Today, I finished the Stack Clash mitigations in #HardenedBSD.
Here's the highlights:
1. Default 2MB guard between the bottom-most part of the stack and other memory mappings.
2. Plug the hole that makes the guard ineffective
3. Disallow applications from requesting or being granted memory mappings within the bottom-most limit of the stack and the top of the stack.
@liate Because implementing ASLR in #FreeBSD was Oliver's thesis research project and one of my personal goals. Out of the difficulties (and eventual failure) of upstreaming ASLR to FreeBSD was HardenedBSD born.
#FreeBSD would like to celebrate "National FreeBSD Day" with its stack guard page disabled: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
#HardenedBSD has it enabled by default.
"The second BETA build for the #FreeBSD 11.1 release cycle is now available." https://www.freebsd.org/news/newsflash.html#event20170617:01 #bsd #unix
3/3 #FreeBSD has packaged version 2.4.25 since December, but I assume Squid was regularizing headers for me. I guess HAProxy is more laissez-fare about these things, so the change exposed the server to this bug I wrote last year.
The right fix would be to re-flash the micro-controller with patched firmware, but that's a hassle. A quick and dirty workaround is to just tell Apache to relax. Adding `HttpProtocolOptions Unsafe` at least gets the data logging back up and running for now.