tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: NetBSD 5.x security

In article <>,
Piotr Meyer  <> wrote:
>I made some research and I found following issues on NetBSD 5.x / i386
>in features described in security(8):
>1. ASLR
>   a) Bug described in: 
>      still exists and made ASLR unusable (random crashes, frequently
>      in applications linked with '-ltph').

This has to do with stack size; you can reduce the number of random
bits via sysctl if you want to use large stack sizes, or disable ASLR
on the binary. The bug report is still open, and we'll fix it properly
but this is a work-around.

>   b) System built witch MKPIE doesn't work at all, init still panics,
>      as described in:
>   - I tested botch cases. Yes, this doesn't work.

I think it is missing /lib/ too. This has been fixed in current.
I think you can either compile init without PIE or copy the library there.

>2. SSP (Stack Smashing Protection) is disabled by default:
>   (Interesting: looks like FreeBSD 8 has stack protection enabled by 
>    default:

I think so do we in x86/current.

>3. CVE-2009-2793 problem, described in:
> was fixed in Jan 2010
>   but still isn't backported to stable branch, so any local user can
>   cause panic on "stable" NetBSD 5.x installation (I test it). Is any
>   backport planned?

Yes, we will investigate what it would take to back-port it to netbsd-5.

>Did I miss something? I'm curious to know, how looks current TODO for 
>security in NetBSD: will be these issues fixed, or - maybe - some features 
>will be removed from distribution (or from specific ports)? 

Thanks for the report!


Home | Main Index | Thread Index | Old Index