git: d521abdff236 - main - Update ASLR stack sysctl description in security.7 and mitigations.7
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 22:32:09 UTC
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=d521abdff2367a5c72a773a815fc3d99403274f5 commit d521abdff2367a5c72a773a815fc3d99403274f5 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2023-10-24 22:06:59 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-10-24 22:29:25 +0000 Update ASLR stack sysctl description in security.7 and mitigations.7 In an earlier implementation the stack (gap) was randomized when the enable sysctl was set and ASLR was also enabled (in general) for the binary. In the current implementation the sysctl operates independently. Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D42357 --- share/man/man7/mitigations.7 | 4 ++-- share/man/man7/security.7 | 3 +-- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7 index fed16d7b325f..950d84042c71 100644 --- a/share/man/man7/mitigations.7 +++ b/share/man/man7/mitigations.7 @@ -120,7 +120,7 @@ Reserve the legacy .Xr sbrk 2 region for compatibility with older binaries. .It Va kern.elf32.aslr.stack -If ASLR is enabled for a process, also randomize the stack location. +Randomize the stack location for 32-bit ELF binaries. .El .Pp Global controls for 64-bit processes: @@ -135,7 +135,7 @@ Reserve the legacy .Xr sbrk 2 region for compatibility with older binaries. .It Va kern.elf64.aslr.stack -If ASLR is enabled for a process, also randomize the stack location. +Randomize the stack location for 64-bit ELF binaries. .El .Pp To execute a command with ASLR enabled or disabled: diff --git a/share/man/man7/security.7 b/share/man/man7/security.7 index a48e3607f0e5..71107b29ba11 100644 --- a/share/man/man7/security.7 +++ b/share/man/man7/security.7 @@ -1065,8 +1065,7 @@ position-independent (PIE) 32-bit binaries. Makes ASLR less aggressive and more compatible with old binaries relying on the sbrk area. .It Dv kern.elf32.aslr.stack -If ASLR is enabled for a binary, a non-zero value enables randomization -of the stack. +Enable randomization of the stack for 32-bit binaries. Otherwise, the stack is mapped at a fixed location determined by the process ABI. .It Dv kern.elf64.aslr.enable