Details

share/man/man7/security.7
4 ↗	(On Diff #60196)	Parts of this documentation were written
950 ↗	(On Diff #60196)	Maybe `.Fx provides`?
957 ↗	(On Diff #60196)	of <remove the> processes owned by a different uid
1043 ↗	(On Diff #60196)	And we should probably write "Position Independent Executable (PIE)" (Correct pluralization is left as an exercise)

More edits.

stack gap

bjk added inline comments.

share/man/man7/security.7
961 ↗	(On Diff #60338)	"sysctl's" is a possessive here; since there's only one sysctl in question the apostrophe should go before the final 's'.
969 ↗	(On Diff #60338)	Maybe "only allows unprivileged users to send"?
985 ↗	(On Diff #60338)	"so-called" is hyphenated. I'd consider wrapping Meltdown in .Dq as well, but that's less clear.
987 ↗	(On Diff #60338)	"By default, the system detects whether the CPU needs the workaround".
1002 ↗	(On Diff #60338)	spurious space here.
1007 ↗	(On Diff #60338)	Maybe, "which report errors other than"
1022 ↗	(On Diff #60338)	I think the grammar is better as "on NMI; this provides"
1042 ↗	(On Diff #60338)	"a non-zero value"
1043 ↗	(On Diff #60338)	"the end of the aux vector"
1045 ↗	(On Diff #60338)	comma both before and after "i.e.".

kib marked 9 inline comments as done.Jul 31 2019, 9:28 PM

kib added inline comments.

share/man/man7/security.7
961 ↗	(On Diff #60338)	No, kern.proc is the node under which real sysctls are located, like kern.proc.all etc.
969 ↗	(On Diff #60338)	It sounds strange that way, for me at least. I reformulated it differently.

bjk notes

This revision was not accepted when it landed; it landed in state Needs Review.Aug 6 2019, 5:06 PM

This revision was automatically updated to reflect the committed changes.

Provide the list of knobs related to mitigations.
ClosedPublic
Actions