git: 512c3cfb3cfd - stable/14 - Update ASLR stack sysctl description in security.7 and mitigations.7

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Ed Maste <emaste_at_FreeBSD.org>
Date: Sun, 07 Jan 2024 19:31:25 UTC
The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=512c3cfb3cfdc011b4622392d84e0818f7373ed6

commit 512c3cfb3cfdc011b4622392d84e0818f7373ed6
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-10-24 22:06:59 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-01-07 19:31:10 +0000

    Update ASLR stack sysctl description in security.7 and mitigations.7
    
    In an earlier implementation the stack (gap) was randomized when the
    enable sysctl was set and ASLR was also enabled (in general) for the
    binary.  In the current implementation the sysctl operates
    independently.
    
    Reviewed by:    kib
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D42357
    
    (cherry picked from commit d521abdff2367a5c72a773a815fc3d99403274f5)
---
 share/man/man7/mitigations.7 | 4 ++--
 share/man/man7/security.7    | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index fed16d7b325f..950d84042c71 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -120,7 +120,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf32.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 32-bit ELF binaries.
 .El
 .Pp
 Global controls for 64-bit processes:
@@ -135,7 +135,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf64.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 64-bit ELF binaries.
 .El
 .Pp
 To execute a command with ASLR enabled or disabled:
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index a48e3607f0e5..71107b29ba11 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -1065,8 +1065,7 @@ position-independent (PIE) 32-bit binaries.
 Makes ASLR less aggressive and more compatible with old binaries
 relying on the sbrk area.
 .It Dv kern.elf32.aslr.stack
-If ASLR is enabled for a binary, a non-zero value enables randomization
-of the stack.
+Enable randomization of the stack for 32-bit binaries.
 Otherwise, the stack is mapped at a fixed location determined by the
 process ABI.
 .It Dv kern.elf64.aslr.enable