Update ASLR stack sysctl description in security.7 and mitigations.7

In an earlier implementation the stack (gap) was randomized when the enable sysctl was set and ASLR was also enabled (in general) for the binary. In the current implementation the sysctl operates independently. Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D42357
2024-10-15 04:43:53 +00:00 · 2023-10-24 18:06:59 -04:00 · 2023-10-24 18:06:59 -04:00 · d521abdff2
parent 1798b44fda
commit d521abdff2
2 changed files with 3 additions and 4 deletions
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@ -120,7 +120,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf32.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 32-bit ELF binaries.
 .El
 .Pp
 Global controls for 64-bit processes:
@ -135,7 +135,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf64.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 64-bit ELF binaries.
 .El
 .Pp
 To execute a command with ASLR enabled or disabled:
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@ -1065,8 +1065,7 @@ position-independent (PIE) 32-bit binaries.
 Makes ASLR less aggressive and more compatible with old binaries
 relying on the sbrk area.
 .It Dv kern.elf32.aslr.stack
-If ASLR is enabled for a binary, a non-zero value enables randomization
-of the stack.
+Enable randomization of the stack for 32-bit binaries.
 Otherwise, the stack is mapped at a fixed location determined by the
 process ABI.
 .It Dv kern.elf64.aslr.enable