stack_guard hardening bsdinstall option in STABLE and 11.1
Konstantin Belousov
kostikbel at gmail.com
Mon Jul 17 10:25:07 UTC 2017
On Mon, Jul 17, 2017 at 11:54:06AM +0200, Vlad K. wrote:
> Hello list,
>
> the stack_guard hardening option in bsdinstall is now setting 512 pages
> of it in CURRENT, as of r320674. It's said to MFC after 1 day (on Jul
> 5th), but STABLE hasn't got it yet. Is this simply an omission
> (understandable as the RELEASE is being prepared so things are a bit
> hectic I guess), or is there another reason?
>
> Can we assume that in 11.1 the sysctl is integer and can we safely set
> >1 number of pages, say 512 like the installer in CURRENT suggests?
Default stack size on 32bit platforms is 2M. I left it to you as an
excercise to guess what happens with the setting applied.
For 64bit machines, default stack size is 4M, so there the failure mode is
somewhat more involved.
Anyway, this option is almost equivalent to executing 'rm /lib/libthr.so.3',
perhaphs rm is even beter. SECURITY ! HARDENING !
More information about the freebsd-stable
mailing list