[gjadi]

Congrats to the team.

I looked briefly at the relnotes[1], there is some scary stuff, such as this vulnerability in ping(1): https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15...

Since a lot of code is shared between BSDs, I wonder if others have the same vulnerabilities.

1: https://www.freebsd.org/releases/12.4R/relnotes/

[xcdzvyn]

This vulnerability was very much overblown.

(1) capsicum prevents the attacker from doing anything but making malicious network requests

(2) this is just a stack overflow, for ACE the attacker needs to fit their payload in under 40 bytes

[rurban]

This ping vuln is not shared anywhere. It is based on a freebsd-specific "optimization" from 2019. Other pings are totally different, I also have my own ping, and it's not affected.

[rwaksmunski]

> The ping process runs in a capability mode sandbox on all affected versions of FreeBSD and is thus very constrained in how it can interact with the rest of the system at the point where the bug can occur.

[boomboomsubban]

I would assume there's some level of communication between the various security teams, enough that someone would check if OpenBSD/MacOS had the same bug before they went public with it at least.

[trasz2]

Note that, thanks to capsicum(4), this vulnerability is not very exploitable.

[gjadi]

Thanks, I didn't know about capsicum(4) and I completely overlooked the mention of sandboxing in the impact section.