D45435.id139302.diff
No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

D45435.id139302.diff
View Options

	diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
	--- a/share/man/man7/mitigations.7
	+++ b/share/man/man7/mitigations.7
	@@ -25,7 +25,7 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd May 31, 2024
	+.Dd June 1, 2024
	.Dt MITIGATIONS 7
	.Os
	.Sh NAME
	@@ -54,8 +54,8 @@
	Relocation Read-Only (RELRO)
	.It
	Bind Now
	-.\".It
	-.\"Stack Smashing Protection (SSP)
	+.It
	+Stack Overflow Protection
	.It
	Supervisor Mode Memory Protection
	.It
	@@ -232,7 +232,81 @@
	Note that this results in a nonstandard Application Binary Interface (ABI),
	and it is possible that some applications may not function correctly.
	.\"
	-.\".Ss Stack Smashing Protection (SSP)
	+.Ss Stack Overflow Protection
	+.Fx
	+supports stack overflow protection using the Stack Smashing Protector
	+.Pq SSP
	+compiler feature.
	+In userland, SSP adds a per-process randomized canary at the end of every stack
	+frame which is checked for corruption upon return from the function.
	+In the kernel, a single randomized canary is used globally except on aarch64,
	+which has a
	+.Dv PERTHREAD_SSP
	+.Xr config 8
	+option to enable per-thread randomized canaries.
	+If stack corruption is detected, then the process aborts to avoid potentially
	+malicious execution as a result of the corruption.
	+SSP may be enabled or disabled when building
	+.Fx
	+base with the
	+.Xr src.conf 5
	+SSP knob.
	+.Pp
	+When
	+.Va WITH_SSP
	+is enabled, which is the default, world is built with the
	+.Fl fstack-protector-strong
	+compiler option.
	+The kernel is built with the
	+.Fl fstack-protector
	+option.
	+.Pp
	+In addition to SSP, a
	+.Dq FORTIFY_SOURCE
	+implementation is supported up to level 2 by defining
	+.Va _FORTIFY_SOURCE
	+to
	+.Dv 1
	+or
	+.Dv 2
	+before including any
	+.Fx
	+headers.
	+.Fx
	+world builds can set
	+.Va FORTIFY_SOURCE
	+to provide a default value for
	+.Va _FORTIFY_SOURCE .
	+When enabled,
	+.Dq FORTIFY_SOURCE
	+enables extra bounds checking in various functions that accept buffers to be
	+written into.
	+These functions currently have extra bounds checking support:
	+.Bl -column -offset indent "snprintf" "memmove" "strncpy" "vsnprintf" "readlink"
	+.It bcopy Ta bzero Ta fgets Ta getcwd Ta gets
	+.It memcpy Ta memmove Ta memset Ta read Ta readlink
	+.It snprintf Ta sprintf Ta stpcpy Ta stpncpy Ta strcat
	+.It strcpy Ta strncat Ta strncpy Ta vsnprintf Ta vsprintf
	+.El
	+.Pp
	+.Dq FORTIFY_SOURCE
	+requires compiler support from
	+.Xr clang 1
	+or
	+.Xr gcc 1 ,
	+which provide the
	+.Xr __builtin_object_size 3
	+function that is used to determine the bounds of an object.
	+This feature works best at optimization levels
	+.Fl O1
	+and above, as some object sizes may be less obvious without some data that the
	+compiler would collect in an optimization pass.
	+.Pp
	+Similar to SSP, violating the bounds of an object will cause the program to
	+abort in an effort to avoid malicious execution.
	+This effectively provides finer-grained protection than SSP for some class of
	+function and system calls, along with some protection for buffers allocated as
	+part of the program data.
	.\"
	.Ss Supervisor mode memory protection
	Certain processors include features that prevent unintended access to memory
	diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
	--- a/share/man/man7/security.7
	+++ b/share/man/man7/security.7
	@@ -26,13 +26,21 @@
	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	.\" SUCH DAMAGE.
	.\"
	-.Dd October 5, 2023
	+.Dd June 1, 2024
	.Dt SECURITY 7
	.Os
	.Sh NAME
	.Nm security
	.Nd introduction to security under FreeBSD
	.Sh DESCRIPTION
	+See
	+.Xr mitigations 7
	+for a description of vulnerability mitigations in
	+.Fx .
	+This man page documents other
	+.Fx
	+security related topics.
	+.Pp
	Security is a function that begins and ends with the system administrator.
	While all
	.Bx
	@@ -939,81 +947,6 @@
	.Pa authorized_keys
	file to make the key only usable to entities logging in from specific
	machines.
	-.Sh STACK OVERFLOW PROTECTION
	-.Fx
	-supports stack overflow protection using the Stack Smashing Protector
	-.Pq SSP
	-compiler feature.
	-In userland, SSP adds a per-process randomized canary at the end of every stack
	-frame which is checked for corruption upon return from the function.
	-In the kernel, a single randomized canary is used globally except on aarch64,
	-which has a
	-.Dv PERTHREAD_SSP
	-.Xr config 8
	-option to enable per-thread randomized canaries.
	-If stack corruption is detected, then the process aborts to avoid potentially
	-malicious execution as a result of the corruption.
	-SSP may be enabled or disabled when building
	-.Fx
	-base with the
	-.Xr src.conf 5
	-SSP knob.
	-.Pp
	-When
	-.Va WITH_SSP
	-is enabled, which is the default, world is built with the
	-.Fl fstack-protector-strong
	-compiler option.
	-The kernel is built with the
	-.Fl fstack-protector
	-option.
	-.Pp
	-In addition to SSP, a
	-.Dq FORTIFY_SOURCE
	-implementation is supported up to level 2 by defining
	-.Va _FORTIFY_SOURCE
	-to
	-.Dv 1
	-or
	-.Dv 2
	-before including any
	-.Fx
	-headers.
	-.Fx
	-world builds can set
	-.Va FORTIFY_SOURCE
	-to provide a default value for
	-.Va _FORTIFY_SOURCE .
	-When enabled,
	-.Dq FORTIFY_SOURCE
	-enables extra bounds checking in various functions that accept buffers to be
	-written into.
	-These functions currently have extra bounds checking support:
	-.Bl -column -offset indent "snprintf" "memmove" "strncpy" "vsnprintf" "readlink"
	-.It bcopy Ta bzero Ta fgets Ta getcwd Ta gets
	-.It memcpy Ta memmove Ta memset Ta read Ta readlink
	-.It snprintf Ta sprintf Ta stpcpy Ta stpncpy Ta strcat
	-.It strcpy Ta strncat Ta strncpy Ta vsnprintf Ta vsprintf
	-.El
	-.Pp
	-.Dq FORTIFY_SOURCE
	-requires compiler support from
	-.Xr clang 1
	-or
	-.Xr gcc 1 ,
	-which provide the
	-.Xr __builtin_object_size 3
	-function that is used to determine the bounds of an object.
	-This feature works best at optimization levels
	-.Fl O1
	-and above, as some object sizes may be less obvious without some data that the
	-compiler would collect in an optimization pass.
	-.Pp
	-Similar to SSP, violating the bounds of an object will cause the program to
	-abort in an effort to avoid malicious execution.
	-This effectively provides finer-grained protection than SSP for some class of
	-function and system calls, along with some protection for buffers allocated as
	-part of the program data.
	.Sh KNOBS AND TWEAKS
	.Fx
	provides several knobs and tweak handles that make some introspection

File Metadata

Mime Type: text/plain
Expires: Wed, Nov 20, 5:41 AM (1 h, 11 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 14731453
Default Alt Text: D45435.id139302.diff (6 KB)

D45435.id139302.diffNo OneTemporaryActions

D45435.id139302.diffView Options

File Metadata

Event Timeline

D45435.id139302.diff
No OneTemporary
Actions

D45435.id139302.diff
View Options