#HardenedBSD applies the following compiler flags to #OpenSSL in the base operating system:
-ftrivial-var-auto-init=zero
-fsanitize=safe-stack
-fzero-call-used-regs=used
The OpenSSL port (in the HardenedBSD ports tree exclusively) only enables the first option.
I wonder if the combination of these features would mitigate the OpenSSL stack-based buffer overflow vulnerability announced today. I hope to answer that question this evening unless someone else beats me to it.
Shawn Webb
in reply to Shawn Webb • • •#HardenedBSD applies the following compiler flags to #OpenSSL in the base operating system:
-ftrivial-var-auto-init=zero-fsanitize=safe-stack-fzero-call-used-regs=usedThe OpenSSL port (in the HardenedBSD ports tree exclusively) only enables the first option.
I wonder if the combination of these features would mitigate the OpenSSL stack-based buffer overflow vulnerability announced today. I hope to answer that question this evening unless someone else beats me to it.
For reference: openssl-library.org/news/vulne…
#CVE202515467 #infosec #FreeBSD
Vulnerabilities | OpenSSL Library
openssl-library.org