| #
c3294033 |
| 21-Sep-2024 |
Alexander Ziaee <concussious@runbox.com> |
mitigations.7: minor cleanup (linter errors)
Reviewed by: emaste
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/1428
|
| #
22fb46af |
| 21-Sep-2024 |
Alexander Ziaee <concussious@runbox.com> |
mitigations.7: markup functions with Fn macro
+ include this page in `apropos Fn=memcpy`
Reviewed by: emaste
MFC after: 3 days
Pull Request: https://github.com/freebsd/freebsd-src/pull/1428
|
| #
b15aff05 |
| 15-Sep-2024 |
Alexander Ziaee <concussious@runbox.com> |
mitigations.7: explain installing firmware + spdx
MFC after: 3 days
Reported by: imp (ucode is for security)
Reported by: emaste (ucode is not minix)
Reported by: delphij (please ucode asap)
Reviewe
mitigations.7: explain installing firmware + spdx
MFC after: 3 days
Reported by: imp (ucode is for security)
Reported by: emaste (ucode is not minix)
Reported by: delphij (please ucode asap)
Reviewed by: imp
Pull Request: https://github.com/freebsd/freebsd-src/pull/1411
show more ...
|
|
Revision tags: release/13.4.0 |
|
| #
8f77be22 |
| 24-Jul-2024 |
Kyle Evans <kevans@FreeBSD.org> |
mitigations(7): note that FORTIFY_SOURCE must be set in the env
Some parts of the build will need to be able to override it, so it must
be set either in the environment or src-env.conf -- NOT src.co
mitigations(7): note that FORTIFY_SOURCE must be set in the env
Some parts of the build will need to be able to override it, so it must
be set either in the environment or src-env.conf -- NOT src.conf.
Reviewed by: imp, markj
Sponsored by: Klara, Inc.
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D46070
show more ...
|
| #
297bb39b |
| 01-Jun-2024 |
Ed Maste <emaste@FreeBSD.org> |
mitigations.7: move SSP documentation from security.7 to here
Stack Smashing Protection (SSP) is a software vulnerability mitigation,
and fits with this page. Add a note to the beginning of securit
mitigations.7: move SSP documentation from security.7 to here
Stack Smashing Protection (SSP) is a software vulnerability mitigation,
and fits with this page. Add a note to the beginning of security.7
providing a more explicit cross reference to mitigations.7.
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45435
show more ...
|
| #
166ec3e8 |
| 01-Jun-2024 |
Ed Maste <emaste@FreeBSD.org> |
mitigations.7: uncomment reference to recently added section
A brief description of supervisor mode memory access protection was
added in 72ece341b427. Uncomment the existing reference to this sect
mitigations.7: uncomment reference to recently added section
A brief description of supervisor mode memory access protection was
added in 72ece341b427. Uncomment the existing reference to this section
in the table of contents.
Fixes: 72ece341b427 ("mitigations.7: mention supervisor mode memory...")
Sponsored by: The FreeBSD Foundation
show more ...
|
| #
a5ae2d2a |
| 31-May-2024 |
Jessica Clarke <jrtc27@FreeBSD.org> |
mitigations.7: Document riscv's SM[AE]P equivalents
Its base privileged architecture provides these. Read/write is
toggleable via the SUM bit, so use that as its feature name. Execute is
always-on s
mitigations.7: Document riscv's SM[AE]P equivalents
Its base privileged architecture provides these. Read/write is
toggleable via the SUM bit, so use that as its feature name. Execute is
always-on so has no name.
show more ...
|
| #
72ece341 |
| 31-May-2024 |
Ed Maste <emaste@FreeBSD.org> |
mitigations.7: mention supervisor mode memory access protections
Reviewed by: imp (earlier), olce (earlier), kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.o
mitigations.7: mention supervisor mode memory access protections
Reviewed by: imp (earlier), olce (earlier), kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45420
show more ...
|
|
Revision tags: release/14.1.0, release/13.3.0 |
|
| #
ffc4f93e |
| 02-Jan-2024 |
Benedict Reuschling <bcr@FreeBSD.org> |
Fix typos in man pages under /share/man
Found using: devel/py-proselint
|
|
Revision tags: release/14.0.0 |
|
| #
d521abdf |
| 25-Oct-2023 |
Ed Maste <emaste@FreeBSD.org> |
Update ASLR stack sysctl description in security.7 and mitigations.7
In an earlier implementation the stack (gap) was randomized when the
enable sysctl was set and ASLR was also enabled (in general)
Update ASLR stack sysctl description in security.7 and mitigations.7
In an earlier implementation the stack (gap) was randomized when the
enable sysctl was set and ASLR was also enabled (in general) for the
binary. In the current implementation the sysctl operates
independently.
Reviewed by: kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42357
show more ...
|
| #
a2b28960 |
| 06-Oct-2023 |
Ed Maste <emaste@FreeBSD.org> |
mitigations.7: briefly explain RELRO
Reviewed by: bcr (earlier), kib
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D42107
|
| #
b6a61ac2 |
| 08-Sep-2023 |
Ed Maste <emaste@FreeBSD.org> |
Add mitigations(7) describing our vulnerability mitigations
This is an initial take on documenting vulnerability mitigations.
Reviewed by: gbe (earlier)
Sponsored by: The FreeBSD Foundation
Co-auth
Add mitigations(7) describing our vulnerability mitigations
This is an initial take on documenting vulnerability mitigations.
Reviewed by: gbe (earlier)
Sponsored by: The FreeBSD Foundation
Co-authored-by: Olivier Certner <olce.freebsd@certner.fr>
Differential Revision: https://reviews.freebsd.org/D41794
show more ...
|