Hi Shawn, Nice p0c, but it don't work with security.bsd.unprivileged_proc_debug=0, which was initially enabled in the menu with hardening options.
Pawel. On 20 June 2017 at 14:15, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote: > > Hi, > > > > I assume FreeBSD security team is already aware about the Stack Clash > vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS. > > > > Just in case here is the analyses document of Qualys: > > > > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > FreeBSD is indeed affected. I've written a PoC, which works even with > the stack guard enabled: > > https://github.com/lattera/exploits/blob/master/FreeBSD/ > StackClash/001-stackclash.c > > Thanks, > > -- > Shawn Webb > Cofounder and Security Engineer > HardenedBSD > > GPG Key ID: 0x6A84658F52456EEE > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > -- One of God's own prototypes. A high-powered mutant of some kind never even considered for mass production. Too weird to live, and too rare to die. _______________________________________________ freebsd-security@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
