Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 2 Mar 2023 16:07:47 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 65d7644bdb16 - stable/13 - src.conf: regen man page after RELRO change
Message-ID:  <202303021607.322G7lZe021297@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/13 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=65d7644bdb167b549aa0d1480424cc4e186649f2

commit 65d7644bdb167b549aa0d1480424cc4e186649f2
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-03-02 14:34:43 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-03-02 14:35:23 +0000

    src.conf: regen man page after RELRO change
---
 share/man/man5/src.conf.5 | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5
index d7bb2f063fcc..62439ee77a41 100644
--- a/share/man/man5/src.conf.5
+++ b/share/man/man5/src.conf.5
@@ -1,6 +1,6 @@
 .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman.
 .\" $FreeBSD$
-.Dd February 28, 2023
+.Dd March 2, 2023
 .Dt SRC.CONF 5
 .Os
 .Sh NAME
@@ -183,6 +183,13 @@ Build all binaries with the
 .Dv DF_BIND_NOW
 flag set to indicate that the run-time loader should perform all relocation
 processing at process startup rather than on demand.
+The combination of the
+.Va BIND_NOW
+and
+.Va RELRO
+options provide "full" Relocation Read-Only (RELRO) support.
+With full RELRO the entire GOT is made read-only after performing relocation at
+startup, avoiding GOT overwrite attacks.
 .It Va WITHOUT_BLACKLIST
 Set this if you do not want to build
 .Xr blacklistd 8
@@ -1425,6 +1432,11 @@ by proxy.
 .It Va WITHOUT_RBOOTD
 Do not build or install
 .Xr rbootd 8 .
+.It Va WITHOUT_RELRO
+Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation.
+See also the
+.Va BIND_NOW
+option.
 .It Va WITH_REPRODUCIBLE_BUILD
 Exclude build metadata (such as the build time, user, or host)
 from the kernel, boot loaders, and uname output, so that builds produce
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202303021607.322G7lZe021297>