Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Mar 2023 16:07:47 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 65d7644bdb16 - stable/13 - src.conf: regen man page after RELRO change
Message-ID:  <202303021607.322G7lZe021297@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=65d7644bdb167b549aa0d1480424cc4e186649f2

commit 65d7644bdb167b549aa0d1480424cc4e186649f2
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-03-02 14:34:43 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-03-02 14:35:23 +0000

    src.conf: regen man page after RELRO change
---
 share/man/man5/src.conf.5 | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5
index d7bb2f063fcc..62439ee77a41 100644
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
 .\" $FreeBSD$
-.Dd February 28, 2023
+.Dd March 2, 2023
 .Dt SRC.CONF 5
 .Os
 .Sh NAME
@@ -183,6 +183,13 @@ Build all binaries with the
 .Dv DF_BIND_NOW
 flag set to indicate that the run-time loader should perform all relocation
 processing at process startup rather than on demand.
+The combination of the
+.Va BIND_NOW
+and
+.Va RELRO
+options provide "full" Relocation Read-Only (RELRO) support.
+With full RELRO the entire GOT is made read-only after performing relocation at
+startup, avoiding GOT overwrite attacks.
 .It Va WITHOUT_BLACKLIST
 Set this if you do not want to build
 .Xr blacklistd 8
@@ -1425,6 +1432,11 @@ by proxy.
 .It Va WITHOUT_RBOOTD
 Do not build or install
 .Xr rbootd 8 .
+.It Va WITHOUT_RELRO
+Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation.
+See also the
+.Va BIND_NOW
+option.
 .It Va WITH_REPRODUCIBLE_BUILD
 Exclude build metadata (such as the build time, user, or host)
 from the kernel, boot loaders, and uname output, so that builds produce

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303021607.322G7lZe021297>