Changeset View
Changeset View
Standalone View
Standalone View
head/share/man/man7/security.7
| Show All 22 Lines | |||||
| .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
| .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
| .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
| .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
| .\" SUCH DAMAGE. | .\" SUCH DAMAGE. | ||||
| .\" | .\" | ||||
| .\" $FreeBSD$ | .\" $FreeBSD$ | ||||
| .\" | .\" | ||||
| .Dd June 11, 2020 | .Dd November 28, 2020 | ||||
| .Dt SECURITY 7 | .Dt SECURITY 7 | ||||
| .Os | .Os | ||||
| .Sh NAME | .Sh NAME | ||||
| .Nm security | .Nm security | ||||
| .Nd introduction to security under FreeBSD | .Nd introduction to security under FreeBSD | ||||
| .Sh DESCRIPTION | .Sh DESCRIPTION | ||||
| Security is a function that begins and ends with the system administrator. | Security is a function that begins and ends with the system administrator. | ||||
| While all | While all | ||||
| ▲ Show 20 Lines • Show All 1,016 Lines • ▼ Show 20 Lines | |||||
| .Dv aslr , | .Dv aslr , | ||||
| also affected by the per-image control note flag. | also affected by the per-image control note flag. | ||||
| .It Dv kern.elf32.aslr.pie_enable | .It Dv kern.elf32.aslr.pie_enable | ||||
| Controls system-global Address Space Layout Randomization for | Controls system-global Address Space Layout Randomization for | ||||
| position-independent (PIE) 32bit binaries. | position-independent (PIE) 32bit binaries. | ||||
| .It Dv kern.elf32.aslr.honor_sbrk | .It Dv kern.elf32.aslr.honor_sbrk | ||||
| Makes ASLR less aggressive and more compatible with old binaries | Makes ASLR less aggressive and more compatible with old binaries | ||||
| relying on the sbrk area. | relying on the sbrk area. | ||||
| .It Dv kern.elf32.aslr.aslr_stack_gap | .It Dv kern.elf32.aslr.stack_gap | ||||
| If ASLR is enabled for a binary, a non-zero value creates a randomized | If ASLR is enabled for a binary, a non-zero value creates a randomized | ||||
| stack gap between strings and the end of the aux vector. | stack gap between strings and the end of the aux vector. | ||||
| The value is the maximum percentage of main stack to waste on the gap. | The value is the maximum percentage of main stack to waste on the gap. | ||||
| Cannot be greater than 50, i.e., at most half of the stack. | Cannot be greater than 50, i.e., at most half of the stack. | ||||
| .It Dv kern.elf64.aslr.enable | .It Dv kern.elf64.aslr.enable | ||||
| 64bit binaries ASLR control. | 64bit binaries ASLR control. | ||||
| .It Dv kern.elf64.aslr.pie_enable | .It Dv kern.elf64.aslr.pie_enable | ||||
| 64bit PIE binaries ASLR control. | 64bit PIE binaries ASLR control. | ||||
| .It Dv kern.elf64.aslr.honor_sbrk | .It Dv kern.elf64.aslr.honor_sbrk | ||||
| 64bit binaries ASLR sbrk compatibility control. | 64bit binaries ASLR sbrk compatibility control. | ||||
| .It Dv kern.elf32.aslr.aslr_stack_gap | .It Dv kern.elf64.aslr.stack_gap | ||||
| Controls stack gap for 64bit binaries. | Controls stack gap for 64bit binaries. | ||||
| .It Dv kern.elf32.nxstack | .It Dv kern.elf32.nxstack | ||||
| Enables non-executable stack for 32bit processes. | Enables non-executable stack for 32bit processes. | ||||
| Enabled by default if supported by hardware and corresponding binary. | Enabled by default if supported by hardware and corresponding binary. | ||||
| .It Dv kern.elf64.nxstack | .It Dv kern.elf64.nxstack | ||||
| Enables non-executable stack for 64bit processes. | Enables non-executable stack for 64bit processes. | ||||
| .El | .El | ||||
| .Sh SEE ALSO | .Sh SEE ALSO | ||||
| Show All 26 Lines | |||||