From nobody Sun Jan  7 19:31:25 2024
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T7S3x5rwmz55lpt;
	Sun,  7 Jan 2024 19:31:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T7S3x3xQlz4hQr;
	Sun,  7 Jan 2024 19:31:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1704655885;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vnmsj0x2ypOgmLyB9DnCJS5xFZmbo8jPXIRKu8wA6+U=;
	b=QH+P3lBlbufaMsJZBGigje5PFbxn2vvfv4vaiL+Z97ZVqYvbrimxqKQMC1YtP13xBmlp+R
	Iw7nvWgVhgs06Ibf4Oea2khNTk4r7L94xw/of1p0kNVpT9KB3mCtPdwnxAr12mdSqJtCV3
	2UkPoMZtYdJYiVSOpsaOqvI1a+dcuoWKjplKUYy1iZuwVMcfOuGhwCWzyoeJyNTsJiby1O
	TdOGJ88+2ebGw1VBlZzzfX/Qzcxjwx9f0FnPx8WCDXAx9cWd0GUiGBHSB99t2m0Dvq9oyS
	jGZR2oPwz3LHs10eSBcYP+q65/VMTsjEVsW+BwkFoQ70KHnm9QsOKdo31ST1+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1704655885;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=vnmsj0x2ypOgmLyB9DnCJS5xFZmbo8jPXIRKu8wA6+U=;
	b=udxXQMPzteRhkKCWj8I8FvvcOm+hYeNM9VS7hGCW79wexwNXvK/5rB0JZ87c7qgejz+Dnc
	lz6/aKGHlHWrFZAtPoCeY6v0yLCE6tbPP/LMgTGFVav4v0ZMm3cfxyMYeA4gkpe6jIfhC2
	kQguK/QRVOTKZXRB+79dJRj4POxoa5aqRav7Kb2xVOoYQzWYru2sv5Gi1QK6+TyB+TETbF
	r7amaplPqJlK5zqwByq78EI+DcgqIsxe7NgGT3YMpxmqoRqpCHl8j3VwoyYsoDV8vtV/nJ
	WOXl1E+8Rt4gjt2IjIdDczaC9gZQmFhtvcvAxgRbrXieFz4kTGFoawxJU//BhQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704655885; a=rsa-sha256; cv=none;
	b=BJVGR8VGojoZYh/PuoGu788vhHCiDUVKO2k0uC982REH40dm6vgRrnZQua+UDpRpjfRclL
	PrHZslLcslpjkiQUNvcVj8C5H5Zq7vb3c336yUHu34ICyhGPB4R+v0wt418hqNZ9+lvCwN
	sddv98pfpwz3gITDfHaqc0Lo4mY77ei2j6Yvn2oU70rcfSBoEigFsqBc/mzspSd56HminO
	fYbDl4pCqJQPeiV5Li8frnlZFVbDlHzwPOmy3nqfai2ZJgpoDJ0J6f5oVx2/4YLv1zXJO3
	OoI1T5d6HmIANkCDpfk/H/hoe0N0aCMu2Oauth81PnOKZx3bXyccNCBvpM+HpA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T7S3x316wzcsZ;
	Sun,  7 Jan 2024 19:31:25 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 407JVPSY095246;
	Sun, 7 Jan 2024 19:31:25 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 407JVPL4095233;
	Sun, 7 Jan 2024 19:31:25 GMT
	(envelope-from git)
Date: Sun, 7 Jan 2024 19:31:25 GMT
Message-Id: <202401071931.407JVPL4095233@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Ed Maste <emaste@FreeBSD.org>
Subject: git: 512c3cfb3cfd - stable/14 - Update ASLR stack sysctl
  description in security.7 and mitigations.7
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-src-all@freebsd.org
X-BeenThere: dev-commits-src-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: emaste
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 512c3cfb3cfdc011b4622392d84e0818f7373ed6
Auto-Submitted: auto-generated

The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=512c3cfb3cfdc011b4622392d84e0818f7373ed6

commit 512c3cfb3cfdc011b4622392d84e0818f7373ed6
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-10-24 22:06:59 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-01-07 19:31:10 +0000

    Update ASLR stack sysctl description in security.7 and mitigations.7
    
    In an earlier implementation the stack (gap) was randomized when the
    enable sysctl was set and ASLR was also enabled (in general) for the
    binary.  In the current implementation the sysctl operates
    independently.
    
    Reviewed by:    kib
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D42357
    
    (cherry picked from commit d521abdff2367a5c72a773a815fc3d99403274f5)
---
 share/man/man7/mitigations.7 | 4 ++--
 share/man/man7/security.7    | 3 +--
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/share/man/man7/mitigations.7 b/share/man/man7/mitigations.7
index fed16d7b325f..950d84042c71 100644
--- a/share/man/man7/mitigations.7
+++ b/share/man/man7/mitigations.7
@@ -120,7 +120,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf32.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 32-bit ELF binaries.
 .El
 .Pp
 Global controls for 64-bit processes:
@@ -135,7 +135,7 @@ Reserve the legacy
 .Xr sbrk 2
 region for compatibility with older binaries.
 .It Va kern.elf64.aslr.stack
-If ASLR is enabled for a process, also randomize the stack location.
+Randomize the stack location for 64-bit ELF binaries.
 .El
 .Pp
 To execute a command with ASLR enabled or disabled:
diff --git a/share/man/man7/security.7 b/share/man/man7/security.7
index a48e3607f0e5..71107b29ba11 100644
--- a/share/man/man7/security.7
+++ b/share/man/man7/security.7
@@ -1065,8 +1065,7 @@ position-independent (PIE) 32-bit binaries.
 Makes ASLR less aggressive and more compatible with old binaries
 relying on the sbrk area.
 .It Dv kern.elf32.aslr.stack
-If ASLR is enabled for a binary, a non-zero value enables randomization
-of the stack.
+Enable randomization of the stack for 32-bit binaries.
 Otherwise, the stack is mapped at a fixed location determined by the
 process ABI.
 .It Dv kern.elf64.aslr.enable