The Stack Clash vulnerability
Shawn Webb
shawn.webb at hardenedbsd.org
Wed Jul 5 01:56:29 UTC 2017
On Tue, Jul 04, 2017 at 09:32:37PM -0400, Ed Maste wrote:
> On 3 July 2017 at 12:29, Michelle Sullivan <michelle at sorbs.net> wrote:
> >
> > Been watching for it in 10-STABLE... didn't see it go in... did I miss it?
>
> It hasn't yet been merged -- there were a couple of issues with the
> initial commit which were fixed shortly after in HEAD. We are now
> waiting on the MFC timer for the followup fixes (to provide time to
> find any other potential issue).
>
> > Know of any other tests...
>
> I'm not aware of any.
I've publicly reported at least one issue:
https://lists.freebsd.org/pipermail/freebsd-current/2017-July/066468.html
It also seems that setting stack_guard_page to any positive integer
value greater than 1 causes issues. For example, lang/rust will fail to
build and some GUI applications will fail to start. I've also noticed a
regression with mysql56-server when stack_guard_page is set to a
positive integer value greater than 1. All my testing so far has only
been on amd64. I have arm64 devices running the same code, but they
don't do nearly as intensive work as my amd64 systems.
It seems the MAP_GUARD work needs more exhaustive testing on 12-CURRENT.
Thanks,
--
Shawn Webb
Cofounder and Security Engineer
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170704/64b71156/attachment.sig>
More information about the freebsd-security
mailing list