On 2017-07-17 15:33, Glen Barber wrote:> > No, this is not available in the 11.1 installer. > > GlenThanks but that's why I asked why's that. r320674 said MFC after 1 day. Is it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is there another reason? If its' too late, does that mean it's too late for the installer, but the new stack_guard code is there in STABLE and I am guessing will be part of 11.1, so we can assume the sysctl to be an integer (as opposed to enable/disable semantics of the sysctl in 11.0)? In other words, is it safe to ramp up the gap size in 11.1? -- Vlad K.
Glen Barber
2017-Jul-17 14:11 UTC
stack_guard hardening bsdinstall option in STABLE and 11.1
On Mon, Jul 17, 2017 at 03:47:08PM +0200, Vlad K. wrote:> On 2017-07-17 15:33, Glen Barber wrote: > > > > No, this is not available in the 11.1 installer. > > > > Thanks but that's why I asked why's that. r320674 said MFC after 1 day. Is > it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is there > another reason? > > If its' too late, does that mean it's too late for the installer, but the > new stack_guard code is there in STABLE and I am guessing will be part of > 11.1, so we can assume the sysctl to be an integer (as opposed to > enable/disable semantics of the sysctl in 11.0)? In other words, is it safe > to ramp up the gap size in 11.1? >kib gave feedback on this in an earlier reply (which I missed before replying myself). Glen -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: not available URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20170717/2aaaca2a/attachment.sig>