stack_guard hardening bsdinstall option in STABLE and 11.1

Glen Barber gjb at FreeBSD.org
Mon Jul 17 14:11:18 UTC 2017


On Mon, Jul 17, 2017 at 03:47:08PM +0200, Vlad K. wrote:
> On 2017-07-17 15:33, Glen Barber wrote:
> > 
> > No, this is not available in the 11.1 installer.
> > 
> 
> Thanks but that's why I asked why's that. r320674 said MFC after 1 day. Is
> it too late for 11.1-RELEASE, so it'll be applied to 11-STABLE, or is there
> another reason?
> 
> If its' too late, does that mean it's too late for the installer, but the
> new stack_guard code is there in STABLE and I am guessing will be part of
> 11.1, so we can assume the sysctl to be an integer (as opposed to
> enable/disable semantics of the sysctl in 11.0)? In other words, is it safe
> to ramp up the gap size in 11.1?
> 

kib gave feedback on this in an earlier reply (which I missed before
replying myself).

Glen

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20170717/2aaaca2a/attachment.sig>


More information about the freebsd-stable mailing list