Ed Maste wrote:
On 20 June 2017 at 16:22, Ed Maste <ema...@freebsd.org> wrote:
On 20 June 2017 at 04:13, Vladimir Terziev <vterz...@gvcgroup.com> wrote:
Hi,
I assume FreeBSD security team is already aware about the Stack Clash
vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS.
Yes, the security team is aware of this. Improvements in stack
handling are in progress (currently in review).
I would like to provide some additional background on this issue.
First I'd like to thank Qualys for their detailed and thorough
investigation, which is contributing directly to improving FreeBSD.
The FreeBSD security team is aware of and is monitoring this issue,
but is not directly developing in the changes that are in progress.
The issue under discussion is a limitation in a vulnerability
mitigation technique. Changes to improve the way FreeBSD manages stack
growth, and mitigate the issue demonstrated by Qualys'
proof-of-concept code, are in progress by FreeBSD developers
knowledgeable in the VM subsystem. These changes are expected to be
committed to FreeBSD soon, and from there they will be merged to
stable branches and into updates for supported releases.
One would hope considering the nature and potential threat this would be
one of those fixes back ported to previous -STABLE trees as well.
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
