Re: fixes for stack clash vulnerability

2017-06-28 Thread Mark Millard
Jov amutu at amutu.com wrote on Wed Jun 28 14:40:16 UTC 2017

> There is a commit fix this: https://svnweb.freebsd.org/changeset/base/320317


Unfortunately the change broke other behavior resulting
in some failing stack allocations for new threads and
so there is also now:

https://lists.freebsd.org/pipermail/svn-src-head/2017-June/102259.html

and its:

https://svnweb.freebsd.org/changeset/base/320430

to keep the overall system behavior correct.

(At least that is my understanding of the relationship
between those two commits.)

===
Mark Millard
markmi at dsl-only.net

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


Re: fixes for stack clash vulnerability

2017-06-28 Thread Dan Mack


Thanks Jov - I missed it!  Looks like it will MFC around Saturday :-)

Dan

On Wed, 28 Jun 2017, Jov wrote:


There is a commit fix this: https://svnweb.freebsd.org/changeset/base/320317

Jov

2017年6月28日 10:27 PM,"Dan Mack" 写道:


FreeBSD is mentioned as being vulnerable to this and Qualsys has working
exploits which might be released soon:

  https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash

I don't remember seeing an advisory or seeing any fixes on the svn commit
stream so just curious.

Dan
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"


___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Re: fixes for stack clash vulnerability

2017-06-28 Thread Jov
There is a commit fix this: https://svnweb.freebsd.org/changeset/base/320317

Jov

2017年6月28日 10:27 PM,"Dan Mack" 写道:

> FreeBSD is mentioned as being vulnerable to this and Qualsys has working
> exploits which might be released soon:
>
>   https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
>
> I don't remember seeing an advisory or seeing any fixes on the svn commit
> stream so just curious.
>
> Dan
> ___
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
>
___
freebsd-current@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"