Glen Barber
2017-Jul-17 13:33 UTC
stack_guard hardening bsdinstall option in STABLE and 11.1
On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote:> Hello list, > > the stack_guard hardening option in bsdinstall is now setting 512 pages of > it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul 5th), but > STABLE hasn't got it yet. Is this simply an omission (understandable as the > RELEASE is being prepared so things are a bit hectic I guess), or is there > another reason? > > Can we assume that in 11.1 the sysctl is integer and can we safely set >1 > number of pages, say 512 like the installer in CURRENT suggests? >No, this is not available in the 11.1 installer. Glen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20170717/961dc30c/attachment.sig>
On 2017-07-17 15:33, Glen Barber wrote:> > No, this is not available in the 11.1 installer. > > GlenThanks but that's why I asked why's that. r320674 said MFC after 1 day. Is it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is there another reason? If its' too late, does that mean it's too late for the installer, but the new stack_guard code is there in STABLE and I am guessing will be part of 11.1, so we can assume the sysctl to be an integer (as opposed to enable/disable semantics of the sysctl in 11.0)? In other words, is it safe to ramp up the gap size in 11.1? -- Vlad K.