Ed Maste wrote:
On 21 June 2017 at 20:22, Ed Maste <ema...@freebsd.org> wrote:
These changes are expected to be
committed to FreeBSD soon, and from there they will be merged to
stable branches and into updates for supported releases.
The changes have now been merged to HEAD in r320317.
https://svnweb.freebsd.org/changeset/base/320317
_______________________________________________
Been watching for it in 10-STABLE... didn't see it go in... did I miss it?
Regards,
Michelle
FWIW, been testing on various versions... seems that the Qualsys test
code are 3 examples. 'fgpe' and 'fgpu' seem to work on pre-11 under the
following senario... ulimit -v is set to unlimited. 'CVE-2017-1085'
appears not to work, setting ulimit -v to anything but unlimited seems
to break both 'fgpe' and 'fgpu' (to reasonable values I have tested so
far).... it also seemed only to work when all virtual memory was
exhausted (which made sizable processes and considerable allocation/run
times.) Follows is around 32G limit on the vm size (which unless it's
one of my DB servers) is about 16 times more than any process should need.
[michelle@10amd64 /usr/home/michelle]$ ulimit -Hv 34896609280
[michelle@10amd64 /usr/home/michelle]$ ulimit -a
socket buffer size (bytes, -b) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) 33554432
file size (blocks, -f) unlimited
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 294246
pipe size (512 bytes, -p) 1
stack size (kbytes, -s) 524288
cpu time (seconds, -t) unlimited
max user processes (-u) 14043
virtual memory (kbytes, -v) 34896609280
swap size (kbytes, -w) unlimited
[michelle@10amd64 /usr/home/michelle]$ time ./CVE-2017-1085
died in main: 49
real 45m3.659s
user 3m45.577s
sys 41m14.028s
[michelle@10amd64 /usr/home/michelle]$ time ./fgpu
Segmentation fault: 11
real 49m1.494s
user 2m38.926s
sys 46m17.542s
[michelle@10amd64 /usr/home/michelle]$ time ./fgpe
died in alloc: 38
real 46m9.318s
user 2m25.527s
sys 43m38.170s
[michelle@10amd64 /usr/home/michelle]$
Same system only 'exploited' when 'unlimited' as follows:
[michelle@10amd64 /usr/home/michelle]$ ./fgpe
char at 0x7ffff4297000: 41; final dist 34998 (198609078)
[michelle@10amd64 /usr/home/michelle]$ ./fgpu
char at 0x7ffffffde000: 41
Though the 'CVE-2017-1085' only seg faulted...
[michelle@10amd64 /usr/home/michelle]$ ./CVE-2017-1085
Segmentation fault: 11
All amd64 (haven't gotten around to testing i386 yet)
Know of any other tests... or are these pretty typical/comprehensive?
(being that setting a system wide hard limit of say 32G would seem to
work around the issue...)
Thanks in advance..
--
Michelle Sullivan
http://www.mhix.org/
_______________________________________________
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscr...@freebsd.org"
