Date: Wed, 22 Jun 2022 16:21:46 GMT From: Ed Maste <emaste@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: a8af3aee4b45 - main - src.conf.5: regen after RELRO knob addition Message-ID: <202206221621.25MGLkeo007710@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=a8af3aee4b45c619f4638789af518d068d5de682 commit a8af3aee4b45c619f4638789af518d068d5de682 Author: Ed Maste <emaste@FreeBSD.org> AuthorDate: 2022-06-22 16:21:31 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2022-06-22 16:21:31 +0000 src.conf.5: regen after RELRO knob addition --- share/man/man5/src.conf.5 | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/share/man/man5/src.conf.5 b/share/man/man5/src.conf.5 index fec3a7ab6069..f1ca36e5597d 100644 --- a/share/man/man5/src.conf.5 +++ b/share/man/man5/src.conf.5 @@ -1,6 +1,6 @@ .\" DO NOT EDIT-- this file is @generated by tools/build/options/makeman. .\" $FreeBSD$ -.Dd June 8, 2022 +.Dd June 22, 2022 .Dt SRC.CONF 5 .Os .Sh NAME @@ -196,6 +196,13 @@ Build all binaries with the .Dv DF_BIND_NOW flag set to indicate that the run-time loader should perform all relocation processing at process startup rather than on demand. +The combination of the +.Va BIND_NOW +and +.Va RELRO +options provide "full" Relocation Read-Only (RELRO) support. +With full RELRO the entire GOT is made read-only after performing relocation at +startup, avoiding GOT overwrite attacks. .It Va WITHOUT_BLACKLIST Set this if you do not want to build .Xr blacklistd 8 @@ -651,8 +658,8 @@ Avoid installing examples to Include experimental features in the build. .It Va WITH_EXTRA_TCP_STACKS Build extra TCP stack modules. -.It Va WITHOUT_FDT -Do not build Flattened Device Tree support as part of the base system. +.It Va WITH_FDT +Build Flattened Device Tree support as part of the base system. This includes the device tree compiler (dtc) and libfdt support library. .It Va WITHOUT_FILE Do not build @@ -1416,6 +1423,11 @@ by proxy. .It Va WITHOUT_RBOOTD Do not build or install .Xr rbootd 8 . +.It Va WITHOUT_RELRO +Do not apply the Relocation Read-Only (RELRO) vulnerability mitigation. +See also the +.Va BIND_NOW +option. .It Va WITH_REPRODUCIBLE_BUILD Exclude build metadata (such as the build time, user, or host) from the kernel, boot loaders, and uname output, so that builds produce
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206221621.25MGLkeo007710>