stack_guard hardening bsdinstall option in STABLE and 11.1
Vlad K.
vlad-fbsd at acheronmedia.com
Mon Jul 17 23:17:45 UTC 2017
On 2017-07-18 00:09, Mark Millard wrote:
> (Although I expect Konstantin Belousov's note here is
> the first public description of the problem's details.)
Thanks for explaining the problem. I guess this was the reason why I
failed to parse kib's reply, this was the first bit of info I
encountered on that patch being effectively "broken" that way.
> I agree that you did not get an answer for the other
> part:
>
>> I simply asked if it's safe to assume the sysctl to be an integer in
>
>> 11.1
>
>
> I've not gone through any draft 11.1-release code to
> check.
It appears to be, the code is MFC'd with (if I'm correct) r320666. I've
ran some tests in -RC3 and indeed it works, though probably for the
reason you explained above (guard page eating into the stack), raising
the stack_guard_pages sufficiently high (eg. 512 pages like the
bsdinstaller in CURRENT defaults to) crashes threaded programs.
If that is so, though, I wonder why it's not reverted, or at least the
sysctl temporarily patched to remain boolean (or turned off completely).
And the bsdinstaller option in CURRENT now essentially enables buggy and
unstable behavior. If this is a known issue, why default to it in
CURRENT.
Anyway thanks for taking time to explain, this answers my questions.
--
Vlad K.
More information about the freebsd-stable
mailing list