >> but is not directly developing in the changes that are in progress. >> The issue under discussion is a limitation in a vulnerability >> mitigation technique. Changes to improve the way FreeBSD manages = stack >> growth, and mitigate the issue demonstrated by Qualys' >> proof-of-concept code, are in progress by FreeBSD developers >> knowledgeable in the VM subsystem. These changes are expected to be >> committed to FreeBSD soon, and from there they will be merged to >> stable branches and into updates for supported releases. >=20 > One would hope considering the nature and potential threat this would = be one of those fixes back ported to previous -STABLE trees as well. >=20 Hi Michelle, On a general note: When we fix issues, they go to the supported branches / releases. 7.x = for example is no longer supported and is not likely to receive this = care and attention unless someone is willing to support such a change to = that branch. For supported branches, such a change is likely to be = merged to those branches and also to supported releases depending on the = determination. E.g. A Security Advisory (SA) or Errata Notice (EN) will = be merged to affected -RELEASES as well. If an issue does not get one of = those two markers, the issue will not be merged to -RELEASES but can be = merged to -STABLE branches. The above is a general note and not specifically pointed towards =E2=80=9C= The Stack Clash=E2=80=9D documents, so this can support potential future = questions in the same area as well :-) Cheers Remko >=20 > -- > Michelle Sullivan > http://www.mhix.org/ <http://www.mhix.org/>; >=20 > _______________________________________________ > freebsd-security@freebsd.org <mailto:freebsd-security@freebsd.org> = mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security = <https://lists.freebsd.org/mailman/listinfo/freebsd-security>; > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org = <mailto:freebsd-security-unsubscribe@freebsd.org>" --Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJZS5VCAAoJEHE1jtY/d0B5SZwQAJDIs1XR6pOEDJCbaDSPa2xF SZtJlTyje5taJC8M9Llk+HS1Zzy/wxfXTCVb+n6o4LKUv8p3qkQFc0iU0ZSIRL5d jVwo4SCdSJVoNrqqSR3yrU4QFDwiSkUnRq+HJCEnIMqMnvwyMNMxAmiQCmwVsAp2 mP8ViB3rWQmby2PxNGeWoQ0e+YMP3LmmL2PD4IH2jB2qMCxsvdgS6l8xnvxJwFyc iDMKWMbFVsEo9Lm6KL0CxLtk8/GOTE6b5Rxxlar5oHlXxrRsMR2msfHw87nDOscJ XrlaGSDCttS9ccfUv8PyV+5LUQz8mvTxFTcnkCEHOFLDVhE19l5S/7ZFILLqrmdQ PMK6Q+OebI1VElLRaavXpFBJlJ1+C6m0HdrQjagm9KDhw9ev11Q9TIHEu8hgzZ9Q dfpLGLTjh+UIRLSt8HS1E6G+35GMPUTtf3oMGAnU58exaxL6JPq6s2J5wbMSBAWE HkKSXnYVFKmx7yJ5P2nsrX4hF5EOZ6wJ7xmY2NwmZsrOUhPLIr3QMUuAi0kdwxBg r0bJz8GUU+COaeoBkZiIehu0qOYSsbdCCs0nJ4x8LVMbc0753NVAR9gT03GwzSIT CPT+zh9s19UkilEEKnUSTvkFfjlTEw7jyWLnwnIp6Vm4Uan9M18Zw0K6n8W+ZJiK IW/4YAMoG+9Owv39iCSA =Vfz+ -----END PGP SIGNATURE----- --Apple-Mail=_EB28011D-2E8C-496C-8E6A-F96634FE3FD1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0F042A4B-CB52-47EB-A191-D7617E51789A>