d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security.7: Minor fixes for ASLR sysctl descriptions

Browse Source 
Reviewed by:	debdrup, danfe, emaste
MFC after:	1 month
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D33908
This commit is contained in:
Mark Johnston 2022-01-17 11:44:01 -05:00
parent 6393594b03
commit 2188152717
1 changed files with 13 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
share/man/man7/security.7
View File

@ -1050,15 +1050,14 @@ instructions do not incur serialization overhead for shared buffer accesses,
and do not serialize off-core memory accessses.
.It Dv kern.elf32.aslr.enable
Controls system-global Address Space Layout Randomization (ASLR) for
normal non-PIE (Position Independent Executable) 32bit binaries.
See also
normal non-PIE (Position Independent Executable) 32-bit ELF binaries.
See also the
.Xr proccontrol 1
mode
.Dv aslr ,
also affected by the per-image control note flag.
.Dv aslr
mode, also affected by the per-image control note flag.
.It Dv kern.elf32.aslr.pie_enable
Controls system-global Address Space Layout Randomization for
position-independent (PIE) 32bit binaries.
position-independent (PIE) 32-bit binaries.
.It Dv kern.elf32.aslr.honor_sbrk
Makes ASLR less aggressive and more compatible with old binaries
relying on the sbrk area.
@ -1068,24 +1067,24 @@ of the stack.
Otherwise, the stack is mapped at a fixed location determined by the
process ABI.
.It Dv kern.elf64.aslr.enable
64bit binaries ASLR control.
ASLR control for 64-bit ELF binaries.
.It Dv kern.elf64.aslr.pie_enable
64bit PIE binaries ASLR control.
ASLR control for 64-bit ELF PIEs.
.It Dv kern.elf64.aslr.honor_sbrk
64bit binaries ASLR sbrk compatibility control.
ASLR sbrk compatibility control for 64-bit binaries.
.It Dv kern.elf64.aslr.stack
Controls stack address randomization for 64bit binaries.
Controls stack address randomization for 64-bit binaries.
.It Dv kern.elf32.nxstack
Enables non-executable stack for 32bit processes.
Enables non-executable stack for 32-bit processes.
Enabled by default if supported by hardware and corresponding binary.
.It Dv kern.elf64.nxstack
Enables non-executable stack for 64bit processes.
Enables non-executable stack for 64-bit processes.
.It Dv kern.elf32.allow_wx
Enables mapping of simultaneously writable and executable pages for
32bit processes.
32-bit processes.
.It Dv kern.elf64.allow_wx
Enables mapping of simultaneously writable and executable pages for
64bit processes.
64-bit processes.
.El
.Sh SEE ALSO
.Xr chflags 1 ,