Changeset View
Changeset View
Standalone View
Standalone View
head/share/man/man7/security.7
Show All 22 Lines | |||||
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
.\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
.\" | .\" | ||||
.\" $FreeBSD$ | .\" $FreeBSD$ | ||||
.\" | .\" | ||||
.Dd June 11, 2020 | .Dd November 28, 2020 | ||||
.Dt SECURITY 7 | .Dt SECURITY 7 | ||||
.Os | .Os | ||||
.Sh NAME | .Sh NAME | ||||
.Nm security | .Nm security | ||||
.Nd introduction to security under FreeBSD | .Nd introduction to security under FreeBSD | ||||
.Sh DESCRIPTION | .Sh DESCRIPTION | ||||
Security is a function that begins and ends with the system administrator. | Security is a function that begins and ends with the system administrator. | ||||
While all | While all | ||||
▲ Show 20 Lines • Show All 1,016 Lines • ▼ Show 20 Lines | |||||
.Dv aslr , | .Dv aslr , | ||||
also affected by the per-image control note flag. | also affected by the per-image control note flag. | ||||
.It Dv kern.elf32.aslr.pie_enable | .It Dv kern.elf32.aslr.pie_enable | ||||
Controls system-global Address Space Layout Randomization for | Controls system-global Address Space Layout Randomization for | ||||
position-independent (PIE) 32bit binaries. | position-independent (PIE) 32bit binaries. | ||||
.It Dv kern.elf32.aslr.honor_sbrk | .It Dv kern.elf32.aslr.honor_sbrk | ||||
Makes ASLR less aggressive and more compatible with old binaries | Makes ASLR less aggressive and more compatible with old binaries | ||||
relying on the sbrk area. | relying on the sbrk area. | ||||
.It Dv kern.elf32.aslr.aslr_stack_gap | .It Dv kern.elf32.aslr.stack_gap | ||||
If ASLR is enabled for a binary, a non-zero value creates a randomized | If ASLR is enabled for a binary, a non-zero value creates a randomized | ||||
stack gap between strings and the end of the aux vector. | stack gap between strings and the end of the aux vector. | ||||
The value is the maximum percentage of main stack to waste on the gap. | The value is the maximum percentage of main stack to waste on the gap. | ||||
Cannot be greater than 50, i.e., at most half of the stack. | Cannot be greater than 50, i.e., at most half of the stack. | ||||
.It Dv kern.elf64.aslr.enable | .It Dv kern.elf64.aslr.enable | ||||
64bit binaries ASLR control. | 64bit binaries ASLR control. | ||||
.It Dv kern.elf64.aslr.pie_enable | .It Dv kern.elf64.aslr.pie_enable | ||||
64bit PIE binaries ASLR control. | 64bit PIE binaries ASLR control. | ||||
.It Dv kern.elf64.aslr.honor_sbrk | .It Dv kern.elf64.aslr.honor_sbrk | ||||
64bit binaries ASLR sbrk compatibility control. | 64bit binaries ASLR sbrk compatibility control. | ||||
.It Dv kern.elf32.aslr.aslr_stack_gap | .It Dv kern.elf64.aslr.stack_gap | ||||
Controls stack gap for 64bit binaries. | Controls stack gap for 64bit binaries. | ||||
.It Dv kern.elf32.nxstack | .It Dv kern.elf32.nxstack | ||||
Enables non-executable stack for 32bit processes. | Enables non-executable stack for 32bit processes. | ||||
Enabled by default if supported by hardware and corresponding binary. | Enabled by default if supported by hardware and corresponding binary. | ||||
.It Dv kern.elf64.nxstack | .It Dv kern.elf64.nxstack | ||||
Enables non-executable stack for 64bit processes. | Enables non-executable stack for 64bit processes. | ||||
.El | .El | ||||
.Sh SEE ALSO | .Sh SEE ALSO | ||||
Show All 26 Lines |