Right, because I use libprocstat. Instead of using libprocstat to dynamically figure out the start of the stack, you can do other tricks to find out where the stack lies. Feel free to modify the code to better suit your environment.
On Tue, Jun 20, 2017 at 02:32:17PM +0100, Pawel Biernacki wrote: > Hi Shawn, > > Nice p0c, but it don't work with security.bsd.unprivileged_proc_debug=0, > which was initially enabled in the menu with hardening options. > > Pawel. > > > On 20 June 2017 at 14:15, Shawn Webb <[email protected]> wrote: > > > On Tue, Jun 20, 2017 at 08:13:46AM +0000, Vladimir Terziev wrote: > > > Hi, > > > > > > I assume FreeBSD security team is already aware about the Stack Clash > > vulnerability, that is stated to affect FreeBSD amongst other Unix-like OS. > > > > > > Just in case here is the analyses document of Qualys: > > > > > > https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt > > > > FreeBSD is indeed affected. I've written a PoC, which works even with > > the stack guard enabled: > > > > https://github.com/lattera/exploits/blob/master/FreeBSD/ > > StackClash/001-stackclash.c > > > > Thanks, > > > > -- > > Shawn Webb > > Cofounder and Security Engineer > > HardenedBSD > > > > GPG Key ID: 0x6A84658F52456EEE > > GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE > > > > > > -- > One of God's own prototypes. A high-powered mutant of some kind never > even considered for mass production. Too weird to live, and too rare to die. -- Shawn Webb Cofounder and Security Engineer HardenedBSD GPG Key ID: 0x6A84658F52456EEE GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
signature.asc
Description: PGP signature
