mirror of
https://github.com/freebsd/freebsd-src
synced 2024-10-15 04:43:53 +00:00
Update ASLR stack sysctl description in security.7 and mitigations.7
In an earlier implementation the stack (gap) was randomized when the enable sysctl was set and ASLR was also enabled (in general) for the binary. In the current implementation the sysctl operates independently. Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D42357
This commit is contained in:
parent
1798b44fda
commit
d521abdff2
|
@ -120,7 +120,7 @@ Reserve the legacy
|
|||
.Xr sbrk 2
|
||||
region for compatibility with older binaries.
|
||||
.It Va kern.elf32.aslr.stack
|
||||
If ASLR is enabled for a process, also randomize the stack location.
|
||||
Randomize the stack location for 32-bit ELF binaries.
|
||||
.El
|
||||
.Pp
|
||||
Global controls for 64-bit processes:
|
||||
|
@ -135,7 +135,7 @@ Reserve the legacy
|
|||
.Xr sbrk 2
|
||||
region for compatibility with older binaries.
|
||||
.It Va kern.elf64.aslr.stack
|
||||
If ASLR is enabled for a process, also randomize the stack location.
|
||||
Randomize the stack location for 64-bit ELF binaries.
|
||||
.El
|
||||
.Pp
|
||||
To execute a command with ASLR enabled or disabled:
|
||||
|
|
|
@ -1065,8 +1065,7 @@ position-independent (PIE) 32-bit binaries.
|
|||
Makes ASLR less aggressive and more compatible with old binaries
|
||||
relying on the sbrk area.
|
||||
.It Dv kern.elf32.aslr.stack
|
||||
If ASLR is enabled for a binary, a non-zero value enables randomization
|
||||
of the stack.
|
||||
Enable randomization of the stack for 32-bit binaries.
|
||||
Otherwise, the stack is mapped at a fixed location determined by the
|
||||
process ABI.
|
||||
.It Dv kern.elf64.aslr.enable
|
||||
|
|
Loading…
Reference in a new issue